ExternalNetwork: WireGuard Gateway Server and Client controllers

apis/networking/v1alpha1/wggatewayclient_types.go

@@ -37,16 +37,14 @@ var WgGatewayClientGroupVersionResource = GroupVersion.WithResource(WgGatewayCli
 
 // WgGatewayClientSpec defines the desired state of WgGatewayClient.
 type WgGatewayClientSpec struct {
-	// MTU specifies the MTU of the tunnel.
-	MTU int `json:"mtu"`
 	// Deployment specifies the deployment template for the client.
 	Deployment DeploymentTemplate `json:"deployment"`
 }
 
 // WgGatewayClientStatus defines the observed state of WgGatewayClient.
 type WgGatewayClientStatus struct {
 	// SecretRef specifies the reference to the secret.
-	SecretRef corev1.ObjectReference `json:"secretRef,omitempty"`
+	SecretRef *corev1.ObjectReference `json:"secretRef,omitempty"`
 }
 
 // +kubebuilder:object:root=true

apis/networking/v1alpha1/wggatewayserver_types.go

@@ -54,8 +54,6 @@ type DeploymentTemplate struct {
 
 // WgGatewayServerSpec defines the desired state of WgGatewayServer.
 type WgGatewayServerSpec struct {
-	// MTU specifies the MTU of the tunnel.
-	MTU int `json:"mtu"`
 	// Service specifies the service template for the server.
 	Service ServiceTemplate `json:"service"`
 	// Deployment specifies the deployment template for the server.
@@ -65,9 +63,9 @@ type WgGatewayServerSpec struct {
 // WgGatewayServerStatus defines the observed state of WgGatewayServer.
 type WgGatewayServerStatus struct {
 	// SecretRef specifies the reference to the secret.
-	SecretRef corev1.ObjectReference `json:"secretRef,omitempty"`
+	SecretRef *corev1.ObjectReference `json:"secretRef,omitempty"`
 	// Endpoint specifies the endpoint of the server.
-	Endpoint EndpointStatus `json:"endpoint,omitempty"`
+	Endpoint *EndpointStatus `json:"endpoint,omitempty"`
 }
 
 // +kubebuilder:object:root=true

cmd/liqo-controller-manager/main.go

@@ -65,6 +65,7 @@ import (
 	clientoperator "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/client-operator"
 	configurationcontroller "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/configuration-controller"
 	serveroperator "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/server-operator"
+	wggatewaycontrollers "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/wireguard"
 	foreignclusteroperator "github.com/liqotech/liqo/pkg/liqo-controller-manager/foreign-cluster-operator"
 	ipctrl "github.com/liqotech/liqo/pkg/liqo-controller-manager/ip-controller"
 	mapsctrl "github.com/liqotech/liqo/pkg/liqo-controller-manager/namespacemap-controller"
@@ -344,13 +345,42 @@ func main() {
 		os.Exit(1)
 	}
 
-	if err := mgr.Add(auxmgrLocalPods); err != nil {
-		klog.Errorf("Unable to add the auxiliary manager to the main one: %w", err)
+	// Create a label selector to filter only events that are part of the Gateway
+	reqExtNetworkPods, err := labels.NewRequirement(consts.ExternalNetworkLabel, selection.Equals, []string{consts.ExternalNetworkLabelValue})
+	utilruntime.Must(err)
+
+	// Create an accessory manager that cache only local offloaded pods.
+	// This manager caches only the pods that are offloaded and scheduled on a remote cluster.
+	auxmgrExtNetworkPods, err := ctrl.NewManager(config, ctrl.Options{
+		MapperProvider:     mapper.LiqoMapperProvider(scheme),
+		Scheme:             scheme,
+		MetricsBindAddress: "0", // Disable the metrics of the auxiliary manager to prevent conflicts.
+		NewCache: func(config *rest.Config, opts cache.Options) (cache.Cache, error) {
+			opts.ByObject = map[client.Object]cache.ByObject{
+				&corev1.Pod{}: {
+					Label: labels.NewSelector().Add(*reqExtNetworkPods),
+				},
+			}
+			return cache.New(config, opts)
+		},
+	})
+
+	if err != nil {
+		klog.Errorf("Unable to create auxiliary manager: %w", err)
 		os.Exit(1)
 	}
 
+	// Add all the auxiliary managers to the main one.
+	if err := mgr.Add(auxmgrLocalPods); err != nil {
+		klog.Errorf("Unable to add the LocalPods auxiliary manager to the main one: %w", err)
+		os.Exit(1)
+	}
 	if err := mgr.Add(auxmgrVirtualKubeletPods); err != nil {
-		klog.Errorf("Unable to add the auxiliary manager to the main one: %w", err)
+		klog.Errorf("Unable to add the VirtualKubeletPods auxiliary manager to the main one: %w", err)
+		os.Exit(1)
+	}
+	if err := mgr.Add(auxmgrExtNetworkPods); err != nil {
+		klog.Errorf("Unable to add the ExternalNetworkPods auxiliary manager to the main one: %w", err)
 		os.Exit(1)
 	}
 
@@ -626,11 +656,25 @@ func main() {
 			klog.Errorf("Unable to start the ipReconciler", err)
 			os.Exit(1)
 		}
+
 		cfgr := configurationcontroller.NewConfigurationReconciler(mgr.GetClient(), mgr.GetScheme(), mgr.GetEventRecorderFor("configuration-controller"))
 		if err = cfgr.SetupWithManager(mgr); err != nil {
 			klog.Errorf("unable to create controller ConfigurationReconciler: %s", err)
 			os.Exit(1)
 		}
+
+		wgServerRec := wggatewaycontrollers.NewWgGatewayServerReconciler(
+			mgr.GetClient(), mgr.GetScheme(), auxmgrExtNetworkPods.GetClient())
+		if err = wgServerRec.SetupWithManager(mgr); err != nil {
+			klog.Errorf("Unable to start the WgGatewayServerReconciler", err)
+			os.Exit(1)
+		}
+
+		wgClientRec := wggatewaycontrollers.NewWgGatewayClientReconciler(mgr.GetClient(), mgr.GetScheme())
+		if err = wgClientRec.SetupWithManager(mgr); err != nil {
+			klog.Errorf("Unable to start the WgGatewayClientReconciler", err)
+			os.Exit(1)
+		}
 	}
 
 	klog.Info("starting manager as controller manager")

deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayclients.yaml

@@ -8585,12 +8585,8 @@ spec:
                     - template
                     type: object
                 type: object
-              mtu:
-                description: MTU specifies the MTU of the tunnel.
-                type: integer
             required:
             - deployment
-            - mtu
             type: object
           status:
             description: WgGatewayClientStatus defines the observed state of WgGatewayClient.

deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayservers.yaml

@@ -8585,9 +8585,6 @@ spec:
                     - template
                     type: object
                 type: object
-              mtu:
-                description: MTU specifies the MTU of the tunnel.
-                type: integer
               service:
                 description: Service specifies the service template for the server.
                 properties:
@@ -8954,7 +8951,6 @@ spec:
                 type: object
             required:
             - deployment
-            - mtu
             - service
             type: object
           status:

pkg/consts/annotations.go

@@ -35,4 +35,9 @@ const (
 	// in the remote cluster. This annotation requires the API server support to be "remote" for the pod and the
 	// remote service account to be created.
 	RemoteServiceAccountNameAnnotation = "liqo.io/remote-service-account-name"
+
+	// LabelsTemplateAnnotationKey contains a cache to store labels keys that belongs to a template.
+	LabelsTemplateAnnotationKey = "liqo.io/template-labels"
+	// AnnotsTemplateAnnotationKey contains a cache to store annotations keys that belongs to a template.
+	AnnotsTemplateAnnotationKey = "liqo.io/template-annotations"
 )

pkg/consts/externalnetwork.go

@@ -0,0 +1,26 @@
+// Copyright 2019-2023 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package consts
+
+const (
+	// WgServerNameLabel is the label used to indicate the name of the WireGuard server.
+	WgServerNameLabel = "liqo.io/wg-server-name"
+	// WgClientNameLabel is the label used to indicate the name of the WireGuard client.
+	WgClientNameLabel = "liqo.io/wg-client-name"
+	// ExternalNetworkLabel is the label added to all components that belong to the external network.
+	ExternalNetworkLabel = "liqo.io/external-network"
+	// ExternalNetworkLabelValue is the value of the label added to components that belong to the external network.
+	ExternalNetworkLabelValue = "true"
+)

pkg/liqo-controller-manager/external-network/wireguard/docs.go

@@ -0,0 +1,16 @@
+// Copyright 2019-2023 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package wireguard contains the logic to manage WireGuard gateway servers and clients.
+package wireguard