1 package relay
2
3 import (
4 "context"
5 "fmt"
6 "net"
7
8 corev1 "k8s.io/api/core/v1"
9 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
10 "sigs.k8s.io/controller-runtime/pkg/client"
11
12 "edge-infra.dev/pkg/sds/remoteaccess/constants"
13 wg "edge-infra.dev/pkg/sds/remoteaccess/wireguard"
14 secrets "edge-infra.dev/pkg/sds/remoteaccess/wireguard/secret"
15 "edge-infra.dev/pkg/sds/remoteaccess/wireguard/store"
16 )
17
18 type Relay struct {
19 *wg.Instance
20 }
21
22
23 var relayInterfaceConfig = `[Interface]
24 ListenPort = 51820
25 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
26 PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
27 `
28
29
30 func Get(ctx context.Context, c client.Client) (*Relay, error) {
31 wg, err := wg.GetInstance(ctx, c, constants.RelayName, "cluster-infra", nil)
32 return &Relay{Instance: wg}, err
33 }
34
35 func (r *Relay) UpdateWireguardSecret(ctx context.Context, c client.Client, subnetCIDR *net.IPNet, clientIP net.IP, clientPublicKey string, storeConfigs map[string]*store.Store) error {
36 secret := r.GenerateConfigurationSecret(subnetCIDR, clientIP, clientPublicKey, storeConfigs)
37 return secrets.CreateOrPatchSecret(ctx, c, secret)
38 }
39
40 func (r *Relay) GenerateConfigurationSecret(subnetCIDR *net.IPNet, clientIP net.IP, clientPublicKey string, storeConfigs map[string]*store.Store) *corev1.Secret {
41 wg0ConfigString := r.wg0ConfigString(subnetCIDR, clientIP, clientPublicKey, storeConfigs)
42 return &corev1.Secret{
43 ObjectMeta: metav1.ObjectMeta{
44 Namespace: constants.VPNNamespace,
45 Name: constants.RelayName,
46 },
47 StringData: map[string]string{constants.WireguardSecretField: wg0ConfigString},
48 }
49 }
50
51
52 func (r *Relay) wg0ConfigString(subnetCIDR *net.IPNet, clientIPAddress net.IP, clientPublicKey string, storeConfigs map[string]*store.Store) string {
53 interfaceConfigString := r.interfaceConfigString(subnetCIDR)
54 peerConfigString := r.peerConfigString(clientIPAddress, clientPublicKey, storeConfigs)
55 return interfaceConfigString + peerConfigString
56 }
57
58 func (r *Relay) interfaceConfigString(subnetCIDR *net.IPNet) string {
59 return fmt.Sprintf(
60 "%sAddress = %s\nPrivateKey = %s\nMTU = %s\n",
61 relayInterfaceConfig,
62 subnetCIDR.String(),
63 r.GetPrivateKey(),
64 constants.MTU,
65 )
66 }
67
68 func (r *Relay) peerConfigString(clientIP net.IP, clientPublicKey string, storeConfigs map[string]*store.Store) string {
69 peerConfigString := fmt.Sprintf("\n[Peer]\n# friendly_json={\"cluster_name\":\"cluster_infra\"}\nAllowedIPs = %s/32\nPublicKey = %s\n", clientIP, clientPublicKey)
70 for _, storeConfig := range storeConfigs {
71 if storeConfig.IsEnabled {
72 peerConfigString = fmt.Sprintf(
73 "%s\n[Peer]\n# friendly_json={\"cluster_name\":\"%s\",\"cluster\":\"%s\",\"vpn_enabled\":\"%t\"}\nAllowedIPs = %s/32\nPublicKey = %s\n",
74 peerConfigString,
75 storeConfig.ClusterName,
76 storeConfig.ClusterEdgeID,
77 storeConfig.IsEnabled,
78 storeConfig.GetIPAddress(),
79 storeConfig.GetPublicKey(),
80 )
81 }
82 }
83 return peerConfigString
84 }
85
View as plain text