Southbound driver for vpn backends #374
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alacuku
force-pushed
the
kcl/networkDriver
branch
from
1d13616
to
d6f7125
Compare
alacuku
changed the title
alacuku
force-pushed
the
kcl/networkDriver
branch
from
d6f7125
to
859695b
Compare
alacuku
force-pushed
the
kcl/networkDriver
branch
from
859695b
to
3c15e82
Compare
alacuku
force-pushed
the
kcl/networkDriver
branch
20 times, most recently
from
afbbce3
to
67d2fcf
Compare
alacuku
force-pushed
the
kcl/networkDriver
branch
from
bdc7395
to
d8d1697
Compare
alacuku
force-pushed
the
kcl/networkDriver
branch
13 times, most recently
from
7b7bcc1
to
08db765
Compare
- southbound driver to handle vpn connections - implementation of driver using WireGuard - overlay network using vpn connections from hosts to gateway pod - add support for generic vpn backends into the networkconfigs and tunnelendpoints CRDs REFACTORING: - renamed tunnel-operator to liqo-gateway - renamed route-operator to liqo-route
alacuku
force-pushed
the
kcl/networkDriver
branch
from
08db765
to
b5d3473
Compare
alacuku
changed the title
palexster
approved these changes
Dec 21, 2020
|
/merge |
adamjensenbot
added
the
merge-requested
adamjensenbot
removed
the
merge-requested
alacuku
added
documentation
kind/feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Liqo-Gateway
The tunnel-operator has been renamed to liqo-gateway. It handles the VPN connections to remote peers through a southbound driver, an interface which defines a set of methods. The solution is flexible and separates the underlying VPN technology from the operator's business core logic. Based on the information of the tunnelendpoints.net.liqo.io resource the correct implementation of the driver is called to establish the VPN connection hence for different peering clusters different VPN backends can be used. A first implementation of the drives is done for the WireGuard VPN.
Further more the vpn network interface does not live on the host's network namespace where the pod runs but in the pod's network namespace. Not being bound anymore to a specific host, and not running in the host's network, nodePorts/loadBalancers services are used to expose the VPN endpoint to the remote peering clusters. Here are the features introduced for the liqo-gateway by this PR:
Liqo-Route
The route-operator has been renamed to liqo-route. The operator has been simplified since the NAT configuration has been moved to liqo-gateway. The VxLAN approach used before to connect the nodes to the gateway has been changed since it presented limitations with the new architecture where the gateway has been moved to a separate namespace. Each host establishes a VPN connection to the the liqo-gateway in order to route network traffic to remote services. Other than configure the overlay network the operator handles the routing rules on each host for the remote peers.