Add Wireguard-based K8s pod networking This adds a pod networking runnable based on Wireguard which watches all nodes and adds their K8s IPAM allocations as routes into the kernel & WireGuard. It only depends on K8s and only performs direct routing. Test Plan: Manually tested by spinning up a two-node cluster and running two Alpine pods pinging eachother. Can be covered by E2E tests once we can do image preseeding for the test infra (T793). Bug: T487 X-Origin-Diff: phab/D573 GitOrigin-RevId: ba3fc36f421fd75002f6cf8bea25ed6f1eb457b0

commit: f042e6f95bb7dc771bf79f309dbdf0b34da933da [log] [tgz]
author: Lorenz Brun <lorenz@nexantic.com> Wed Jun 24 16:46:09 2020 +0200
committer: Lorenz Brun <lorenz@nexantic.com> Wed Jun 24 16:46:09 2020 +0200
tree: f18c60fb92202ce2d5ec7041c85579865a81509d
parent: b876fc31f12628562a51c70668b318b9fc50478b [diff] [blame]
diff --git a/core/internal/containerd/config.toml b/core/internal/containerd/config.toml
index 5a7e2f6..415391a 100644
--- a/core/internal/containerd/config.toml
+++ b/core/internal/containerd/config.toml

@@ -90,8 +90,8 @@
     [plugins."io.containerd.grpc.v1.cri".cni]
       bin_dir = "/containerd/bin/cni"
       conf_dir = "/containerd/conf/cni"
-      max_conf_num = 1
-      conf_template = ""
+      max_conf_num = 0
+      conf_template = "/containerd/conf/cnispec.gojson"
     [plugins."io.containerd.grpc.v1.cri".registry]
       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
commit	f042e6f95bb7dc771bf79f309dbdf0b34da933da	[log] [tgz]
author	Lorenz Brun <lorenz@nexantic.com>	Wed Jun 24 16:46:09 2020 +0200
committer	Lorenz Brun <lorenz@nexantic.com>	Wed Jun 24 16:46:09 2020 +0200
tree	f18c60fb92202ce2d5ec7041c85579865a81509d
parent	b876fc31f12628562a51c70668b318b9fc50478b [diff] [blame]