From 96a400f64f185845e4316b3fc28ad91ba1c3d1cd Mon Sep 17 00:00:00 2001 From: Claudio Lorina Date: Mon, 25 Nov 2024 18:04:52 +0100 Subject: [PATCH] fix!: remove GatewayServer address and port override via annotation This patch removes the possibility to use the override the address and port used by the client to connect to the GatewayServer via the `liqo.io/override-address` and `liqo.io/override-port` annotation. Introduced with PR #2384 --- cmd/liqoctl/cmd/network.go | 4 +- cmd/liqoctl/cmd/peer.go | 4 +- deployments/liqo/README.md | 20 +-- deployments/liqo/values.yaml | 22 ++-- examples/networking/wireguard-server-nat.yaml | 119 ------------------ pkg/consts/annotations.go | 5 - .../external-network/wireguard/utils.go | 26 ---- .../wireguard/wggatewayserver_controller.go | 12 -- 8 files changed, 22 insertions(+), 190 deletions(-) delete mode 100644 examples/networking/wireguard-server-nat.yaml diff --git a/cmd/liqoctl/cmd/network.go b/cmd/liqoctl/cmd/network.go index a498dfeb75..55c5975c4c 100644 --- a/cmd/liqoctl/cmd/network.go +++ b/cmd/liqoctl/cmd/network.go @@ -166,11 +166,11 @@ func newNetworkConnectCommand(ctx context.Context, options *network.Options) *co cmd.Flags().StringVar(&options.ClientGatewayType, "client-type", forge.DefaultGwClientType, "Type of Gateway Client. Leave empty to use default Liqo implementation of WireGuard") cmd.Flags().StringVar(&options.ClientConnectAddress, "client-address", "", - "Define the address used by the gateway client to connect to the gateway server."+ + "Define the address used by the gateway client to connect to the gateway server. "+ "This value overrides the one automatically retrieved by Liqo and it is useful when the server is "+ "not directly reachable (e.g. the server is behind a NAT)") cmd.Flags().Int32Var(&options.ClientConnectPort, "client-port", 0, - "Define the port used by the gateway client to connect to the gateway server."+ + "Define the port used by the gateway client to connect to the gateway server. "+ "This value overrides the one automatically retrieved by Liqo and it is useful when the server is "+ "not directly reachable (e.g. the server is behind a NAT)") cmd.Flags().StringVar(&options.ClientTemplateName, "client-template-name", forge.DefaultGwClientTemplateName, diff --git a/cmd/liqoctl/cmd/peer.go b/cmd/liqoctl/cmd/peer.go index 96e1de9380..cbc06a2896 100644 --- a/cmd/liqoctl/cmd/peer.go +++ b/cmd/liqoctl/cmd/peer.go @@ -101,11 +101,11 @@ func newPeerCommand(ctx context.Context, f *factory.Factory) *cobra.Command { cmd.Flags().StringVar(&options.ServerServiceLoadBalancerIP, "server-service-loadbalancerip", "", "IP of the LoadBalancer for the Gateway Server service") cmd.Flags().StringVar(&options.ClientConnectAddress, "client-address", "", - "Define the address used by the gateway client to connect to the gateway server."+ + "Define the address used by the gateway client to connect to the gateway server. "+ "This value overrides the one automatically retrieved by Liqo and it is useful when the server is "+ "not directly reachable (e.g. the server is behind a NAT)") cmd.Flags().Int32Var(&options.ClientConnectPort, "client-port", 0, - "Define the port used by the gateway client to connect to the gateway server."+ + "Define the port used by the gateway client to connect to the gateway server. "+ "This value overrides the one automatically retrieved by Liqo and it is useful when the server is "+ "not directly reachable (e.g. the server is behind a NAT)") cmd.Flags().IntVar(&options.MTU, "mtu", nwforge.DefaultMTU, diff --git a/deployments/liqo/README.md b/deployments/liqo/README.md index 27e4d83ba5..ebe41494a6 100644 --- a/deployments/liqo/README.md +++ b/deployments/liqo/README.md @@ -64,7 +64,7 @@ | ipam.reservedSubnets | list | `[]` | List of IP subnets that do not have to be used by Liqo. Liqo can perform automatic IP address remapping when a remote cluster is peering with you, e.g., in case IP address spaces (e.g., PodCIDR) overlaps. In order to prevent IP conflicting between locally used private subnets in your infrastructure and private subnets belonging to remote clusters you need tell liqo the subnets used in your cluster. E.g if your cluster nodes belong to the 192.168.2.0/24 subnet, then you should add that subnet to the reservedSubnets. PodCIDR and serviceCIDR used in the local cluster are automatically added to the reserved list. | | ipam.serviceCIDR | string | `""` | The subnet used by the services in you cluster, in CIDR notation (e.g., 172.16.0.0/16). | | metricAgent.config.timeout | object | `{"read":"30s","write":"30s"}` | Set the timeout for the metrics server. | -| metricAgent.enable | bool | `true` | Enable/Disable the virtual kubelet metric agent. This component aggregates all the kubelet-related metrics (e.g., CPU, RAM, etc) collected on the nodes that are used by a remote cluster peered with you, then exporting the resulting values as a property of the virtual kubelet running on the remote cluster. | +| metricAgent.enable | bool | `true` | Enable/Disable the virtual kubelet metric agent. This component aggregates all the kubelet-related metrics (e.g., CPU, RAM, etc) collected on the nodes that are used by a remote cluster peered with you, then exporting the resulting values as a property of the virtual kubelet running on the remote cluster. | | metricAgent.image.name | string | `"ghcr.io/liqotech/metric-agent"` | Image repository for the metricAgent pod. | | metricAgent.image.version | string | `""` | Custom version for the metricAgent image. If not specified, the global tag is used. | | metricAgent.initContainer.image.name | string | `"ghcr.io/liqotech/cert-creator"` | Image repository for the init container of the metricAgent pod. | @@ -79,7 +79,7 @@ | nameOverride | string | `""` | Override the standard name used by Helm and associated to Kubernetes/Liqo resources. | | networking.clientResources | list | `[{"apiVersion":"networking.liqo.io/v1beta1","resource":"wggatewayclients"}]` | Set the list of resources that implement the GatewayClient | | networking.enabled | bool | `true` | Use the default Liqo networking module. | -| networking.fabric.config.fullMasquerade | bool | `false` | Enabe/Disable the full masquerade mode for the fabric pod. It means that all traffic will be masquerade using the first external cidr IP, instead of using the pod IP. Full masquerade is useful when the cluster nodeports uses a PodCIDR IP to masqerade the incoming traffic. IMPORTANT: Please consider that enabling this feature will masquerade the source IP of traffic towards a remote cluster, making impossible for a pod that receives the traffic to know the original source IP. | +| networking.fabric.config.fullMasquerade | bool | `false` | Enabe/Disable the full masquerade mode for the fabric pod. It means that all traffic will be masquerade using the first external cidr IP, instead of using the pod IP. Full masquerade is useful when the cluster nodeports uses a PodCIDR IP to masqerade the incoming traffic. IMPORTANT: Please consider that enabling this feature will masquerade the source IP of traffic towards a remote cluster, making impossible for a pod that receives the traffic to know the original source IP. | | networking.fabric.config.gatewayMasqueradeBypass | bool | `false` | Enable/Disable the masquerade bypass for the gateway pods. It means that the packets from gateway pods will not be masqueraded from the host where the pod is scheduled. This is useful in scenarios where CNIs masquerade the traffic from pod to nodes. For example this is required when using the Azure CNI or Kindnet. | | networking.fabric.config.nftablesMonitor | bool | `true` | Enable/Disable the nftables monitor for the fabric pod. It means that the fabric pod will monitor the nftables rules and will restore them in case of changes. In some cases (like K3S), this monitor can cause a huge amount of CPU usage. If you are experiencing high CPU usage, you can disable this feature. | | networking.fabric.image.name | string | `"ghcr.io/liqotech/fabric"` | Image repository for the fabric pod. | @@ -90,7 +90,7 @@ | networking.fabric.pod.priorityClassName | string | `""` | PriorityClassName (https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) for the fabric pod. | | networking.fabric.pod.resources | object | `{"limits":{},"requests":{}}` | Resource requests and limits (https://kubernetes.io/docs/user-guide/compute-resources/) for the fabric pod. | | networking.fabric.tolerations | list | `[]` | Extra tolerations for the fabric daemonset. | -| networking.gatewayTemplates | object | `{"container":{"gateway":{"image":{"name":"ghcr.io/liqotech/gateway","version":""}},"geneve":{"image":{"name":"ghcr.io/liqotech/gateway/geneve","version":""}},"wireguard":{"image":{"name":"ghcr.io/liqotech/gateway/wireguard","version":""}}},"ping":{"interval":"2s","lossThreshold":5,"updateStatusInterval":"10s"},"replicas":1,"server":{"service":{"allocateLoadBalancerNodePorts":"","annotations":null}},"wireguard":{"implementation":"kernel"}}` | Set the options for the default gateway (server/client) templates. The default templates use a WireGuard implementation to connect the gateway of the clusters. These options are used to configure only the default templates and should not be considered if a custom template is used. | +| networking.gatewayTemplates | object | `{"container":{"gateway":{"image":{"name":"ghcr.io/liqotech/gateway","version":""}},"geneve":{"image":{"name":"ghcr.io/liqotech/gateway/geneve","version":""}},"wireguard":{"image":{"name":"ghcr.io/liqotech/gateway/wireguard","version":""}}},"ping":{"interval":"2s","lossThreshold":5,"updateStatusInterval":"10s"},"replicas":1,"server":{"service":{"allocateLoadBalancerNodePorts":"","annotations":{}}},"wireguard":{"implementation":"kernel"}}` | Set the options for the default gateway (server/client) templates. The default templates use a WireGuard implementation to connect the gateway of the clusters. These options are used to configure only the default templates and should not be considered if a custom template is used. | | networking.gatewayTemplates.container.gateway.image.name | string | `"ghcr.io/liqotech/gateway"` | Image repository for the gateway container. | | networking.gatewayTemplates.container.gateway.image.version | string | `""` | Custom version for the gateway image. If not specified, the global tag is used. | | networking.gatewayTemplates.container.geneve.image.name | string | `"ghcr.io/liqotech/gateway/geneve"` | Image repository for the geneve container. | @@ -102,20 +102,20 @@ | networking.gatewayTemplates.ping.lossThreshold | int | `5` | Set the number of consecutive pings that must fail to consider the connection as lost | | networking.gatewayTemplates.ping.updateStatusInterval | string | `"10s"` | Set the interval at which the connection resource status is updated | | networking.gatewayTemplates.replicas | int | `1` | Set the number of replicas for the gateway deployments | -| networking.gatewayTemplates.server | object | `{"service":{"allocateLoadBalancerNodePorts":"","annotations":null}}` | Set the options to configure the gateway server | -| networking.gatewayTemplates.server.service | object | `{"allocateLoadBalancerNodePorts":"","annotations":null}` | Set the options to configure the server service | +| networking.gatewayTemplates.server | object | `{"service":{"allocateLoadBalancerNodePorts":"","annotations":{}}}` | Set the options to configure the gateway server | +| networking.gatewayTemplates.server.service | object | `{"allocateLoadBalancerNodePorts":"","annotations":{}}` | Set the options to configure the server service | | networking.gatewayTemplates.server.service.allocateLoadBalancerNodePorts | string | `""` | Set to "false" if you expose the gateway service as LoadBalancer and you do not want to create also a NodePort associated to it (Note: this setting is useful only on cloud providers that support this feature). | -| networking.gatewayTemplates.server.service.annotations | string | `nil` | Annotations for the server service. | +| networking.gatewayTemplates.server.service.annotations | object | `{}` | Annotations for the server service. | | networking.gatewayTemplates.wireguard.implementation | string | `"kernel"` | Set the implementation used for the WireGuard connection. Possible values are "kernel" and "userspace". | | networking.genevePort | int | `6091` | The port used by the geneve tunnels. | | networking.reflectIPs | bool | `true` | Reflect pod IPs and EnpointSlices to the remote clusters. | | networking.serverResources | list | `[{"apiVersion":"networking.liqo.io/v1beta1","resource":"wggatewayservers"}]` | Set the list of resources that implement the GatewayServer | -| offloading.createNode | bool | `true` | Enable/Disable the creation of a k8s node for each VirtualNode. This flag is cluster-wide, but you can configure the preferred behaviour for each VirtualNode by setting the "createNode" field in the resource Spec. | +| offloading.createNode | bool | `true` | Enable/Disable the creation of a k8s node for each VirtualNode. This flag is cluster-wide, but you can configure the preferred behaviour for each VirtualNode by setting the "createNode" field in the resource Spec. | | offloading.defaultNodeResources.cpu | string | `"4"` | The amount of CPU to reserve for a virtual node targeting this cluster. | | offloading.defaultNodeResources.ephemeral-storage | string | `"20Gi"` | The amount of ephemeral storage to reserve for a virtual node targeting this cluster. | | offloading.defaultNodeResources.memory | string | `"8Gi"` | The amount of memory to reserve for a virtual node targeting this cluster. | | offloading.defaultNodeResources.pods | string | `"110"` | The amount of pods that can be scheduled on a virtual node targeting this cluster. | -| offloading.disableNetworkCheck | bool | `false` | Enable/Disable the check of the liqo networking for virtual nodes. If check is disabled, the network status will not be added to node conditions. This flag is cluster-wide, but you can configure the preferred behaviour for each VirtualNode by setting the "disableNetworkCheck" field in the resource Spec. | +| offloading.disableNetworkCheck | bool | `false` | Enable/Disable the check of the liqo networking for virtual nodes. If check is disabled, the network status will not be added to node conditions. This flag is cluster-wide, but you can configure the preferred behaviour for each VirtualNode by setting the "disableNetworkCheck" field in the resource Spec. | | offloading.enabled | bool | `true` | Enable/Disable the offloading module | | offloading.reflection.configmap.type | string | `"DenyList"` | The type of reflection used for the configmaps reflector. Ammitted values: "DenyList", "AllowList". | | offloading.reflection.configmap.workers | int | `3` | The number of workers used for the configmaps reflector. Set 0 to disable the reflection of configmaps. | @@ -147,7 +147,7 @@ | openshiftConfig.enable | bool | `false` | Enable/Disable the OpenShift support, enabling Openshift-specific resources, and setting the pod security contexts in a way that is compatible with Openshift. | | openshiftConfig.virtualKubeletSCCs | list | `["anyuid"]` | Security context configurations granted to the virtual kubelet in the local cluster. The configuration of one or more SCCs for the virtual kubelet is not strictly required, and privileges can be reduced in production environments. Still, the default configuration (i.e., anyuid) is suggested to prevent problems (i.e., the virtual kubelet fails to add the appropriate labels) when attempting to offload pods not managed by higher-level abstractions (e.g., Deployments), and not associated with a properly privileged service account. Indeed, "anyuid" is the SCC automatically associated with pods created by cluster administrators. Any pod granted a more privileged SCC and not linked to an adequately privileged service account will fail to be offloaded. | | proxy.config.listeningPort | int | `8118` | Port used by the proxy pod. | -| proxy.enabled | bool | `true` | Enable/Disable the proxy pod. This pod is mandatory to allow in-band peering and to connect to the consumer k8s api server from a remotly offloaded pod. | +| proxy.enabled | bool | `true` | Enable/Disable the proxy pod. This pod is mandatory to allow in-band peering and to connect to the consumer k8s api server from a remotly offloaded pod. | | proxy.image.name | string | `"ghcr.io/liqotech/proxy"` | Image repository for the proxy pod. | | proxy.image.version | string | `""` | Custom version for the proxy image. If not specified, the global tag is used. | | proxy.pod.annotations | object | `{}` | Annotations for the proxy pod. | @@ -155,7 +155,7 @@ | proxy.pod.labels | object | `{}` | Labels for the proxy pod. | | proxy.pod.priorityClassName | string | `""` | PriorityClassName (https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) for the proxy pod. | | proxy.pod.resources | object | `{"limits":{},"requests":{}}` | Resource requests and limits (https://kubernetes.io/docs/user-guide/compute-resources/) for the proxy pod. | -| proxy.replicas | int | `1` | Set the number of replicas for the proxy deployments | +| proxy.replicas | int | `1` | Set the number of replicas for the proxy deployments | | proxy.service.annotations | object | `{}` | | | proxy.service.type | string | `"ClusterIP"` | | | pullPolicy | string | `"IfNotPresent"` | The pullPolicy for liqo pods. | diff --git a/deployments/liqo/values.yaml b/deployments/liqo/values.yaml index 15031fc8ff..cb462e804a 100644 --- a/deployments/liqo/values.yaml +++ b/deployments/liqo/values.yaml @@ -71,13 +71,7 @@ networking: # -- Set to "false" if you expose the gateway service as LoadBalancer and you do not want to create also a NodePort associated to it (Note: this setting is useful only on cloud providers that support this feature). allocateLoadBalancerNodePorts: "" # -- Annotations for the server service. - annotations: - # -- Override the default address where your network gateway service is available. - # You should configure it if the network gateway is behind a reverse proxy or NAT. - # liqo.io/override-address: "10.43.12.182" - # -- Overrides the port where your network gateway service is available. - # You should configure it if the network gateway is behind a reverse proxy or NAT and is different from the listening port. - # liqo.io/override-port: "51840" + annotations: {} container: gateway: image: @@ -122,8 +116,8 @@ networking: # -- Enabe/Disable the full masquerade mode for the fabric pod. # It means that all traffic will be masquerade using the first external cidr IP, instead of using the pod IP. # Full masquerade is useful when the cluster nodeports uses a PodCIDR IP to masqerade the incoming traffic. - # IMPORTANT: Please consider that enabling this feature will masquerade the source IP of traffic towards a remote cluster, - # making impossible for a pod that receives the traffic to know the original source IP. + # IMPORTANT: Please consider that enabling this feature will masquerade the source IP of traffic towards a remote cluster, + # making impossible for a pod that receives the traffic to know the original source IP. fullMasquerade: false # -- Enable/Disable the masquerade bypass for the gateway pods. # It means that the packets from gateway pods will not be masqueraded from the host where the pod is scheduled. @@ -181,12 +175,12 @@ offloading: # -- The amount of ephemeral storage to reserve for a virtual node targeting this cluster. ephemeral-storage: "20Gi" # -- Enable/Disable the creation of a k8s node for each VirtualNode. - # This flag is cluster-wide, but you can configure the preferred behaviour for each VirtualNode + # This flag is cluster-wide, but you can configure the preferred behaviour for each VirtualNode # by setting the "createNode" field in the resource Spec. createNode: true # -- Enable/Disable the check of the liqo networking for virtual nodes. # If check is disabled, the network status will not be added to node conditions. - # This flag is cluster-wide, but you can configure the preferred behaviour for each VirtualNode + # This flag is cluster-wide, but you can configure the preferred behaviour for each VirtualNode # by setting the "disableNetworkCheck" field in the resource Spec. disableNetworkCheck: false runtimeClass: @@ -506,7 +500,7 @@ discovery: metricAgent: # -- Enable/Disable the virtual kubelet metric agent. This component aggregates all the kubelet-related metrics - # (e.g., CPU, RAM, etc) collected on the nodes that are used by a remote cluster peered with you, then exporting + # (e.g., CPU, RAM, etc) collected on the nodes that are used by a remote cluster peered with you, then exporting # the resulting values as a property of the virtual kubelet running on the remote cluster. enable: true config: @@ -622,10 +616,10 @@ uninstaller: proxy: # -- Enable/Disable the proxy pod. - # This pod is mandatory to allow in-band peering + # This pod is mandatory to allow in-band peering # and to connect to the consumer k8s api server from a remotly offloaded pod. enabled: true - # -- Set the number of replicas for the proxy deployments + # -- Set the number of replicas for the proxy deployments replicas: 1 pod: # -- Annotations for the proxy pod. diff --git a/examples/networking/wireguard-server-nat.yaml b/examples/networking/wireguard-server-nat.yaml deleted file mode 100644 index 19d998a9b2..0000000000 --- a/examples/networking/wireguard-server-nat.yaml +++ /dev/null @@ -1,119 +0,0 @@ -apiVersion: networking.liqo.io/v1beta1 -kind: WgGatewayServerTemplate -metadata: - name: wireguard-server-nat - # namespace: liqo # or custom namespace -spec: - objectKind: - apiVersion: networking.liqo.io/v1beta1 - kind: WgGatewayServer - template: - metadata: - labels: - networking.liqo.io/component: gateway - name: '{{ .Name }}' - namespace: '{{ .Namespace }}' - spec: - deployment: - metadata: - labels: - networking.liqo.io/component: gateway - name: '{{ .Name }}' - namespace: '{{ .Namespace }}' - spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: '{{ .Name }}' - networking.liqo.io/component: gateway - template: - metadata: - labels: - app.kubernetes.io/name: '{{ .Name }}' - networking.liqo.io/component: gateway - name: '{{ .Name }}' - namespace: '{{ .Namespace }}' - spec: - containers: - - args: - - --name={{ .Name }} - - --namespace={{ .Namespace }} - - --remote-cluster-id={{ .ClusterID }} - - --gateway-uid={{ .GatewayUID }} - - --mode=server - - --metrics-address=:8080 - - --health-probe-bind-address=:8081 - - --ping-enabled=true - - --ping-loss-threshold=5 - - --ping-interval=2s - - --ping-update-status-interval=10s - image: ghcr.io/liqotech/gateway: - imagePullPolicy: IfNotPresent - name: gateway - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - privileged: true - - args: - - --name={{ .Name }} - - --namespace={{ .Namespace }} - - --remote-cluster-id={{ .ClusterID }} - - --gateway-uid={{ .GatewayUID }} - - --mode=server - - --mtu={{ .Spec.MTU }} - - --listen-port={{ .Spec.Endpoint.Port }} - - --metrics-address=:8082 - - --health-probe-bind-address=:8083 - image: ghcr.io/liqotech/gateway/wireguard: - imagePullPolicy: IfNotPresent - name: wireguard - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - - args: - - --name={{ .Name }} - - --namespace={{ .Namespace }} - - --remote-cluster-id={{ .ClusterID }} - - --node-name=$(NODE_NAME) - - --gateway-uid={{ .GatewayUID }} - - --mode=server - - --metrics-address=:8084 - - --health-probe-bind-address=:8085 - - --enable-arp=true - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: ghcr.io/liqotech/gateway/geneve: - imagePullPolicy: IfNotPresent - name: geneve - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - serviceAccount: '{{ .Name }}' - serviceAccountName: '{{ .Name }}' - service: - metadata: - annotations: - liqo.io/override-address: 10.43.12.182 - liqo.io/override-port: "51840" - labels: - networking.liqo.io/component: gateway - name: '{{ .Name }}' - namespace: '{{ .Namespace }}' - spec: - ports: - - port: '{{ .Spec.Endpoint.Port }}' - protocol: UDP - targetPort: '{{ .Spec.Endpoint.Port }}' - selector: - app.kubernetes.io/name: '{{ .Name }}' - networking.liqo.io/component: gateway - type: '{{ .Spec.Endpoint.ServiceType }}' diff --git a/pkg/consts/annotations.go b/pkg/consts/annotations.go index 9932fc379e..330d67072e 100644 --- a/pkg/consts/annotations.go +++ b/pkg/consts/annotations.go @@ -19,11 +19,6 @@ package consts // Any change to those annotations on the helm chart has also to be reflected here. const ( - // OverrideAddressAnnotation is the annotation used to override the address of a service. - OverrideAddressAnnotation = "liqo.io/override-address" - // OverridePortAnnotation is the annotation used to override the port of a service. - OverridePortAnnotation = "liqo.io/override-port" - // APIServerSupportAnnotation is the annotation used to enable the API server support for a pod. APIServerSupportAnnotation = "liqo.io/api-server-support" // APIServerSupportAnnotationValueRemote is the value of the annotation used to enable the API server support for a pod. diff --git a/pkg/liqo-controller-manager/networking/external-network/wireguard/utils.go b/pkg/liqo-controller-manager/networking/external-network/wireguard/utils.go index 2296074cab..5fece66b81 100644 --- a/pkg/liqo-controller-manager/networking/external-network/wireguard/utils.go +++ b/pkg/liqo-controller-manager/networking/external-network/wireguard/utils.go @@ -17,7 +17,6 @@ package wireguard import ( "context" "fmt" - "strconv" "golang.zx2c4.com/wireguard/wgctrl/wgtypes" corev1 "k8s.io/api/core/v1" @@ -223,28 +222,3 @@ func getWireGuardSecret(ctx context.Context, cl client.Client, wgObj metav1.Obje return nil, fmt.Errorf("found multiple secrets associated to WireGuard gateway %q", wgObjNsName) } } - -func checkServiceOverrides(service *corev1.Service, addresses *[]string, port *int32) error { - if service == nil { - return nil - } - - if addresses == nil || port == nil { - return fmt.Errorf("addresses and port must be non-nil") - } - - if service.Annotations != nil { - if v, ok := service.Annotations[consts.OverrideAddressAnnotation]; ok { - *addresses = []string{v} - } - if v, ok := service.Annotations[consts.OverridePortAnnotation]; ok { - p, err := strconv.ParseInt(v, 10, 32) - if err != nil { - klog.Errorf("unable to parse port %q from service %s/%s annotation: %v", v, service.Namespace, service.Name, err) - return err - } - *port = int32(p) - } - } - return nil -} diff --git a/pkg/liqo-controller-manager/networking/external-network/wireguard/wggatewayserver_controller.go b/pkg/liqo-controller-manager/networking/external-network/wireguard/wggatewayserver_controller.go index b0bb56e3e4..96552361b1 100644 --- a/pkg/liqo-controller-manager/networking/external-network/wireguard/wggatewayserver_controller.go +++ b/pkg/liqo-controller-manager/networking/external-network/wireguard/wggatewayserver_controller.go @@ -362,10 +362,6 @@ func (r *WgGatewayServerReconciler) forgeEndpointStatusClusterIP(service *corev1 protocol := &service.Spec.Ports[0].Protocol addresses := service.Spec.ClusterIPs - if err := checkServiceOverrides(service, &addresses, &port); err != nil { - return nil, err - } - return &networkingv1beta1.EndpointStatus{ Protocol: protocol, Port: port, @@ -414,10 +410,6 @@ func (r *WgGatewayServerReconciler) forgeEndpointStatusNodePort(ctx context.Cont } } - if err := checkServiceOverrides(service, &addresses, &port); err != nil { - return nil, nil, err - } - internalAddress := pod.Status.PodIP if internalAddress == "" { err := fmt.Errorf("pod %s/%s has no IP", pod.Namespace, pod.Name) @@ -455,10 +447,6 @@ func (r *WgGatewayServerReconciler) forgeEndpointStatusLoadBalancer(service *cor } } - if err := checkServiceOverrides(service, &addresses, &port); err != nil { - return nil, err - } - return &networkingv1beta1.EndpointStatus{ Protocol: protocol, Port: port,