initial commit of kubewire

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @steved

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: daily
+    groups:
+      dependencies:
+        patterns:
+          - "*"

.github/workflows/main.yml

@@ -0,0 +1,150 @@
+name: Test and Publish Image
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '*'
+  pull_request:
+
+env:
+  GO_VERSION: "1.23"
+  BUILD_PLATFORMS: linux/amd64,linux/arm64
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Build
+        run: make build
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.60
+
+      - name: Unit test
+        run: make test
+
+      - run: Check for git changes
+        run: git diff --exit-code || { echo "Make sure to commit doc changes"; exit 1 }
+
+  publish:
+    runs-on: ubuntu-latest
+
+    needs: test
+
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Don't use merge ref to ensure sha- image tag is accurate
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to quay.io
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+
+      - id: meta
+        name: Extract Docker metadata
+        uses: docker/metadata-action@v5
+        env:
+          DOCKER_METADATA_PR_HEAD_SHA: "true"
+        with:
+          images: |
+            ghcr.io/cerebrotech/k8s-fwd
+            quay.io/domino/wg
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha
+
+      - name: Go build cache for Docker
+        uses: actions/cache@v4
+        with:
+          path: go-build-cache
+          key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum', 'Dockerfile') }}
+
+      - name: inject go-build-cache into docker
+        uses: reproducible-containers/buildkit-cache-dance@v3
+        with:
+          cache-map: |
+            {
+              "go-build-cache": "/root/.cache/go-build"
+            }
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          provenance: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.BUILD_PLATFORMS }}
+          cache-from: type=gha, scope=${{ github.job }}
+          cache-to: type=gha, scope=${{ github.job }}
+
+  release:
+    runs-on: ubuntu-latest
+
+    needs: publish
+
+    permissions:
+      contents: write
+
+    if: ${{ startsWith(github.ref, 'refs/tags/') }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: '~> v2'
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,3 @@
+.idea/
+.bin/
+dist/

.golangci.yaml

@@ -0,0 +1,40 @@
+run:
+  timeout: 10m
+
+linters-settings:
+  misspell:
+    locale: US
+
+linters:
+  disable-all: true
+  enable:
+    # defaults
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    # extra
+    - bodyclose
+    - containedctx
+    - contextcheck
+    - copyloopvar
+    - dogsled
+    - durationcheck
+    - gofmt
+    - goimports
+    - loggercheck
+    - misspell
+    - nilerr
+    - nilnil
+    - nosprintfhostport
+    - prealloc
+    - predeclared
+    - reassign
+    - revive
+    - unconvert
+    - unparam
+    - wastedassign
+    - whitespace
+    - wsl

.goreleaser.yaml

@@ -0,0 +1,30 @@
+version: 2
+
+before:
+  hooks:
+    - make tidy
+
+builds:
+  - id: k8s-fwd
+    binary: k8s-fwd
+    ldflags:
+      - -s -w
+      - -X github.com/cerebrotech/k8s-fwd/pkg/config.Version={{ .Version }}
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+
+archives:
+  - format: tar.gz
+    name_template: '{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}'
+
+changelog:
+  sort: asc
+
+release:
+  mode: replace

Dockerfile

@@ -0,0 +1,27 @@
+FROM --platform=$BUILDPLATFORM cgr.dev/chainguard/go:latest-dev AS builder
+
+WORKDIR /src
+
+ARG ldflags
+ARG TARGETOS TARGETARCH
+
+RUN --mount=target=. \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
+    go build -trimpath -ldflags "${ldflags} -extldflags '-static'" -o /out/kubewire .
+
+FROM cgr.dev/chainguard/wolfi-base
+WORKDIR /
+
+RUN apk add --no-cache \
+      curl \
+      iproute2 \
+      iptables \
+      iputils \
+      net-tools \
+      wireguard-tools
+
+COPY --from=builder /out/kubewire .
+
+ENTRYPOINT ["/kubewire", "agent"]

LICENSE

@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,54 @@
+GOENV := CGO_ENABLED=0
+GO    := $(GOENV) go
+SHELL := /bin/bash
+
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+GOOS=$(shell go env GOOS)
+GOARCH=$(shell go env GOARCH)
+
+BIN ?= kubewire
+
+BIN_DIR ?= $(shell pwd)/.bin
+$(BIN_DIR):
+	@mkdir -p $(BIN_DIR)
+
+.PHONY: build
+build: docgen
+	$(GO) build -o $(BIN_DIR)/$(BIN) .
+
+docker:
+	docker build . \
+		-t ghcr.io/steved/kubewire:latest \
+		--platform linux/amd64 --push
+
+.PHONY: test
+test:
+	$(GO) test -v -timeout=5m ./...
+
+.PHONY: docgen
+docgen:
+	rm -r ./docs/*
+	$(GO) run main.go docgen
+
+ifeq (,$(shell command -v golangci-lint))
+GOLANGCI_LINT=$(GO) run github.com/golangci/golangci-lint/cmd/[email protected]
+else
+GOLANGCI_LINT=golangci-lint
+endif
+
+.PHONY: lint
+lint:
+	$(GOLANGCI_LINT) run
+
+.PHONY: tidy
+tidy:
+	@rm -f go.sum; go mod tidy
+
+.DEFAULT_GOAL:=help
+help: ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)