External Network: Wireguard Templates

deployments/liqo/templates/_helpers.tpl

@@ -76,13 +76,50 @@ app.kubernetes.io/component: {{ quote .module }}
 app.kubernetes.io/part-of: {{ quote (include "liqo.name" .) }}
 {{- end }}
 
+{{/*
+Common metadata for Templates
+*/}}
+{{- define "liqo.metadataTemplate" -}}
+name: {{ include "liqo.prefixedNameTemplate" . }}
+namespace: {{ quote "{{ .Namespace }}" }}
+labels:
+{{ include "liqo.labelsTemplate" . | indent 2 }}
+{{- end }}
+
+{{/*
+Common Labels for Templates
+*/}}
+{{- define "liqo.labelsTemplate" -}}
+{{ include "liqo.selectorLabelsTemplate" . }}
+helm.sh/chart: {{ quote (include "liqo.chart" .) }}
+app.kubernetes.io/version: {{ quote (include "liqo.version" .) }}
+app.kubernetes.io/managed-by: {{ quote .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels template, it accepts a dict which contains fields "name" and "module"
+*/}}
+{{- define "liqo.selectorLabelsTemplate" -}}
+app.kubernetes.io/name: {{ quote "{{ .Name }}" }}
+app.kubernetes.io/instance: {{ quote (printf "%s-%s" .Release.Name "{{ .Name }}") }}
+app.kubernetes.io/component: {{ quote .module }}
+app.kubernetes.io/part-of: {{ quote (include "liqo.name" .) }}
+{{- end }}
+
 {{/*
 Create a name prefixed with the chart name, it accepts a dict which contains the field "name".
 */}}
 {{- define "liqo.prefixedName" -}}
 {{- printf "%s-%s" (include "liqo.name" .) .name }}
 {{- end }}
 
+{{/*
+Create a name prefixed with the chart name, it accepts a dict which contains the field "name".
+*/}}
+{{- define "liqo.prefixedNameTemplate" -}}
+{{- printf "%s-{{ .Name }}" (include "liqo.name" .) }}
+{{- end }}
+
 {{/*
 Create the file name of a role starting from a prefix, it accepts a dict which contains the field "prefix".
 */}}

deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml

@@ -0,0 +1,61 @@
+{{- $templateConfig := (merge (dict "name" "wg-client-template" "module" "networking") .) -}}
+
+{{- if .Values.networking.internal }}
+
+apiVersion: networking.liqo.io/v1alpha1
+kind: WgGatewayClientTemplate
+metadata:
+  name: {{ $templateConfig.name  }}
+  labels:
+    {{- include "liqo.labels" $templateConfig | nindent 4 }}
+spec:
+  objectKind:
+    apiVersion: networking.liqo.io/v1alpha1
+    kind: WgGatewayClient
+  template:
+    metadata:
+      {{- include "liqo.metadataTemplate" $templateConfig | nindent 6 }}
+    spec:
+      deployment:
+        metadata:
+          {{- include "liqo.metadataTemplate" $templateConfig | nindent 10 }}
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              {{- include "liqo.labelsTemplate" $templateConfig | nindent 14 }}
+          template:
+            metadata:
+              {{- include "liqo.metadataTemplate" $templateConfig | nindent 14 }}
+            spec:
+              containers:
+              - name: wireguard
+                image: ghcr.io/liqotech/gateway/wireguard{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
+                imagePullPolicy: Always
+                args:
+                - --name="{{"{{ .Name  }}"}}"
+                - --namespace="{{"{{ .Namespace }}"}}"
+                - --remote-cluster-id="{{"{{ .ClusterID }}"}}"
+                - --wireguard-gateway-uid="{{"{{ .GatewayUID }}"}}"
+                - --mode=client
+                - --mtu="{{"{{ .Spec.MTU }}"}}"
+                - --endpoint-address="{{"{{ index .Spec.Endpoint.Addresses 0 }}"}}"
+                - --endpoint-port="{{"{{ .Spec.Endpoint.Port }}"}}"
+                securityContext:
+                  privileged: true
+                  capabilities:
+                    add:
+                    - ALL
+              - name: gateway
+                image: ghcr.io/liqotech/gateway{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
+                imagePullPolicy: Always
+                args:
+                - --name="{{"{{ .Name  }}"}}"
+                - --namespace="{{"{{ .Namespace }}"}}"
+                - --mode=client
+                securityContext:
+                  privileged: true
+                  capabilities:
+                    add:
+                    - ALL
+{{- end }}

deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml

@@ -0,0 +1,71 @@
+{{- $templateConfig := (merge (dict "name" "wg-server-template" "module" "networking") .) -}}
+
+{{- if .Values.networking.internal }}
+
+apiVersion: networking.liqo.io/v1alpha1
+kind: WgGatewayServerTemplate
+metadata:
+  name: {{ $templateConfig.name  }}
+  labels:
+    {{- include "liqo.labels" $templateConfig | nindent 4 }}
+spec:
+  objectKind:
+    apiVersion: networking.liqo.io/v1alpha1
+    kind: WgGatewayServer
+  template: 
+    metadata:
+      {{- include "liqo.metadataTemplate" $templateConfig | nindent 6 }}
+    spec:
+      service:
+        metadata:
+          {{- include "liqo.metadataTemplate" $templateConfig | nindent 12 }}
+        spec:
+          selector:
+            {{- include "liqo.labelsTemplate" $templateConfig | nindent 12 }}
+          type: "{{"{{ .Spec.Endpoint.ServiceType }}"}}"
+          ports:
+          - port: "{{"{{ .Spec.Endpoint.Port }}"}}"
+            protocol: UDP
+      deployment:
+        metadata:
+          {{- include "liqo.metadataTemplate" $templateConfig | nindent 10 }}
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              {{- include "liqo.labelsTemplate" $templateConfig | nindent 14 }}
+          template:
+            metadata:
+              {{- include "liqo.metadataTemplate" $templateConfig | nindent 14 }}
+            spec:
+              containers:
+              - name: wireguard
+                image: ghcr.io/liqotech/gateway/wireguard{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
+                imagePullPolicy: Always
+                args:
+                - --name="{{"{{ .Name }}"}}"
+                - --namespace="{{"{{ .Namespace }}"}}"
+                - --remote-cluster-id="{{"{{ .ClusterID }}"}}"
+                - --wireguard-gateway-uid="{{"{{ .GatewayUID }}"}}"
+                - --mode=server
+                - --mtu="{{"{{ .Spec.MTU }}"}}"
+                - --listen-port="{{"{{ .Spec.Endpoint.Port }}"}}"
+                securityContext:
+                  privileged: true
+                  capabilities:
+                    add:
+                    - ALL
+              - name: gateway
+                image: ghcr.io/liqotech/gateway{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
+                imagePullPolicy: Always
+                args:
+                - --name="{{"{{ .Name }}"}}"
+                - --namespace="{{"{{ .Namespace }}"}}"
+                - --mode=server
+                securityContext:
+                  privileged: true
+                  capabilities:
+                    add:
+                    - ALL
+{{- end }}
+

pkg/liqo-controller-manager/external-network/client-operator/client_controller.go

@@ -47,6 +47,8 @@ type ClientReconciler struct {
 
 type templateData struct {
 	Spec       networkingv1alpha1.GatewayClientSpec
+	Name       string
+	Namespace  string
 	GatewayUID string
 	ClusterID  string
 }
@@ -150,10 +152,8 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne
 		return fmt.Errorf("unable to get the metadata of the client template")
 	}
 	objectTemplateMetadata := metav1.ObjectMeta{
-		Name:        enutils.GetValueOrDefault(objectTemplateMetadataInt, "name", gwClient.Name),
-		Namespace:   enutils.GetValueOrDefault(objectTemplateMetadataInt, "namespace", gwClient.Namespace),
-		Labels:      enutils.TranslateMap(objectTemplateMetadataInt["labels"]),
-		Annotations: enutils.TranslateMap(objectTemplateMetadataInt["annotations"]),
+		Name:      enutils.GetValueOrDefault(objectTemplateMetadataInt, "name", gwClient.Name),
+		Namespace: enutils.GetValueOrDefault(objectTemplateMetadataInt, "namespace", gwClient.Namespace),
 	}
 	objectTemplateSpec, ok := objectTemplate["spec"].(map[string]interface{})
 	if !ok {
@@ -166,7 +166,6 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne
 		obj.SetGroupVersionKind(objectKind.GroupVersionKind())
 		obj.SetName(gwClient.Name)
 		obj.SetNamespace(gwClient.Namespace)
-		obj.SetLabels(objectTemplateMetadata.Labels)
 		obj.SetAnnotations(objectTemplateMetadata.Annotations)
 		obj.SetOwnerReferences([]metav1.OwnerReference{
 			{
@@ -177,13 +176,24 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne
 				Controller: pointer.Bool(true),
 			},
 		})
-		spec, err := enutils.RenderTemplate(objectTemplateSpec, templateData{
+
+		td := templateData{
 			Spec:       gwClient.Spec,
+			Name:       gwClient.Name,
+			Namespace:  gwClient.Namespace,
 			GatewayUID: string(gwClient.UID),
 			ClusterID:  remoteClusterID,
-		})
+		}
+
+		meta, err := enutils.RenderTemplate(objectTemplateMetadata, td)
+		if err != nil {
+			return fmt.Errorf("unable to render the template metadata: %w", err)
+		}
+		obj.Object["metadata"] = meta
+
+		spec, err := enutils.RenderTemplate(objectTemplateSpec, td)
 		if err != nil {
-			return fmt.Errorf("unable to render the template: %w", err)
+			return fmt.Errorf("unable to render the template spec: %w", err)
 		}
 		obj.Object["spec"] = spec
 		return nil

pkg/liqo-controller-manager/external-network/server-operator/server_controller.go

@@ -47,6 +47,8 @@ type ServerReconciler struct {
 
 type templateData struct {
 	Spec       networkingv1alpha1.GatewayServerSpec
+	Name       string
+	Namespace  string
 	GatewayUID string
 	ClusterID  string
 }
@@ -145,16 +147,10 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw
 	if !ok {
 		return fmt.Errorf("unable to get the template of the server template")
 	}
-	objectTemplateMetadataInt, ok := objectTemplate["metadata"].(map[string]interface{})
+	objectTemplateMetadata, ok := objectTemplate["metadata"].(map[string]interface{})
 	if !ok {
 		return fmt.Errorf("unable to get the metadata of the server template")
 	}
-	objectTemplateMetadata := metav1.ObjectMeta{
-		Name:        enutils.GetValueOrDefault(objectTemplateMetadataInt, "name", server.Name),
-		Namespace:   enutils.GetValueOrDefault(objectTemplateMetadataInt, "namespace", server.Namespace),
-		Labels:      enutils.TranslateMap(objectTemplateMetadataInt["labels"]),
-		Annotations: enutils.TranslateMap(objectTemplateMetadataInt["annotations"]),
-	}
 	objectTemplateSpec, ok := objectTemplate["spec"].(map[string]interface{})
 	if !ok {
 		return fmt.Errorf("unable to get the spec of the server template")
@@ -164,10 +160,6 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw
 		GroupVersion().WithResource(enutils.KindToResource(objectKind.Kind))).
 		Namespace(server.Namespace), server.Name, func(obj *unstructured.Unstructured) error {
 		obj.SetGroupVersionKind(objectKind.GroupVersionKind())
-		obj.SetName(server.Name)
-		obj.SetNamespace(server.Namespace)
-		obj.SetLabels(objectTemplateMetadata.Labels)
-		obj.SetAnnotations(objectTemplateMetadata.Annotations)
 		obj.SetOwnerReferences([]metav1.OwnerReference{
 			{
 				APIVersion: server.APIVersion,
@@ -177,13 +169,24 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw
 				Controller: pointer.Bool(true),
 			},
 		})
-		spec, err := enutils.RenderTemplate(objectTemplateSpec, templateData{
+
+		td := templateData{
 			Spec:       server.Spec,
+			Name:       server.Name,
+			Namespace:  server.Namespace,
 			GatewayUID: string(server.UID),
 			ClusterID:  remoteClusterID,
-		})
+		}
+
+		metadata, err := enutils.RenderTemplate(objectTemplateMetadata, td)
+		if err != nil {
+			return fmt.Errorf("unable to render the template metadata: %w", err)
+		}
+		obj.Object["metadata"] = metadata
+
+		spec, err := enutils.RenderTemplate(objectTemplateSpec, td)
 		if err != nil {
-			return fmt.Errorf("unable to render the template: %w", err)
+			return fmt.Errorf("unable to render the template spec: %w", err)
 		}
 		obj.Object["spec"] = spec
 		return nil