threefoldtech
Investigate if we can proxy gateway into private networks
Currently the playground seems to deploy in a way such that gateways and workloads are connected over yggdrasil. I assume because there is no (easy?) way to proxy from the gateway into the private network. Since yggdrasil has pretty bad performance, we should see if it is possible to use private networks instead.
In V2, gateways used to support the wireguard private network, however, in V3 it was moved to Yggdrasil as per kds's request. Also, are we sure that ygg is having a bad performance, or are we using poor peers list?
Currently using wireguard with the gateway is not supported. I didn't give it enough thought, but it shouldn't be impossible to implement. I am think if we made the user network deploy on the gateway node, then the private workload should be reachable, then we need to figure out how to route the traffic from the public namespace where the gateway lives, to the user private network. May be a helper proxy process that uses unix socket and lives in the user network can do that (nc command already supports this - not sure about the zos version since it's a busybox impl-)
I made a post about this on the forums, its pretty long so i wont move it over but its under yggdrasil nodes. I think if we were to deploy HAproxy within zos we could properly route public traffic to multiple nodes that have a private ip by creating a forwarder that will either choose what node to pass traffic to by port or use sni to address by service name.
Since we've established that performance on Yggdrasil is out of our control and we aren't currently pursuing replacing it with a more performant solution, I think we should revisit this feature as something to potentially prioritize.
