Feature: Edge gateway automatically obtains public IP

边缘节点在无法连接公网环境下，是没办法通过 https://api.ipify.org 这些地址获取公网ip的而每个边缘的gw写上public太过麻烦，wiregurd与libreswan都支持自动获取建立vpn隧道的endpoint
openyurtio · Apr 2, 2024 · 823982a · 823982a
1 parent a826b83
commit 823982a
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 18 deletions.
diff --git a/pkg/networkengine/vpndriver/wireguard/wireguard.go b/pkg/networkengine/vpndriver/wireguard/wireguard.go
@@ -275,15 +275,19 @@ func (w *wireguard) createEdgeConnections(desiredEdgeConns map[string]*vpndriver
 		} else {
 			remotePort = newConn.RemoteEndpoint.PublicPort
 		}
+		var endpoint *net.UDPAddr
+		if newConn.RemoteEndpoint.PublicIP != "" {
+			endpoint = &net.UDPAddr{
+				IP: net.ParseIP(newConn.RemoteEndpoint.PublicIP),
+				Port: remotePort,
+			}
+		}
 		peerConfigs = append(peerConfigs, wgtypes.PeerConfig{
 			PublicKey:    *newKey,
 			Remove:       false,
 			UpdateOnly:   false,
 			PresharedKey: &w.psk,
-			Endpoint: &net.UDPAddr{
-				IP:   net.ParseIP(newConn.RemoteEndpoint.PublicIP),
-				Port: remotePort,
-			},
+			Endpoint: endpoint,
 
 			PersistentKeepaliveInterval: &ka,
 			ReplaceAllowedIPs:           true,

diff --git a/pkg/tunnelengine/tunnelagent.go b/pkg/tunnelengine/tunnelagent.go
@@ -89,18 +89,16 @@ func (c *TunnelHandler) Handler() error {
 		// try to update public IP if empty.
 		gw := &gws.Items[i]
 		if ep := getTunnelActiveEndpoints(gw); ep != nil {
-			if ep.PublicIP == "" || c.natTraversal && (ep.NATType == "" || ep.PublicPort == 0 && ep.NATType != utils.NATSymmetric) {
-				if ep.PublicIP == "" {
-					if err := c.configGatewayPublicIP(gw); err != nil {
-						klog.ErrorS(err, "error config gateway public ip", "gateway", klog.KObj(gw))
-					}
+			if ep.PublicIP == "" {
+				if err := c.configGatewayPublicIP(gw); err != nil {
+					// output only error messages, without skipping
+					klog.ErrorS(err, "error config gateway public ip", "gateway", klog.KObj(gw))
 				}
-				if c.natTraversal && (ep.NATType == "" || ep.PublicPort == 0 && ep.NATType != utils.NATSymmetric) {
-					if err := c.configGatewayStunInfo(gw); err != nil {
-						klog.ErrorS(err, "error config gateway stun info", "gateway", klog.KObj(gw))
-					}
+			}
+			if c.natTraversal && (ep.NATType == "" || ep.PublicPort == 0 && ep.NATType != utils.NATSymmetric) {
+				if err := c.configGatewayStunInfo(gw); err != nil {
+					klog.ErrorS(err, "error config gateway stun info", "gateway", klog.KObj(gw))
 				}
-				continue
 			}
 		}
 		if !c.shouldHandleGateway(gw) {
@@ -212,10 +210,6 @@ func (c *TunnelHandler) shouldHandleGateway(gateway *v1beta1.Gateway) bool {
 		klog.InfoS("no active endpoint , waiting for sync", "gateway", klog.KObj(gateway))
 		return false
 	}
-	if ep.PublicIP == "" {
-		klog.InfoS("no public IP for gateway, waiting for sync", "gateway", klog.KObj(gateway))
-		return false
-	}
 	if c.natTraversal {
 		if ep.NATType == "" {
 			klog.InfoS("no nat type for gateway, waiting for sync", "gateway", klog.KObj(gateway))