Added initial prototype for rathole

notebooks/Experimental/Network.ipynb

@@ -0,0 +1,209 @@
+{
+ "cells": [
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "bd9a2226-3e53-4f27-9213-75a8c3ff9176",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "# syft absolute\n",
+ "import syft as sy"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "fddf8d07-d154-4284-a27b-d74e35d3f851",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "gateway_client = sy.login(\n",
+ " url=\"http://localhost\", port=9081, email=\"[email protected]\", password=\"changethis\"\n",
+ ")"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "8f7b106d-b784-45d8-b54d-4ce2de2da453",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "domain_client = sy.login(\n",
+ " url=\"http://localhost\", port=9082, email=\"[email protected]\", password=\"changethis\"\n",
+ ")"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "ff504949-620d-4e26-beee-0d39e0e502eb",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "domain_client.connect_to_gateway(gateway_client, reverse_tunnel=True)"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "ba7bc71a-4e6a-4429-9588-7b3d0ed19e27",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "gateway_client.api.services.request"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "5b4984e1-331e-4fd8-b012-768fc613f48a",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "# gateway_client.api.services.request[0].approve()"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "90dc44bd",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "node_peers = gateway_client.api.network.get_all_peers()\n",
+ "node_peers"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "8c06aaa6-4157-42d1-959f-9d47722a3420",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "node_peer = gateway_client.api.network.get_all_peers()[0]"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "cb63a77b",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "node_peer.node_routes"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "61882e86",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "node_peer.node_routes[0].__dict__"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "fb19dbc6-869b-46dc-92e3-5e75ee6d0b06",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "domain_client.api.network.get_all_peers()[0].node_routes[0].__dict__"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "32d09a51",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "# node_peer.client_with_key(sy.SyftSigningKey.generate())"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "b7d9e41d",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "# gateway_client.api.network.delete_route(node_peer.verify_key, node_peer.node_routes[1])"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "8fa24ec7",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "gateway_client"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "3a081250-abc3-43a3-9e06-ff0c3a362ebf",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "gateway_client.peers"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "b6fedfe4-9362-47c9-9342-5cf6eacde8ab",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "domain_client_proxy = gateway_client.peers[0]"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "f1940e00-0337-4b56-88c2-d70f397a7016",
+ "metadata": {},
+ "outputs": [],
+ "source": [
+ "domain_client_proxy.connection"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": null,
+ "id": "613125c5-6321-4238-852c-ff0cfcd9526a",
+ "metadata": {},
+ "outputs": [],
+ "source": []
+ }
+ ],
+ "metadata": {
+ "kernelspec": {
+ "display_name": "Python 3 (ipykernel)",
+ "language": "python",
+ "name": "python3"
+ },
+ "language_info": {
+ "codemirror_mode": {
+ "name": "ipython",
+ "version": 3
+ },
+ "file_extension": ".py",
+ "mimetype": "text/x-python",
+ "name": "python",
+ "nbconvert_exporter": "python",
+ "pygments_lexer": "ipython3",
+ "version": "3.1.-1"
+ }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}

packages/grid/backend/grid/core/config.py

@@ -155,6 +155,9 @@ def get_emails_enabled(self) -> Self:
  ASSOCIATION_REQUEST_AUTO_APPROVAL: bool = str_to_bool(
  os.getenv("ASSOCIATION_REQUEST_AUTO_APPROVAL", "False")
  )
+ REVERSE_TUNNEL_RATHOLE_ENABLED: bool = str_to_bool(
+ os.getenv("REVERSE_TUNNEL_RATHOLE_ENABLED", "false")
+ )
  model_config = SettingsConfigDict(case_sensitive=True)
 
 

packages/grid/default.env

@@ -21,6 +21,7 @@ TRAEFIK_PUBLIC_TAG=traefik-public
 STACK_NAME=grid-openmined-org
 DOCKER_IMAGE_BACKEND=openmined/grid-backend
 DOCKER_IMAGE_FRONTEND=openmined/grid-frontend
+DOCKER_IMAGE_RATHOLE=openmined/grid-rathole
 DOCKER_IMAGE_TRAEFIK=traefik
 TRAEFIK_VERSION=v2.11.0
 REDIS_VERSION=6.2
@@ -109,3 +110,6 @@ ENABLE_SIGNUP=False
 
 # Enclave Attestation
 DOCKER_IMAGE_ENCLAVE_ATTESTATION=openmined/grid-enclave-attestation
+
+# Rathole Config
+RATHOLE_PORT=2333

packages/grid/devspace.yaml

@@ -25,6 +25,7 @@ vars:
  DOCKER_IMAGE_BACKEND: openmined/grid-backend
  DOCKER_IMAGE_FRONTEND: openmined/grid-frontend
  DOCKER_IMAGE_SEAWEEDFS: openmined/grid-seaweedfs
+ DOCKER_IMAGE_RATHOLE: openmined/grid-rathole
  DOCKER_IMAGE_ENCLAVE_ATTESTATION: openmined/grid-enclave-attestation
  CONTAINER_REGISTRY: "docker.io"
  VERSION: "0.8.7-beta.13"
@@ -59,6 +60,14 @@ images:
  context: ./seaweedfs
  tags:
  - dev-${DEVSPACE_TIMESTAMP}
+ rathole:
+ image: "${CONTAINER_REGISTRY}/${DOCKER_IMAGE_RATHOLE}"
+ buildKit:
+ args: ["--platform", "linux/${PLATFORM}"]
+ dockerfile: ./rathole/rathole.dockerfile
+ context: ./rathole
+ tags:
+ - dev-${DEVSPACE_TIMESTAMP}
 
 # This is a list of `deployments` that DevSpace can create for this project
 deployments:
@@ -67,15 +76,18 @@ deployments:
  releaseName: syft-dev
  chart:
  name: ./helm/syft
+ # anything that does not need devspace $env vars should go in values.dev.yaml
+ valuesFiles:
+ - ./helm/syft/values.yaml
+ - ./helm/values.dev.yaml
  values:
  global:
  registry: ${CONTAINER_REGISTRY}
  version: dev-${DEVSPACE_TIMESTAMP}
  node:
  type: domain # required for the gateway profile
- # anything that does not need devspace $env vars should go in values.dev.yaml
- valuesFiles:
- - ./helm/values.dev.yaml
+ rathole:
+ mode: client
 
 dev:
  mongo:
@@ -113,6 +125,12 @@ dev:
  - path: ../syft:/root/app/syft
  ssh:
  localPort: 3480
+ rathole:
+ labelSelector:
+ app.kubernetes.io/name: syft
+ app.kubernetes.io/component: rathole
+ ports:
+ - port: "2333" # rathole
 
 profiles:
  - name: dev-low
@@ -138,6 +156,11 @@ profiles:
  - op: remove
  path: dev.seaweedfs
 
+ # Patch mode to server
+ - op: replace
+ path: deployments.syft.helm.values.rathole.mode
+ value: server
+
  # Port Re-Mapping
  # Mongo
  - op: replace
@@ -154,6 +177,11 @@ profiles:
  path: dev.backend.containers.backend-container.ssh.localPort
  value: 3481
 
+ # Mongo
+ - op: replace
+ path: dev.rathole.ports[0].port
+ value: 2334:2333
+
  - name: gcp
  patches:
  - op: replace

packages/grid/helm/syft/templates/backend/backend-service-account.yaml

@@ -26,7 +26,7 @@ metadata:
  app.kubernetes.io/component: backend
 rules:
  - apiGroups: [""]
- resources: ["pods", "configmaps", "secrets"]
+ resources: ["pods", "configmaps", "secrets", "services"]
  verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
  - apiGroups: [""]
  resources: ["pods/log"]

packages/grid/helm/syft/templates/backend/backend-statefulset.yaml

@@ -86,9 +86,17 @@ spec:
  {{- if .Values.node.debuggerEnabled }}
  - name: DEBUGGER_ENABLED
  value: "true"
+ {{- end }}
+ {{- if eq .Values.node.type "gateway" }}
  - name: ASSOCIATION_REQUEST_AUTO_APPROVAL
  value: {{ .Values.node.associationRequestAutoApproval | quote }}
  {{- end }}
+ {{- if .Values.rathole.enabled }}
+ - name: RATHOLE_PORT
+ value: {{ .Values.rathole.port | quote }}
+ - name: REVERSE_TUNNEL_RATHOLE_ENABLED
+ value: "true"
+ {{- end }}
  # MongoDB
  - name: MONGO_PORT
  value: {{ .Values.mongo.port | quote }}

packages/grid/helm/syft/templates/proxy/proxy-configmap.yaml

@@ -22,19 +22,28 @@ data:
  loadBalancer:
  servers:
  - url: "http://seaweedfs:8333"
+ rathole:
+ loadBalancer:
+ servers:
+ - url: "http://rathole:2333"
  routers:
+ rathole:
+ rule: "PathPrefix(`/`) && Headers(`Upgrade`, `websocket`) && !PathPrefix(`/rathole`)"
+ entryPoints:
+ - "web"
+ service: "rathole"
  frontend:
- rule: "PathPrefix(`/`)"
+ rule: "PathPrefix(`/`) && !PathPrefix(`/rathole`)"
  entryPoints:
  - "web"
  service: "frontend"
  backend:
- rule: "PathPrefix(`/api`) || PathPrefix(`/docs`) || PathPrefix(`/redoc`)"
+ rule: "(PathPrefix(`/api`) || PathPrefix(`/docs`) || PathPrefix(`/redoc`)) && !PathPrefix(`/rathole`)"
  entryPoints:
  - "web"
  service: "backend"
  blob-storage:
- rule: "PathPrefix(`/blob`)"
+ rule: "PathPrefix(`/blob`) && !PathPrefix(`/rathole`)"
  entryPoints:
  - "web"
  service: "seaweedfs"
@@ -72,5 +81,18 @@ data:
 
  providers:
  file:
- filename: /etc/traefik/dynamic.yml
-{{- end }}
+ directory: /etc/traefik/
+ watch: true
+
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: proxy-config-dynamic
+ labels:
+ {{- include "common.labels" . | nindent 4 }}
+ app.kubernetes.io/component: proxy
+data:
+ rathole-dynamic.yml: |
+{{- end }}