External Network: Wireguard Templates

apis/networking/v1alpha1/gatewayclient_types.go

@@ -56,6 +56,12 @@ type GatewayClientStatus struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:categories=liqo
 // +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Template Kind",type=string,JSONPath=`.spec.clientTemplateRef.kind`, priority=1
+// +kubebuilder:printcolumn:name="Template Name",type=string,JSONPath=`.spec.clientTemplateRef.name`
+// +kubebuilder:printcolumn:name="Template Namespace",type=string,JSONPath=`.spec.clientTemplateRef.namespace`, priority=1
+// +kubebuilder:printcolumn:name="Endpoint IP",type=string,JSONPath=`.spec.endpoint.ip`
+// +kubebuilder:printcolumn:name="Endpoint Port",type=string,JSONPath=`.spec.endpoint.port`
+// +kubebuilder:printcolumn:name="MTU",type=integer,JSONPath=`.spec.mtu`, priority=1
 
 // GatewayClient defines a gateway client that needs to point to a remote gateway server.
 type GatewayClient struct {

apis/networking/v1alpha1/gatewayserver_types.go

@@ -79,6 +79,12 @@ type GatewayServerStatus struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:categories=liqo
 // +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Template Kind",type=string,JSONPath=`.spec.serverTemplateRef.kind`, priority=1
+// +kubebuilder:printcolumn:name="Template Name",type=string,JSONPath=`.spec.serverTemplateRef.name`
+// +kubebuilder:printcolumn:name="Template Namespace",type=string,JSONPath=`.spec.serverTemplateRef.namespace`, priority=1
+// +kubebuilder:printcolumn:name="Endpoint Service Type",type=string,JSONPath=`.spec.endpoint.serviceType`
+// +kubebuilder:printcolumn:name="Endpoint Port",type=string,JSONPath=`.spec.endpoint.port`
+// +kubebuilder:printcolumn:name="MTU",type=integer,JSONPath=`.spec.mtu`, priority=1
 
 // GatewayServer defines a gateway server that remote gateway clients need to point to.
 type GatewayServer struct {

deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayclients.yaml

@@ -16,7 +16,29 @@ spec:
     singular: gatewayclient
   scope: Namespaced
   versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .spec.clientTemplateRef.kind
+      name: Template Kind
+      priority: 1
+      type: string
+    - jsonPath: .spec.clientTemplateRef.name
+      name: Template Name
+      type: string
+    - jsonPath: .spec.clientTemplateRef.namespace
+      name: Template Namespace
+      priority: 1
+      type: string
+    - jsonPath: .spec.endpoint.ip
+      name: Endpoint IP
+      type: string
+    - jsonPath: .spec.endpoint.port
+      name: Endpoint Port
+      type: string
+    - jsonPath: .spec.mtu
+      name: MTU
+      priority: 1
+      type: integer
+    name: v1alpha1
     schema:
       openAPIV3Schema:
         description: GatewayClient defines a gateway client that needs to point to

deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayservers.yaml

@@ -16,7 +16,29 @@ spec:
     singular: gatewayserver
   scope: Namespaced
   versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .spec.serverTemplateRef.kind
+      name: Template Kind
+      priority: 1
+      type: string
+    - jsonPath: .spec.serverTemplateRef.name
+      name: Template Name
+      type: string
+    - jsonPath: .spec.serverTemplateRef.namespace
+      name: Template Namespace
+      priority: 1
+      type: string
+    - jsonPath: .spec.endpoint.serviceType
+      name: Endpoint Service Type
+      type: string
+    - jsonPath: .spec.endpoint.port
+      name: Endpoint Port
+      type: string
+    - jsonPath: .spec.mtu
+      name: MTU
+      priority: 1
+      type: integer
+    name: v1alpha1
     schema:
       openAPIV3Schema:
         description: GatewayServer defines a gateway server that remote gateway clients

deployments/liqo/templates/_helpers.tpl

@@ -76,6 +76,36 @@ app.kubernetes.io/component: {{ quote .module }}
 app.kubernetes.io/part-of: {{ quote (include "liqo.name" .) }}
 {{- end }}
 
+{{/*
+Common metadata for Templates
+*/}}
+{{- define "liqo.metadataTemplate" -}}
+name: {{ quote "{{ .Name }}" }}
+namespace: {{ quote "{{ .Namespace }}" }}
+labels:
+{{ include "liqo.labelsTemplate" . | indent 2 }}
+{{- end }}
+
+{{/*
+Common Labels for Templates
+*/}}
+{{- define "liqo.labelsTemplate" -}}
+{{ include "liqo.selectorLabelsTemplate" . }}
+helm.sh/chart: {{ quote (include "liqo.chart" .) }}
+app.kubernetes.io/version: {{ quote (include "liqo.version" .) }}
+app.kubernetes.io/managed-by: {{ quote .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels template, it accepts a dict which contains fields "name" and "module"
+*/}}
+{{- define "liqo.selectorLabelsTemplate" -}}
+app.kubernetes.io/name: {{ quote "{{ .Name }}" }}
+app.kubernetes.io/instance: {{ quote (printf "%s-%s" .Release.Name "{{ .Name }}") }}
+app.kubernetes.io/component: {{ quote .module }}
+app.kubernetes.io/part-of: {{ quote (include "liqo.name" .) }}
+{{- end }}
+
 {{/*
 Create a name prefixed with the chart name, it accepts a dict which contains the field "name".
 */}}

deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml

@@ -0,0 +1,66 @@
+{{- $templateConfig := (merge (dict "name" "wireguard-client" "module" "networking") .) -}}
+
+{{- if .Values.networking.internal }}
+
+apiVersion: networking.liqo.io/v1alpha1
+kind: WgGatewayClientTemplate
+metadata:
+  name: {{ $templateConfig.name  }}
+  labels:
+    {{- include "liqo.labels" $templateConfig | nindent 4 }}
+spec:
+  objectKind:
+    apiVersion: networking.liqo.io/v1alpha1
+    kind: WgGatewayClient
+  template:
+    metadata:
+      {{- include "liqo.metadataTemplate" $templateConfig | nindent 6 }}
+    spec:
+      deployment:
+        metadata:
+          {{- include "liqo.metadataTemplate" $templateConfig | nindent 10 }}
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              {{- include "liqo.labelsTemplate" $templateConfig | nindent 14 }}
+          template:
+            metadata:
+              {{- include "liqo.metadataTemplate" $templateConfig | nindent 14 }}
+            spec:
+              serviceAccount: "{{"{{ .Name }}"}}"
+              serviceAccountName: "{{"{{ .Name }}"}}"
+              containers:
+              - name: gateway
+                image: ghcr.io/liqotech/gateway{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
+                imagePullPolicy: Always
+                args:
+                - --name={{"{{ .Name }}"}}
+                - --namespace={{"{{ .Namespace }}"}}
+                - --remote-cluster-id={{"{{ .ClusterID }}"}}
+                - --mode=client
+                - --metrics-address=:8080
+                - --health-probe-bind-address=:8081
+                - --ping-loss-threshold=5
+                - --ping-interval=2s
+                - --ping-update-status-interval=10s
+              - name: wireguard
+                image: ghcr.io/liqotech/gateway/wireguard{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
+                imagePullPolicy: Always
+                args:
+                - --name={{"{{ .Name }}"}}
+                - --namespace={{"{{ .Namespace }}"}}
+                - --remote-cluster-id={{"{{ .ClusterID }}"}}
+                - --gateway-uid={{"{{ .GatewayUID }}"}}
+                - --mode=client
+                - --mtu={{"{{ .Spec.MTU }}"}}
+                - --endpoint-address={{"{{ index .Spec.Endpoint.Addresses 0 }}"}}
+                - --endpoint-port={{"{{ .Spec.Endpoint.Port }}"}}
+                - --metrics-address=:8082
+                - --health-probe-bind-address=:8083
+                securityContext:
+                  capabilities:
+                    add:
+                    - NET_ADMIN
+                    - NET_RAW
+{{- end }}

deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml

@@ -0,0 +1,76 @@
+{{- $templateConfig := (merge (dict "name" "wireguard-server" "module" "networking") .) -}}
+
+{{- if .Values.networking.internal }}
+
+apiVersion: networking.liqo.io/v1alpha1
+kind: WgGatewayServerTemplate
+metadata:
+  name: {{ $templateConfig.name  }}
+  labels:
+    {{- include "liqo.labels" $templateConfig | nindent 4 }}
+spec:
+  objectKind:
+    apiVersion: networking.liqo.io/v1alpha1
+    kind: WgGatewayServer
+  template:
+    metadata:
+      {{- include "liqo.metadataTemplate" $templateConfig | nindent 6 }}
+    spec:
+      service:
+        metadata:
+          {{- include "liqo.metadataTemplate" $templateConfig | nindent 12 }}
+        spec:
+          selector:
+            {{- include "liqo.labelsTemplate" $templateConfig | nindent 12 }}
+          type: "{{"{{ .Spec.Endpoint.ServiceType }}"}}"
+          ports:
+          - port: "{{"{{ .Spec.Endpoint.Port }}"}}"
+            protocol: UDP
+            targetPort: "{{"{{ .Spec.Endpoint.Port }}"}}"
+      deployment:
+        metadata:
+          {{- include "liqo.metadataTemplate" $templateConfig | nindent 10 }}
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              {{- include "liqo.labelsTemplate" $templateConfig | nindent 14 }}
+          template:
+            metadata:
+              {{- include "liqo.metadataTemplate" $templateConfig | nindent 14 }}
+            spec:
+              serviceAccount: "{{"{{ .Name }}"}}"
+              serviceAccountName: "{{"{{ .Name }}"}}"
+              containers:
+              - name: gateway
+                image: ghcr.io/liqotech/gateway{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
+                imagePullPolicy: Always
+                args:
+                - --name={{"{{ .Name }}"}}
+                - --namespace={{"{{ .Namespace }}"}}
+                - --remote-cluster-id={{"{{ .ClusterID }}"}}
+                - --mode=server
+                - --metrics-address=:8080
+                - --health-probe-bind-address=:8081
+                - --ping-loss-threshold=5
+                - --ping-interval=2s
+                - --ping-update-status-interval=10s
+              - name: wireguard
+                image: ghcr.io/liqotech/gateway/wireguard{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
+                imagePullPolicy: Always
+                args:
+                - --name={{"{{ .Name }}"}}
+                - --namespace={{"{{ .Namespace }}"}}
+                - --remote-cluster-id={{"{{ .ClusterID }}"}}
+                - --gateway-uid={{"{{ .GatewayUID }}"}}
+                - --mode=server
+                - --mtu={{"{{ .Spec.MTU }}"}}
+                - --listen-port={{"{{ .Spec.Endpoint.Port }}"}}
+                - --metrics-address=:8082
+                - --health-probe-bind-address=:8083
+                securityContext:
+                  capabilities:
+                    add:
+                    - NET_ADMIN
+                    - NET_RAW
+{{- end }}

pkg/gateway/tunnel/wireguard/publickeys-controller.go

@@ -91,13 +91,6 @@ func (r *PublicKeysReconciler) SetupWithManager(mgr ctrl.Manager, src <-chan eve
 func (r *PublicKeysReconciler) Predicates() builder.Predicates {
 	return builder.WithPredicates(
 		predicate.NewPredicateFuncs(func(object client.Object) bool {
-			mode, ok := object.GetLabels()[string(LabelsMode)]
-			if !ok {
-				return false
-			}
-			if mode != string(r.Options.GwOptions.Mode) {
-				return false
-			}
 			id, ok := object.GetLabels()[string(consts.RemoteClusterID)]
 			if !ok {
 				return false