Add Wireguard-based K8s pod networking This adds a pod networking runnable based on Wireguard which watches all nodes and adds their K8s IPAM allocations as routes into the kernel & WireGuard. It only depends on K8s and only performs direct routing. Test Plan: Manually tested by spinning up a two-node cluster and running two Alpine pods pinging eachother. Can be covered by E2E tests once we can do image preseeding for the test infra (T793). Bug: T487 X-Origin-Diff: phab/D573 GitOrigin-RevId: ba3fc36f421fd75002f6cf8bea25ed6f1eb457b0

commit: f042e6f95bb7dc771bf79f309dbdf0b34da933da [log] [tgz]
author: Lorenz Brun <lorenz@nexantic.com> Wed Jun 24 16:46:09 2020 +0200
committer: Lorenz Brun <lorenz@nexantic.com> Wed Jun 24 16:46:09 2020 +0200
tree: f18c60fb92202ce2d5ec7041c85579865a81509d
parent: b876fc31f12628562a51c70668b318b9fc50478b [diff] [blame]
diff --git a/core/internal/kubernetes/apiserver.go b/core/internal/kubernetes/apiserver.go
index 0a740dd..26c258a 100644
--- a/core/internal/kubernetes/apiserver.go
+++ b/core/internal/kubernetes/apiserver.go

@@ -103,7 +103,7 @@
 				pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: config.kubeletClientCert})),
 			args.FileOpt("--kubelet-client-key", "kubelet-client-key.pem",
 				pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: config.kubeletClientKey})),
-			"--kubelet-preferred-address-types=Hostname",
+			"--kubelet-preferred-address-types=InternalIP",
 			args.FileOpt("--proxy-client-cert-file", "aggregation-client-cert.pem",
 				pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: config.aggregationClientCert})),
 			args.FileOpt("--proxy-client-key-file", "aggregation-client-key.pem",
commit	f042e6f95bb7dc771bf79f309dbdf0b34da933da	[log] [tgz]
author	Lorenz Brun <lorenz@nexantic.com>	Wed Jun 24 16:46:09 2020 +0200
committer	Lorenz Brun <lorenz@nexantic.com>	Wed Jun 24 16:46:09 2020 +0200
tree	f18c60fb92202ce2d5ec7041c85579865a81509d
parent	b876fc31f12628562a51c70668b318b9fc50478b [diff] [blame]