Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / f042e6f95bb7dc771bf79f309dbdf0b34da933da^! / . / core / internal / kubernetes / service.go
commitf042e6f95bb7dc771bf79f309dbdf0b34da933da[log] [tgz]
authorLorenz Brun <lorenz@nexantic.com>Wed Jun 24 16:46:09 2020 +0200
committerLorenz Brun <lorenz@nexantic.com>Wed Jun 24 16:46:09 2020 +0200
treef18c60fb92202ce2d5ec7041c85579865a81509d
parentb876fc31f12628562a51c70668b318b9fc50478b [diff] [blame]
Add Wireguard-based K8s pod networking

This adds a pod networking runnable based on Wireguard which watches all nodes
and adds their K8s IPAM allocations as routes into the kernel & WireGuard. It only depends
on K8s and only performs direct routing.

Test Plan: Manually tested by spinning up a two-node cluster and running two Alpine pods pinging eachother. Can be covered by E2E tests once we can do image preseeding for the test infra (T793).

Bug: T487

X-Origin-Diff: phab/D573
GitOrigin-RevId: ba3fc36f421fd75002f6cf8bea25ed6f1eb457b0

diff --git a/core/internal/kubernetes/service.go b/core/internal/kubernetes/service.go
index 826e2d8..ccfb41c 100644
--- a/core/internal/kubernetes/service.go
+++ b/core/internal/kubernetes/service.go

@@ -24,18 +24,18 @@
 	"os"
 	"time"
 
-	"k8s.io/client-go/informers"
-	"k8s.io/client-go/tools/clientcmd"
-
 	"go.etcd.io/etcd/clientv3"
 	"go.uber.org/zap"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/tools/clientcmd"
 
 	schema "git.monogon.dev/source/nexantic.git/core/generated/api"
 	"git.monogon.dev/source/nexantic.git/core/internal/common/supervisor"
 	"git.monogon.dev/source/nexantic.git/core/internal/consensus"
+	"git.monogon.dev/source/nexantic.git/core/internal/kubernetes/clusternet"
 	"git.monogon.dev/source/nexantic.git/core/internal/kubernetes/pki"
 	"git.monogon.dev/source/nexantic.git/core/internal/kubernetes/reconciler"
 	"git.monogon.dev/source/nexantic.git/core/internal/storage"
@@ -181,6 +181,11 @@
 			return fmt.Errorf("could not created kubelet config: %w", err)
 		}
 
+		key, err := clusternet.EnsureOnDiskKey()
+		if err != nil {
+			return fmt.Errorf("failed to ensure cluster key: %w", err)
+		}
+
 		for _, sub := range []struct {
 			name     string
 			runnable supervisor.Runnable
@@ -192,6 +197,7 @@
 			{"reconciler", reconciler.Run(clientSet)},
 			{"csi-plugin", runCSIPlugin(s.storageService)},
 			{"pv-provisioner", runCSIProvisioner(s.storageService, clientSet, informerFactory)},
+			{"clusternet", clusternet.Run(informerFactory, clusterNet, clientSet, key)},
 		} {
 			err := supervisor.Run(ctx, sub.name, sub.runnable)
 			if err != nil {