Skip to content

Commit

Permalink
External Network: Wireguard Templates
Browse files Browse the repository at this point in the history
  • Loading branch information
cheina97 committed Oct 19, 2023
1 parent ba32435 commit 21312b5
Show file tree
Hide file tree
Showing 5 changed files with 215 additions and 38 deletions.
30 changes: 30 additions & 0 deletions deployments/liqo/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,36 @@ app.kubernetes.io/component: {{ quote .module }}
app.kubernetes.io/part-of: {{ quote (include "liqo.name" .) }}
{{- end }}

{{/*
Common metadata for Templates
*/}}
{{- define "liqo.metadataTemplate" -}}
name: {{ quote "{{ .Name }}" }}
namespace: {{ quote "{{ .Namespace }}" }}
labels:
{{ include "liqo.labelsTemplate" . | indent 2 }}
{{- end }}

{{/*
Common Labels for Templates
*/}}
{{- define "liqo.labelsTemplate" -}}
{{ include "liqo.selectorLabelsTemplate" . }}
helm.sh/chart: {{ quote (include "liqo.chart" .) }}
app.kubernetes.io/version: {{ quote (include "liqo.version" .) }}
app.kubernetes.io/managed-by: {{ quote .Release.Service }}
{{- end }}

{{/*
Selector labels template, it accepts a dict which contains fields "name" and "module"
*/}}
{{- define "liqo.selectorLabelsTemplate" -}}
app.kubernetes.io/name: {{ quote "{{ .Name }}" }}
app.kubernetes.io/instance: {{ quote (printf "%s-%s" .Release.Name "{{ .Name }}") }}
app.kubernetes.io/component: {{ quote .module }}
app.kubernetes.io/part-of: {{ quote (include "liqo.name" .) }}
{{- end }}

{{/*
Create a name prefixed with the chart name, it accepts a dict which contains the field "name".
*/}}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
{{- $templateConfig := (merge (dict "name" "wireguard-client" "module" "networking") .) -}}

{{- if .Values.networking.internal }}

apiVersion: networking.liqo.io/v1alpha1
kind: WgGatewayClientTemplate
metadata:
name: {{ $templateConfig.name }}
labels:
{{- include "liqo.labels" $templateConfig | nindent 4 }}
spec:
objectKind:
apiVersion: networking.liqo.io/v1alpha1
kind: WgGatewayClient
template:
metadata:
{{- include "liqo.metadataTemplate" $templateConfig | nindent 6 }}
spec:
deployment:
metadata:
{{- include "liqo.metadataTemplate" $templateConfig | nindent 10 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "liqo.labelsTemplate" $templateConfig | nindent 14 }}
template:
metadata:
{{- include "liqo.metadataTemplate" $templateConfig | nindent 14 }}
spec:
serviceAccount: "{{"{{ .Name }}"}}"
serviceAccountName: "{{"{{ .Name }}"}}"
containers:
- name: gateway
image: ghcr.io/liqotech/gateway{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
imagePullPolicy: Always
args:
- --name={{"{{ .Name }}"}}
- --namespace={{"{{ .Namespace }}"}}
- --remote-cluster-id={{"{{ .ClusterID }}"}}
- --mode=client
- --metrics-address=:8080
- --health-probe-bind-address=:8081
securityContext:
capabilities:
add:
- NET_ADMIN
- name: wireguard
image: ghcr.io/liqotech/gateway/wireguard{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
imagePullPolicy: Always
args:
- --name={{"{{ .Name }}"}}
- --namespace={{"{{ .Namespace }}"}}
- --remote-cluster-id={{"{{ .ClusterID }}"}}
- --gateway-uid={{"{{ .GatewayUID }}"}}
- --mode=client
- --mtu={{"{{ .Spec.MTU }}"}}
- --endpoint-address={{"{{ index .Spec.Endpoint.Addresses 0 }}"}}
- --endpoint-port={{"{{ .Spec.Endpoint.Port }}"}}
- --metrics-address=:8082
- --health-probe-bind-address=:8083
securityContext:
capabilities:
add:
- NET_ADMIN
{{- end }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
{{- $templateConfig := (merge (dict "name" "wireguard-server" "module" "networking") .) -}}

{{- if .Values.networking.internal }}

apiVersion: networking.liqo.io/v1alpha1
kind: WgGatewayServerTemplate
metadata:
name: {{ $templateConfig.name }}
labels:
{{- include "liqo.labels" $templateConfig | nindent 4 }}
spec:
objectKind:
apiVersion: networking.liqo.io/v1alpha1
kind: WgGatewayServer
template:
metadata:
{{- include "liqo.metadataTemplate" $templateConfig | nindent 6 }}
spec:
service:
metadata:
{{- include "liqo.metadataTemplate" $templateConfig | nindent 12 }}
spec:
selector:
{{- include "liqo.labelsTemplate" $templateConfig | nindent 12 }}
type: "{{"{{ .Spec.Endpoint.ServiceType }}"}}"
ports:
- port: "{{"{{ .Spec.Endpoint.Port }}"}}"
protocol: UDP
targetPort: "{{"{{ .Spec.Endpoint.Port }}"}}"
deployment:
metadata:
{{- include "liqo.metadataTemplate" $templateConfig | nindent 10 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "liqo.labelsTemplate" $templateConfig | nindent 14 }}
template:
metadata:
{{- include "liqo.metadataTemplate" $templateConfig | nindent 14 }}
spec:
serviceAccount: "{{"{{ .Name }}"}}"
serviceAccountName: "{{"{{ .Name }}"}}"
containers:
- name: gateway
image: ghcr.io/liqotech/gateway{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
imagePullPolicy: Always
args:
- --name={{"{{ .Name }}"}}
- --namespace={{"{{ .Namespace }}"}}
- --remote-cluster-id={{"{{ .ClusterID }}"}}
- --mode=server
- --metrics-address=:8080
- --health-probe-bind-address=:8081
securityContext:
capabilities:
add:
- NET_ADMIN
- name: wireguard
image: ghcr.io/liqotech/gateway/wireguard{{ include "liqo.suffix" $templateConfig }}:{{ include "liqo.version" $templateConfig }}
imagePullPolicy: Always
args:
- --name={{"{{ .Name }}"}}
- --namespace={{"{{ .Namespace }}"}}
- --remote-cluster-id={{"{{ .ClusterID }}"}}
- --gateway-uid={{"{{ .GatewayUID }}"}}
- --mode=server
- --mtu={{"{{ .Spec.MTU }}"}}
- --listen-port={{"{{ .Spec.Endpoint.Port }}"}}
- --metrics-address=:8082
- --health-probe-bind-address=:8083
securityContext:
capabilities:
add:
- NET_ADMIN
{{- end }}

Original file line number Diff line number Diff line change
Expand Up @@ -148,16 +148,10 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne
if !ok {
return fmt.Errorf("unable to get the template of the client template")
}
objectTemplateMetadataInt, ok := objectTemplate["metadata"].(map[string]interface{})
objectTemplateMetadata, ok := objectTemplate["metadata"].(map[string]interface{})
if !ok {
return fmt.Errorf("unable to get the metadata of the client template")
}
objectTemplateMetadata := metav1.ObjectMeta{
Name: enutils.GetValueOrDefault(objectTemplateMetadataInt, "name", gwClient.Name),
Namespace: enutils.GetValueOrDefault(objectTemplateMetadataInt, "namespace", gwClient.Namespace),
Labels: enutils.TranslateMap(objectTemplateMetadataInt["labels"]),
Annotations: enutils.TranslateMap(objectTemplateMetadataInt["annotations"]),
}
objectTemplateSpec, ok := objectTemplate["spec"].(map[string]interface{})
if !ok {
return fmt.Errorf("unable to get the spec of the client template")
Expand All @@ -167,10 +161,21 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne
GroupVersion().WithResource(enutils.KindToResource(objectKind.Kind))).
Namespace(gwClient.Namespace), gwClient.Name, func(obj *unstructured.Unstructured) error {
obj.SetGroupVersionKind(objectKind.GroupVersionKind())
obj.SetName(gwClient.Name)
obj.SetNamespace(gwClient.Namespace)
obj.SetLabels(labels.Merge(objectTemplateMetadata.Labels, labels.Set{consts.RemoteClusterID: remoteClusterID}))
obj.SetAnnotations(objectTemplateMetadata.Annotations)

td := templateData{
Spec: gwClient.Spec,
Name: gwClient.Name,
Namespace: gwClient.Namespace,
GatewayUID: string(gwClient.UID),
ClusterID: remoteClusterID,
}

meta, err := enutils.RenderTemplate(objectTemplateMetadata, td)
if err != nil {
return fmt.Errorf("unable to render the template metadata: %w", err)
}
obj.Object["metadata"] = meta

obj.SetOwnerReferences([]metav1.OwnerReference{
{
APIVersion: gwClient.APIVersion,
Expand All @@ -180,15 +185,12 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne
Controller: pointer.Bool(true),
},
})
spec, err := enutils.RenderTemplate(objectTemplateSpec, templateData{
Spec: gwClient.Spec,
Name: gwClient.Name,
Namespace: gwClient.Namespace,
GatewayUID: string(gwClient.UID),
ClusterID: remoteClusterID,
})

obj.SetLabels(labels.Merge(obj.GetLabels(), labels.Set{consts.RemoteClusterID: remoteClusterID}))

spec, err := enutils.RenderTemplate(objectTemplateSpec, td)
if err != nil {
return fmt.Errorf("unable to render the template: %w", err)
return fmt.Errorf("unable to render the template spec: %w", err)
}
obj.Object["spec"] = spec
return nil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -148,16 +148,10 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw
if !ok {
return fmt.Errorf("unable to get the template of the server template")
}
objectTemplateMetadataInt, ok := objectTemplate["metadata"].(map[string]interface{})
objectTemplateMetadata, ok := objectTemplate["metadata"].(map[string]interface{})
if !ok {
return fmt.Errorf("unable to get the metadata of the server template")
}
objectTemplateMetadata := metav1.ObjectMeta{
Name: enutils.GetValueOrDefault(objectTemplateMetadataInt, "name", server.Name),
Namespace: enutils.GetValueOrDefault(objectTemplateMetadataInt, "namespace", server.Namespace),
Labels: enutils.TranslateMap(objectTemplateMetadataInt["labels"]),
Annotations: enutils.TranslateMap(objectTemplateMetadataInt["annotations"]),
}
objectTemplateSpec, ok := objectTemplate["spec"].(map[string]interface{})
if !ok {
return fmt.Errorf("unable to get the spec of the server template")
Expand All @@ -167,10 +161,21 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw
GroupVersion().WithResource(enutils.KindToResource(objectKind.Kind))).
Namespace(server.Namespace), server.Name, func(obj *unstructured.Unstructured) error {
obj.SetGroupVersionKind(objectKind.GroupVersionKind())
obj.SetName(server.Name)
obj.SetNamespace(server.Namespace)
obj.SetLabels(labels.Merge(objectTemplateMetadata.Labels, labels.Set{consts.RemoteClusterID: remoteClusterID}))
obj.SetAnnotations(objectTemplateMetadata.Annotations)

td := templateData{
Spec: server.Spec,
Name: server.Name,
Namespace: server.Namespace,
GatewayUID: string(server.UID),
ClusterID: remoteClusterID,
}

metadata, err := enutils.RenderTemplate(objectTemplateMetadata, td)
if err != nil {
return fmt.Errorf("unable to render the template metadata: %w", err)
}
obj.Object["metadata"] = metadata

obj.SetOwnerReferences([]metav1.OwnerReference{
{
APIVersion: server.APIVersion,
Expand All @@ -180,15 +185,12 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw
Controller: pointer.Bool(true),
},
})
spec, err := enutils.RenderTemplate(objectTemplateSpec, templateData{
Spec: server.Spec,
Name: server.Name,
Namespace: server.Namespace,
GatewayUID: string(server.UID),
ClusterID: remoteClusterID,
})

obj.SetLabels(labels.Merge(obj.GetLabels(), labels.Set{consts.RemoteClusterID: remoteClusterID}))

spec, err := enutils.RenderTemplate(objectTemplateSpec, td)
if err != nil {
return fmt.Errorf("unable to render the template: %w", err)
return fmt.Errorf("unable to render the template spec: %w", err)
}
obj.Object["spec"] = spec
return nil
Expand Down

0 comments on commit 21312b5

Please sign in to comment.