External Network: connection controller

.github/dependabot.yml

@@ -36,6 +36,11 @@ updates:
       interval: "daily"
 
   - package-ecosystem: "docker"
-    directory: "/build/gateway/tunnel/wireguard"
+    directory: "/build/gateway"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "docker"
+    directory: "/build/gateway/wireguard"
     schedule:
       interval: "daily"

.github/workflows/integration.yml

@@ -12,7 +12,6 @@ on:
     types:
       - test-command
       - build-command
-
 jobs:
   configure:
     name: Preliminary configuration
@@ -90,6 +89,7 @@ jobs:
         - metric-agent
         - telemetry
         - proxy
+        - gateway
         - gateway/wireguard
     steps:
       - name: Set up QEMU

build/gateway/Dockerfile

@@ -0,0 +1,20 @@
+FROM golang:1.21 as goBuilder
+WORKDIR /tmp/builder
+
+COPY go.mod ./go.mod
+COPY go.sum ./go.sum
+RUN  go mod download
+
+COPY . ./
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=$(go env GOARCH) go build -ldflags="-s -w" ./cmd/gateway
+
+
+FROM alpine:3.18
+
+RUN apk update && \
+    apk add iptables bash tcpdump conntrack-tools curl iputils && \
+    rm -rf /var/cache/apk/*
+
+COPY --from=goBuilder /tmp/builder/gateway /usr/bin/liqo-gateway
+
+ENTRYPOINT [ "/usr/bin/liqo-gateway" ]

cmd/gateway/main.go

@@ -0,0 +1,135 @@
+// Copyright 2019-2023 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package wireguard contains the logic to configure the Wireguard interface.
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/tools/leaderelection/resourcelock"
+	"k8s.io/klog/v2"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client/config"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+
+	networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"
+	"github.com/liqotech/liqo/pkg/gateway"
+	"github.com/liqotech/liqo/pkg/gateway/connection"
+	flagsutils "github.com/liqotech/liqo/pkg/utils/flags"
+	"github.com/liqotech/liqo/pkg/utils/mapper"
+	"github.com/liqotech/liqo/pkg/utils/restcfg"
+)
+
+var (
+	addToSchemeFunctions = []func(*runtime.Scheme) error{
+		networkingv1alpha1.AddToScheme,
+	}
+	options = gateway.NewOptions()
+)
+
+func main() {
+	var cmd = cobra.Command{
+		Use:  "liqo-gateway",
+		RunE: run,
+	}
+
+	legacyflags := flag.NewFlagSet("legacy", flag.ExitOnError)
+	restcfg.InitFlags(legacyflags)
+	klog.InitFlags(legacyflags)
+	flagsutils.FromFlagToPflag(legacyflags, cmd.Flags())
+
+	gateway.InitFlags(cmd.Flags(), options)
+	if err := gateway.MarkFlagsRequired(&cmd); err != nil {
+		klog.Error(err)
+		os.Exit(1)
+	}
+
+	connection.InitFlags(cmd.Flags())
+	if err := connection.MarkFlagsRequired(&cmd); err != nil {
+		klog.Error(err)
+		os.Exit(1)
+	}
+
+	if err := cmd.Execute(); err != nil {
+		klog.Error(err)
+		os.Exit(1)
+	}
+}
+
+func run(_ *cobra.Command, _ []string) error {
+	var err error
+	ctx := ctrl.SetupSignalHandler()
+	scheme := runtime.NewScheme()
+
+	// Adds the APIs to the scheme.
+	for _, addToScheme := range addToSchemeFunctions {
+		if err = addToScheme(scheme); err != nil {
+			return fmt.Errorf("unable to add scheme: %w", err)
+		}
+	}
+
+	// Set controller-runtime logger.
+	log.SetLogger(klog.NewKlogr())
+
+	// Get the rest config.
+	cfg := config.GetConfigOrDie()
+
+	// Create the manager.
+	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
+		MapperProvider:         mapper.LiqoMapperProvider(scheme),
+		Scheme:                 scheme,
+		Namespace:              options.Namespace,
+		MetricsBindAddress:     "0", // Metrics are exposed by "connection" container.
+		HealthProbeBindAddress: options.ProbeAddr,
+		LeaderElection:         options.LeaderElection,
+		LeaderElectionID: fmt.Sprintf(
+			"%s.%s.%s.connections.liqo.io",
+			options.Name, options.Namespace, options.Mode,
+		),
+		LeaderElectionNamespace:       options.Namespace,
+		LeaderElectionReleaseOnCancel: true,
+		LeaderElectionResourceLock:    resourcelock.LeasesResourceLock,
+		LeaseDuration:                 &options.LeaderElectionLeaseDuration,
+		RenewDeadline:                 &options.LeaderElectionRenewDeadline,
+		RetryPeriod:                   &options.LeaderElectionRetryPeriod,
+	})
+	if err != nil {
+		return fmt.Errorf("unable to create manager: %w", err)
+	}
+
+	// Setup the controller.
+	connr, err := connection.NewConnectionsReconciler(
+		ctx,
+		mgr.GetClient(),
+		mgr.GetScheme(),
+		mgr.GetEventRecorderFor("connections-controller"),
+		options,
+	)
+	if err != nil {
+		return fmt.Errorf("unable to create connectioons reconciler: %w", err)
+	}
+
+	// Setup the controller.
+	if err = connr.SetupWithManager(mgr); err != nil {
+		return fmt.Errorf("unable to setup connections reconciler: %w", err)
+	}
+
+	// Start the manager.
+	return mgr.Start(ctx)
+}

cmd/gateway/wireguard/main.go

@@ -34,7 +34,7 @@ import (
 
 	ipamv1alpha1 "github.com/liqotech/liqo/apis/ipam/v1alpha1"
 	networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"
-	"github.com/liqotech/liqo/pkg/gateway/tunnel/common"
+	"github.com/liqotech/liqo/pkg/gateway"
 	"github.com/liqotech/liqo/pkg/gateway/tunnel/wireguard"
 	flagsutils "github.com/liqotech/liqo/pkg/utils/flags"
 	"github.com/liqotech/liqo/pkg/utils/mapper"
@@ -47,7 +47,7 @@ var (
 		networkingv1alpha1.AddToScheme,
 		ipamv1alpha1.AddToScheme,
 	}
-	options = wireguard.NewOptions()
+	options = wireguard.NewOptions(gateway.NewOptions())
 )
 
 func main() {
@@ -61,6 +61,7 @@ func main() {
 	klog.InitFlags(legacyflags)
 	flagsutils.FromFlagToPflag(legacyflags, cmd.Flags())
 
+	gateway.InitFlags(cmd.Flags(), options.GwOptions)
 	wireguard.InitFlags(cmd.Flags(), options)
 	if err := wireguard.MarkFlagsRequired(&cmd, options); err != nil {
 		klog.Error(err)
@@ -103,20 +104,20 @@ func run(cmd *cobra.Command, _ []string) error {
 	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
 		MapperProvider:         mapper.LiqoMapperProvider(scheme),
 		Scheme:                 scheme,
-		Namespace:              options.Namespace,
-		MetricsBindAddress:     options.MetricsAddress,
-		HealthProbeBindAddress: options.ProbeAddr,
-		LeaderElection:         options.LeaderElection,
+		Namespace:              options.GwOptions.Namespace,
+		MetricsBindAddress:     options.GwOptions.MetricsAddress,
+		HealthProbeBindAddress: options.GwOptions.ProbeAddr,
+		LeaderElection:         options.GwOptions.LeaderElection,
 		LeaderElectionID: fmt.Sprintf(
 			"%s.%s.%s.wgtunnel.liqo.io",
-			wireguard.GenerateResourceName(options.Name), options.Namespace, options.Mode,
+			gateway.GenerateResourceName(options.GwOptions.Name), options.GwOptions.Namespace, options.GwOptions.Mode,
 		),
-		LeaderElectionNamespace:       options.Namespace,
+		LeaderElectionNamespace:       options.GwOptions.Namespace,
 		LeaderElectionReleaseOnCancel: true,
 		LeaderElectionResourceLock:    resourcelock.LeasesResourceLock,
-		LeaseDuration:                 &options.LeaderElectionLeaseDuration,
-		RenewDeadline:                 &options.LeaderElectionRenewDeadline,
-		RetryPeriod:                   &options.LeaderElectionRetryPeriod,
+		LeaseDuration:                 &options.GwOptions.LeaderElectionLeaseDuration,
+		RenewDeadline:                 &options.GwOptions.LeaderElectionRenewDeadline,
+		RetryPeriod:                   &options.GwOptions.LeaderElectionRetryPeriod,
 	})
 	if err != nil {
 		return fmt.Errorf("unable to create manager: %w", err)
@@ -134,7 +135,7 @@ func run(cmd *cobra.Command, _ []string) error {
 	}
 
 	dnsChan := make(chan event.GenericEvent)
-	if options.Mode == common.ModeClient {
+	if options.GwOptions.Mode == gateway.ModeClient {
 		if wireguard.IsDNSRoutineRequired(options) {
 			go wireguard.StartDNSRoutine(cmd.Context(), dnsChan, options)
 			klog.Infof("Starting DNS routine: resolving the endpoint address every %s", options.DNSCheckInterval.String())

cmd/liqonet/gateway-operator.go

@@ -34,7 +34,7 @@ import (
 
 	tunneloperator "github.com/liqotech/liqo/internal/liqonet/tunnel-operator"
 	liqoconst "github.com/liqotech/liqo/pkg/consts"
-	"github.com/liqotech/liqo/pkg/liqonet/conncheck"
+	"github.com/liqotech/liqo/pkg/gateway/connection/conncheck"
 	liqonetns "github.com/liqotech/liqo/pkg/liqonet/netns"
 	liqonetutils "github.com/liqotech/liqo/pkg/liqonet/utils"
 	"github.com/liqotech/liqo/pkg/liqonet/utils/links"

deployments/liqo/files/liqo-gateway-ClusterRole.yaml

@@ -12,10 +12,30 @@ rules:
 - apiGroups:
   - networking.liqo.io
   resources:
-  - publickeys
+  - connections
   verbs:
   - create
   - delete
   - get
   - list
   - update
+  - watch
+- apiGroups:
+  - networking.liqo.io
+  resources:
+  - connections/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - networking.liqo.io
+  resources:
+  - publickeies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch

internal/liqonet/tunnel-operator/tunnel-operator.go

@@ -41,7 +41,7 @@ import (
 
 	netv1alpha1 "github.com/liqotech/liqo/apis/net/v1alpha1"
 	liqoconst "github.com/liqotech/liqo/pkg/consts"
-	"github.com/liqotech/liqo/pkg/liqonet/conncheck"
+	"github.com/liqotech/liqo/pkg/gateway/connection/conncheck"
 	"github.com/liqotech/liqo/pkg/liqonet/iptables"
 	liqonetns "github.com/liqotech/liqo/pkg/liqonet/netns"
 	liqorouting "github.com/liqotech/liqo/pkg/liqonet/routing"