Add Wireguard-based K8s pod networking This adds a pod networking runnable based on Wireguard which watches all nodes and adds their K8s IPAM allocations as routes into the kernel & WireGuard. It only depends on K8s and only performs direct routing. Test Plan: Manually tested by spinning up a two-node cluster and running two Alpine pods pinging eachother. Can be covered by E2E tests once we can do image preseeding for the test infra (T793). Bug: T487 X-Origin-Diff: phab/D573 GitOrigin-RevId: ba3fc36f421fd75002f6cf8bea25ed6f1eb457b0

commit: f042e6f95bb7dc771bf79f309dbdf0b34da933da [log] [tgz]
author: Lorenz Brun <lorenz@nexantic.com> Wed Jun 24 16:46:09 2020 +0200
committer: Lorenz Brun <lorenz@nexantic.com> Wed Jun 24 16:46:09 2020 +0200
tree: f18c60fb92202ce2d5ec7041c85579865a81509d
parent: b876fc31f12628562a51c70668b318b9fc50478b [diff] [blame]
diff --git a/build/fietsje/main.go b/build/fietsje/main.go
index 55fc238..f227d9b 100644
--- a/build/fietsje/main.go
+++ b/build/fietsje/main.go

@@ -102,7 +102,12 @@
 	// Used by //core/cmd/nanoswitch
 	p.collect("github.com/google/nftables", "7127d9d22474b437f0e8136ddb21855df29790bf").use(
 		"github.com/koneu/natend",
+	)
+
+	// used by //core//kubernetes/clusternet
+	p.collect("golang.zx2c4.com/wireguard/wgctrl", "ec7f26be9d9e47a32a2789f8c346031978485cbf").use(
 		"github.com/mdlayher/netlink",
+		"github.com/mdlayher/genetlink",
 	)
 
 	// First generate the repositories starlark rule into memory. This is because rendering will lock all unlocked
commit	f042e6f95bb7dc771bf79f309dbdf0b34da933da	[log] [tgz]
author	Lorenz Brun <lorenz@nexantic.com>	Wed Jun 24 16:46:09 2020 +0200
committer	Lorenz Brun <lorenz@nexantic.com>	Wed Jun 24 16:46:09 2020 +0200
tree	f18c60fb92202ce2d5ec7041c85579865a81509d
parent	b876fc31f12628562a51c70668b318b9fc50478b [diff] [blame]