Add Wireguard-based K8s pod networking This adds a pod networking runnable based on Wireguard which watches all nodes and adds their K8s IPAM allocations as routes into the kernel & WireGuard. It only depends on K8s and only performs direct routing. Test Plan: Manually tested by spinning up a two-node cluster and running two Alpine pods pinging eachother. Can be covered by E2E tests once we can do image preseeding for the test infra (T793). Bug: T487 X-Origin-Diff: phab/D573 GitOrigin-RevId: ba3fc36f421fd75002f6cf8bea25ed6f1eb457b0

commit: f042e6f95bb7dc771bf79f309dbdf0b34da933da [log] [tgz]
author: Lorenz Brun <lorenz@nexantic.com> Wed Jun 24 16:46:09 2020 +0200
committer: Lorenz Brun <lorenz@nexantic.com> Wed Jun 24 16:46:09 2020 +0200
tree: f18c60fb92202ce2d5ec7041c85579865a81509d
parent: b876fc31f12628562a51c70668b318b9fc50478b [diff] [blame]
diff --git a/core/internal/network/main.go b/core/internal/network/main.go
index 2466e05..ac9ce46 100644
--- a/core/internal/network/main.go
+++ b/core/internal/network/main.go

@@ -19,6 +19,7 @@
 import (
 	"context"
 	"fmt"
+	"io/ioutil"
 	"net"
 	"os"
 
@@ -135,6 +136,10 @@
 		s.logger.Fatal("Failed to list network links", zap.Error(err))
 	}
 
+	if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil {
+		s.logger.Panic("Failed to enable IPv4 forwarding", zap.Error(err))
+	}
+
 	var ethernetLinks []netlink.Link
 	for _, link := range links {
 		attrs := link.Attrs()
commit	f042e6f95bb7dc771bf79f309dbdf0b34da933da	[log] [tgz]
author	Lorenz Brun <lorenz@nexantic.com>	Wed Jun 24 16:46:09 2020 +0200
committer	Lorenz Brun <lorenz@nexantic.com>	Wed Jun 24 16:46:09 2020 +0200
tree	f18c60fb92202ce2d5ec7041c85579865a81509d
parent	b876fc31f12628562a51c70668b318b9fc50478b [diff] [blame]