Add Wireguard-based K8s pod networking
This adds a pod networking runnable based on Wireguard which watches all nodes
and adds their K8s IPAM allocations as routes into the kernel & WireGuard. It only depends
on K8s and only performs direct routing.
Test Plan: Manually tested by spinning up a two-node cluster and running two Alpine pods pinging eachother. Can be covered by E2E tests once we can do image preseeding for the test infra (T793).
Bug: T487
X-Origin-Diff: phab/D573
GitOrigin-RevId: ba3fc36f421fd75002f6cf8bea25ed6f1eb457b0
diff --git a/third_party/go/repositories.bzl b/third_party/go/repositories.bzl
index b011d53..c4e21c6 100644
--- a/third_party/go/repositories.bzl
+++ b/third_party/go/repositories.bzl
@@ -1001,10 +1001,16 @@
sum = "h1:lez6TS6aAau+8wXUP3G9I3TGlmPFEq2CTxBaRqY6AGE=",
)
go_repository(
+ name = "com_github_mdlayher_genetlink",
+ importpath = "github.com/mdlayher/genetlink",
+ version = "v1.0.0",
+ sum = "h1:OoHN1OdyEIkScEmRgxLEe2M9U8ClMytqA5niynLtfj0=",
+ )
+ go_repository(
name = "com_github_mdlayher_netlink",
importpath = "github.com/mdlayher/netlink",
- version = "v0.0.0-20191009155606-de872b0d824b",
- sum = "h1:W3er9pI7mt2gOqOWzwvx20iJ8Akiqz1mUMTxU6wdvl8=",
+ version = "v1.1.0",
+ sum = "h1:mpdLgm+brq10nI9zM1BpX1kpDbh3NLl3RSnVq6ZSkfg=",
)
go_repository(
name = "com_github_mdlayher_raw",
@@ -1529,6 +1535,12 @@
sum = "h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=",
)
go_repository(
+ name = "com_zx2c4_golang_wireguard_wgctrl",
+ importpath = "golang.zx2c4.com/wireguard/wgctrl",
+ version = "v0.0.0-20200515170644-ec7f26be9d9e",
+ sum = "h1:fqDhK9OlzaaiFjnyaAfR9Q1RPKCK7OCTLlHGP9f74Nk=",
+ )
+ go_repository(
name = "org_gonum_v1_gonum",
importpath = "gonum.org/v1/gonum",
version = "v0.6.2",