Remove all vtunnel refrences

All vtunnel refrences is removed out of the code,
the guest agent now only supports the namespaced
network.

Signed-off-by: Nino Kodabande <nkodabande@suse.com>

src/go/guestagent/main.go

@@ -52,39 +52,20 @@ var (
 	containerdSock   = flag.String("containerdSock",
 		containerdSocketFile,
 		"file path for Containerd socket address")
-	vtunnelAddr             = flag.String("vtunnelAddr", vtunnelPeerAddr, "peer address for Vtunnel in IP:PORT format")
-	enablePrivilegedService = flag.Bool("privilegedService", false, "enable Privileged Service mode")
-	k8sServiceListenerAddr  = flag.String("k8sServiceListenerAddr", net.IPv4zero.String(),
+	k8sServiceListenerAddr = flag.String("k8sServiceListenerAddr", net.IPv4zero.String(),
 		"address to bind Kubernetes services to on the host, valid options are 0.0.0.0 or 127.0.0.1")
 	adminInstall = flag.Bool("adminInstall", false, "indicates if Rancher Desktop is installed as admin or not")
 	k8sAPIPort   = flag.String("k8sAPIPort", "6443",
 		"K8sAPI port number to forward to rancher-desktop wsl-proxy as a static portMapping event")
 )
 
-// Flags can only be enabled in the following combination:
-// +======================+==============================================+
-// |                      |     Default Network    | Namespaced Network  |
-// +----------------------+------------------------+---------------------+
-// |                      | Admin      | Non-Admin | Admin   | Non-Admin |
-// +======================+============+===========+=========+===========+
-// | privilegedService    | enable     | disable   | disable | disable   |
-// +----------------------+------------+-----------+---------+-----------+
-// | docker Or containerd | enable     | disable   | enable  | enable    |
-// +----------------------+------------+-----------+---------+-----------+
-// | iptables             | disable or | enable    | disable | disable   |
-// |                      | **enable   |           |         |           |
-// +----------------------+------------+-----------+---------+-----------+
-// ** iptables can be enable for the default network with admin when older
-// versions of k8s are used that do not support the service watcher API.
-
 const (
 	wslInfName             = "eth0"
 	iptablesUpdateInterval = 3 * time.Second
 	socketInterval         = 5 * time.Second
 	socketRetryTimeout     = 2 * time.Minute
 	dockerSocketFile       = "/var/run/docker.sock"
 	containerdSocketFile   = "/run/k3s/containerd/containerd.sock"
-	vtunnelPeerAddr        = "127.0.0.1:3040"
 )
 
 func main() {
@@ -131,52 +112,38 @@ func main() {
 
 	var portTracker tracker.Tracker
 
-	if *enablePrivilegedService {
-		if *vtunnelAddr == "" {
-			log.Fatal("-vtunnelAddr must be provided when -privilegedService is enabled.")
-		}
-
-		wslAddr, err := getWSLAddr(wslInfName)
+	forwarder := forwarder.NewWSLProxyForwarder("/run/wsl-proxy.sock")
+	portTracker = tracker.NewAPITracker(forwarder, tracker.GatewayBaseURL, *adminInstall)
+	// Manually register the port for K8s API, we would
+	// only want to send this manual port mapping if both
+	// of the following conditions are met:
+	// 1) if kubernetes is enabled
+	// 2) when wsl-proxy for wsl-integration is enabled
+	if *enableKubernetes {
+		port, err := nat.NewPort("tcp", *k8sAPIPort)
 		if err != nil {
-			log.Fatalf("failure getting WSL IP addresses: %v", err)
+			log.Fatalf("failed to parse port for k8s API: %v", err)
 		}
-
-		forwarder := forwarder.NewVTunnelForwarder(*vtunnelAddr)
-		portTracker = tracker.NewVTunnelTracker(forwarder, wslAddr)
-	} else {
-		forwarder := forwarder.NewWSLProxyForwarder("/run/wsl-proxy.sock")
-		portTracker = tracker.NewAPITracker(forwarder, tracker.GatewayBaseURL, *adminInstall)
-		// Manually register the port for K8s API, we would
-		// only want to send this manual port mapping if both
-		// of the following conditions are met:
-		// 1) if kubernetes is enabled
-		// 2) when wsl-proxy for wsl-integration is enabled
-		if *enableKubernetes {
-			port, err := nat.NewPort("tcp", *k8sAPIPort)
-			if err != nil {
-				log.Fatalf("failed to parse port for k8s API: %v", err)
-			}
-			k8sAPIPortMapping := types.PortMapping{
-				Remove: false,
-				Ports: nat.PortMap{
-					port: []nat.PortBinding{
-						{
-							HostIP:   "127.0.0.1",
-							HostPort: *k8sAPIPort,
-						},
+		k8sAPIPortMapping := types.PortMapping{
+			Remove: false,
+			Ports: nat.PortMap{
+				port: []nat.PortBinding{
+					{
+						HostIP:   "127.0.0.1",
+						HostPort: *k8sAPIPort,
 					},
 				},
-			}
-			if err := forwarder.Send(k8sAPIPortMapping); err != nil {
-				log.Fatalf("failed to send a static portMapping event to wsl-proxy: %v", err)
-			}
-			log.Debugf("successfully forwarded k8s API port [%s] to wsl-proxy", *k8sAPIPort)
+			},
+		}
+		if err := forwarder.Send(k8sAPIPortMapping); err != nil {
+			log.Fatalf("failed to send a static portMapping event to wsl-proxy: %v", err)
 		}
+		log.Debugf("successfully forwarded k8s API port [%s] to wsl-proxy", *k8sAPIPort)
 	}
 
 	if *enableContainerd {
 		group.Go(func() error {
-			eventMonitor, err := containerd.NewEventMonitor(*containerdSock, portTracker, *enablePrivilegedService)
+			eventMonitor, err := containerd.NewEventMonitor(*containerdSock, portTracker)
 			if err != nil {
 				return fmt.Errorf("error initializing containerd event monitor: %w", err)
 			}
@@ -220,7 +187,7 @@ func main() {
 			// of the legacy network, requiring listeners only. In listenerOnlyMode, we create
 			// TCP listeners on 127.0.0.1 to enable automatic port forwarding mechanisms,
 			// particularly in WSLv2 environments.
-			listenerOnlyMode := *enableIptables && !*enablePrivilegedService && !*adminInstall
+			listenerOnlyMode := *enableIptables && !*adminInstall
 			// Watch for kube
 			err := kube.WatchForServices(ctx,
 				*configPath,
@@ -281,28 +248,3 @@ func tryConnectAPI(ctx context.Context, socketFile string, verify func(context.C
 		}
 	}
 }
-
-// Gets the wsl interface address by doing a lookup by name
-// for wsl we do a lookup for 'eth0'.
-func getWSLAddr(infName string) ([]types.ConnectAddrs, error) {
-	inf, err := net.InterfaceByName(infName)
-	if err != nil {
-		return nil, err
-	}
-
-	addrs, err := inf.Addrs()
-	if err != nil {
-		return nil, err
-	}
-
-	connectAddrs := make([]types.ConnectAddrs, 0)
-
-	for _, addr := range addrs {
-		connectAddrs = append(connectAddrs, types.ConnectAddrs{
-			Network: addr.Network(),
-			Addr:    addr.String(),
-		})
-	}
-
-	return connectAddrs, nil
-}

src/go/guestagent/pkg/containerd/events.go

@@ -51,9 +51,8 @@ var (
 // EventMonitor monitors the Containerd API
 // for container events.
 type EventMonitor struct {
-	containerdClient        *containerd.Client
-	portTracker             tracker.Tracker
-	enablePrivilegedService bool
+	containerdClient *containerd.Client
+	portTracker      tracker.Tracker
 }
 
 // NewEventMonitor creates and returns a new Event Monitor for
@@ -62,17 +61,15 @@ type EventMonitor struct {
 func NewEventMonitor(
 	containerdSock string,
 	portTracker tracker.Tracker,
-	enablePrivilegedService bool,
 ) (*EventMonitor, error) {
 	client, err := containerd.New(containerdSock, containerd.WithDefaultNamespace(containerdNamespace.Default))
 	if err != nil {
 		return nil, err
 	}
 
 	return &EventMonitor{
-		containerdClient:        client,
-		portTracker:             portTracker,
-		enablePrivilegedService: enablePrivilegedService,
+		containerdClient: client,
+		portTracker:      portTracker,
 	}, nil
 }
 
@@ -294,13 +291,6 @@ func (e *EventMonitor) updateListener(
 	portMappings nat.PortMap,
 	action func(context.Context, net.IP, int) error,
 ) {
-	// Only create listeners for the default network when the PrivilegedService is enabled.
-	// Otherwise, creating listeners can conflict with the proxy listeners that are created
-	// by the namespaced network’s port exposing API.
-	if !e.enablePrivilegedService {
-		return
-	}
-
 	for _, portBindings := range portMappings {
 		for _, portBinding := range portBindings {
 			port, err := strconv.Atoi(portBinding.HostPort)

src/go/guestagent/pkg/forwarder/vtunnel.go

@@ -1,5 +1,5 @@
 /*
-Copyright © 2022 SUSE LLC
+Copyright © 2024 SUSE LLC
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
@@ -12,47 +12,17 @@ limitations under the License.
 */
 
 // Package forwarder implements a forwarding mechanism to forward
-// port mappings over Vtunnel.
+// port mappings over the network.
 package forwarder
 
 import (
-	"encoding/json"
-	"net"
-
 	"github.com/rancher-sandbox/rancher-desktop/src/go/guestagent/pkg/types"
 )
 
 // Forwarder is the interface that wraps the Send method which
 // to forward the port mappings.
 type Forwarder interface {
-	// Send sends the give port mappings to the VTunnel Peer via
+	// Send sends the give port mappings to the Peer via
 	// a tcp connection.
 	Send(portMapping types.PortMapping) error
 }
-
-// VTunnelForwarder forwards the PortMappings to VTunnel Peer process.
-type VTunnelForwarder struct {
-	peerAddr string
-}
-
-func NewVTunnelForwarder(peerAddr string) *VTunnelForwarder {
-	return &VTunnelForwarder{
-		peerAddr: peerAddr,
-	}
-}
-
-// Send forwards the port mappings to Vtunnel Peer.
-func (v *VTunnelForwarder) Send(portMapping types.PortMapping) error {
-	conn, err := net.Dial("tcp", v.peerAddr)
-	if err != nil {
-		return err
-	}
-	defer conn.Close()
-
-	err = json.NewEncoder(conn).Encode(portMapping)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}

src/go/guestagent/pkg/kube/watcher_linux.go

@@ -13,12 +13,6 @@ limitations under the License.
 
 // Package kube watches Kubernetes for NodePort and LoadBalancer service types.
 // It exposes the services as follows:
-// - [default network - admin install]: It uses vtunnel tracker to forward the
-// port mappings to the host in conjunction with the automatic port forwarding
-// mechanism that is found in WSLv2.
-// - [default network - non-admin install]: It creates TCP listeners on 127.0.0.1,
-// so that it can be picked up by the automatic port forwarding mechanisms found
-// in WSLv2 on the default network with the non-admin install.
 // - [namespaced network - admin install]: It uses API tracker to expose the ports
 // on the host through host-switch.exe
 // - [namespaced network - non-admin install]: It uses API tracker to expose the ports

src/go/guestagent/pkg/tracker/apitracker_test.go

@@ -23,6 +23,7 @@ import (
 	"github.com/containers/gvisor-tap-vsock/pkg/types"
 	"github.com/docker/go-connections/nat"
 	"github.com/rancher-sandbox/rancher-desktop/src/go/guestagent/pkg/tracker"
+	guestagentType "github.com/rancher-sandbox/rancher-desktop/src/go/guestagent/pkg/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -620,3 +621,21 @@ func TestNonAdminInstall(t *testing.T) {
 func ipPortBuilder(ip, port string) string {
 	return ip + ":" + port
 }
+
+type testForwarder struct {
+	receivedPortMappings []guestagentType.PortMapping
+	sendErr              error
+	failCondition        func(guestagentType.PortMapping) error
+}
+
+func (v *testForwarder) Send(portMapping guestagentType.PortMapping) error {
+	if v.failCondition != nil {
+		if err := v.failCondition(portMapping); err != nil {
+			return err
+		}
+	}
+
+	v.receivedPortMappings = append(v.receivedPortMappings, portMapping)
+
+	return v.sendErr
+}