WIP tun interface redirect port

go.mod

@@ -3,7 +3,9 @@ module sigs.k8s.io/cloud-provider-kind
 go 1.21
 
 require (
+	github.com/google/go-cmp v0.6.0
 	github.com/pkg/errors v0.9.1
+	golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173
 	k8s.io/api v0.29.3
 	k8s.io/apimachinery v0.29.3
 	k8s.io/apiserver v0.29.3
@@ -33,7 +35,6 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/safetext v0.0.0-20240104143208-7a7d9b3d812f // indirect
 	github.com/google/uuid v1.6.0 // indirect
@@ -60,6 +61,7 @@ require (
 	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
+	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect

go.sum

@@ -42,6 +42,8 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
+github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
 github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@@ -188,6 +190,10 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
+golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
+golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 h1:/jFs0duh4rdb8uIfPMv78iAJGcPKDeqAFnaLBropIC4=
+golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173/go.mod h1:tkCQ4FQXmpAgYVh++1cq16/dH4QJtmvpRv19DWGAHSA=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
 google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
@@ -205,6 +211,8 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ=
+gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY=
 k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
 k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
 k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=

pkg/container/container.go

@@ -1,11 +1,13 @@
 package container
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 	"os/exec"
 	"strings"
 
+	"k8s.io/klog/v2"
 	kindexec "sigs.k8s.io/kind/pkg/exec"
 )
 
@@ -114,6 +116,56 @@ func IPs(name string) (ipv4 string, ipv6 string, err error) {
 	return ips[0], ips[1], nil
 }
 
+// return a list with the map of the internal port to the external port
+func PortMaps(name string) (map[string]string, error) {
+	// retrieve the IP address of the node using docker inspect
+	cmd := kindexec.Command(containerRuntime, "inspect",
+		"-f", "docker inspect --format='{{ json .NetworkSettings.Ports }}",
+		name, // ... against the "node" container
+	)
+
+	lines, err := kindexec.OutputLines(cmd)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get container details: %w", err)
+	}
+	if len(lines) != 1 {
+		return nil, fmt.Errorf("file should only be one line, got %d lines: %w", len(lines), err)
+	}
+
+	type portMapping struct {
+		HostPort string `json:"HostPort"`
+		HostIP   string `json:"HostIp"`
+	}
+
+	portMappings := make(map[string][]portMapping)
+	err := json.Unmarshal([]byte(lines[0]), &portMappings)
+	if err != nil {
+		return nil, err
+	}
+
+	result := map[string]string{}
+	for k, v := range portMappings {
+		protocol := "tcp"
+		parts := strings.Split(k, "/")
+		if len(parts) == 2 {
+			protocol = strings.ToLower(parts[1])
+		}
+		if protocol != "tcp" {
+			klog.Infof("skipping protocol %s not supported, only TCP", protocol)
+			continue
+		}
+
+		// TODO we just can get the first entry or look for ip families
+		for _, pm := range v {
+			if pm.HostPort != "" {
+				result[parts[0]] = pm.HostPort
+				break
+			}
+		}
+	}
+
+}
+
 func ListByLabel(label string) ([]string, error) {
 	cmd := kindexec.Command(containerRuntime,
 		"ps",

pkg/loadbalancer/server.go

@@ -13,6 +13,7 @@ import (
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/cloud-provider-kind/pkg/constants"
 	"sigs.k8s.io/cloud-provider-kind/pkg/container"
+	"sigs.k8s.io/cloud-provider-kind/pkg/tunnel"
 )
 
 type Server struct {
@@ -117,14 +118,14 @@ func (s *Server) EnsureLoadBalancerDeleted(ctx context.Context, clusterName stri
 
 // loadbalancer name is a unique name for the loadbalancer container
 func loadBalancerName(clusterName string, service *v1.Service) string {
-	hash := sha256.Sum256([]byte(loadBalancerSimpleName(clusterName, service)))
+	hash := sha256.Sum256([]byte(LoadBalancerSimpleName(clusterName, service)))
 	encoded := base32.StdEncoding.EncodeToString(hash[:])
 	name := constants.ContainerPrefix + "-" + encoded[:40]
 
 	return name
 }
 
-func loadBalancerSimpleName(clusterName string, service *v1.Service) string {
+func LoadBalancerSimpleName(clusterName string, service *v1.Service) string {
 	return clusterName + "-" + service.Namespace + "-" + service.Name
 }
 
@@ -143,7 +144,7 @@ func createLoadBalancer(clusterName string, service *v1.Service, image string) e
 		// label the node with the cluster ID
 		"--label", fmt.Sprintf("%s=%s", constants.NodeCCMLabelKey, clusterName),
 		// label the node with the load balancer name
-		"--label", fmt.Sprintf("%s=%s", constants.NodeNameLabelKey, loadBalancerSimpleName(clusterName, service)),
+		"--label", fmt.Sprintf("%s=%s", constants.NodeNameLabelKey, LoadBalancerSimpleName(clusterName, service)),
 		// user a user defined docker network so we get embedded DNS
 		"--net", networkName,
 		"--init=false",
@@ -160,9 +161,21 @@ func createLoadBalancer(clusterName string, service *v1.Service, image string) e
 		"--sysctl=net.ipv6.conf.all.disable_ipv6=0", // enable IPv6
 		"--sysctl=net.ipv6.conf.all.forwarding=1",   // allow ipv6 forwarding
 		"--sysctl=net.ipv4.conf.all.rp_filter=0",    // disable rp filter
-		image,
 	}
 
+	if tunnel.NeedsTunnel() {
+		// Forward the Service Ports to the host so they are accessible on Mac and Windows
+		for _, port := range service.Spec.Ports {
+			if port.Protocol != v1.ProtocolTCP {
+				continue
+			}
+			args = append(args, fmt.Sprintf("--publish=%d/%s", port.Port, "TCP"))
+		}
+		// Publish all ports in the host in random ports
+		args = append(args, fmt.Sprintf("--publish-all"))
+	}
+
+	args = append(args, image)
 	err := container.Create(name, args)
 	if err != nil {
 		return fmt.Errorf("failed to create continers %s %v: %w", name, args, err)