Feature: Edge gateway automatically obtains public IP

[a516664625]

边缘节点在无法连接公网环境下，是没办法通过 https://api.ipify.org 这些地址获取公网ip的 而每个边缘的gw写上public太过麻烦，wiregurd与libreswan都支持自动获取建立vpn隧道的endpoint 也就是public ip ,所以去掉对public ip 的强依赖

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 35.63%. Comparing base (fa158b9) to head (823982a).
Report is 3 commits behind head on main.

❗ Current head 823982a differs from pull request most recent head 7e8a0b8. Consider uploading reports for the commit 7e8a0b8 to get more accurate results

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #170   +/-   ##
=======================================
  Coverage   35.63%   35.63%           
=======================================
  Files          12       12           
  Lines        1476     1476           
=======================================
  Hits          526      526           
  Misses        842      842           
  Partials      108      108           

Flag	Coverage Δ
unittests	35.63% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rambohe-ch]

@njucjc @River-sh PTAL

[njucjc]

边缘节点在无法连接公网环境下，是没办法通过 https://api.ipify.org 这些地址获取公网ip的 而每个边缘的gw写上public太过麻烦，wiregurd与libreswan都支持自动获取建立vpn隧道的endpoint 也就是public ip ,所以去掉对public ip 的强依赖

@a516664625 这块有e2e测试的结果么，另外只看到对wireguard的改动，libreswan似乎没改

[a516664625]

@njucjc 如下在填写边缘gw的时候 不写public ip vpn 隧道仍然建立成功，libreswan 的代码我看是支持 不写public ip的，因为在创建 隧道时 host 使用 了 any

[root@deepflow ~]# kubectl get gw -o yaml edge-a
apiVersion: raven.openyurt.io/v1beta1
kind: Gateway
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"raven.openyurt.io/v1alpha1","kind":"Gateway","metadata":{"annotations":{},"name":"edge-a"},"spec":{"endpoints":[{"nodeName":"ghi","underNAT":true}]}}
creationTimestamp: "2024-04-01T08:52:49Z"
generation: 2
name: edge-a
resourceVersion: "2574874"
uid: 46fff4e8-a2ea-4b7d-8514-81ed18b54c5f
spec:
endpoints:

• config:
  publicKey: p19RK4tfDp+/ED5RrbUK/HBczxfCIIkanKO6dpV6SDY=
  nodeName: ghi
  port: 4500
  type: tunnel
  underNAT: true
  nodeSelector:
  matchLabels:
  raven.openyurt.io/gateway: edge-a
  proxyConfig:
  Replicas: 1
  tunnelConfig:
  Replicas: 1
  status:
  activeEndpoints:
• config:
  enable-l3-tunnel: "true"
  publicKey: p19RK4tfDp+/ED5RrbUK/HBczxfCIIkanKO6dpV6SDY=
  nodeName: ghi
  port: 4500
  type: tunnel
  underNAT: true
  nodes:
• nodeName: ghi
  privateIP: 192.168.10.254
  subnets:
  • 10.233.66.0/24

[River-sh]

@YTGhost Nat穿越在没有publicIP的时候是否可行？

[njucjc]

这里是不是加下判断，只边缘gateway不强制要求public ip

[YTGhost]

@a516664625 目前测试的场景是云端deepflow节点与边缘ghi节点之间建立云边隧道，云端设置了publicIP，边缘节点没有设置publicIP吗？

[YTGhost]

@YTGhost Nat穿越在没有publicIP的时候是否可行？

我理解边与边两节点之间至少得有一边知道对面的publicIP

[River-sh]

如果NAT穿越必须得知道边缘侧网关的publicip则在开启NAT穿越的时候必须获取边缘侧的publicIP