Replace actor eth0 move with veth networking

[Eitan Yarmush (EItanya)]

Fixes #122

Summary

This replaces the ateom-gvisor networking path that moved the worker pod's Kubernetes-provided eth0 into the actor/gVisor network namespace.

Instead, the worker pod keeps its real eth0, and ateom-gvisor creates a point-to-point veth pair between the worker pod namespace and the actor namespace. The actor-side peer is renamed to eth0, receives the actor-side address, and uses the worker-side veth as its default gateway.

The PR also adds temporary nftables compatibility rules so existing inbound and outbound behavior continues to work while preserving the worker pod's own network connectivity.

Why

Moving the pod's real eth0 makes the worker pod lose normal Kubernetes network connectivity while an actor is active. That blocks pod-local networking components, including the planned transparent egress capture and AgentGateway integration, because those components remain in the worker pod namespace while actor traffic leaves through an interface that was moved elsewhere.

Keeping eth0 in the worker pod namespace gives Substrate a stable worker-owned networking boundary for future transparent egress policy enforcement.

Validation

• go test ./cmd/ateom-gvisor ./cmd/atelet ./internal/ateompath ./internal/controllers
• go test ./cmd/ateom-gvisor ./internal/serverboot
• NO_DEV_ENV=true BUCKET_NAME=ate-snapshots KO_DOCKER_REPO=localhost:5001 KUBECTL_CONTEXT=kind-kind ./hack/run-e2e.sh ./internal/e2e/suites/demo -run TestDemo3 -count=1

Checklist

• Tests pass
• Appropriate changes to documentation are included in the PR

[Taahir Ahmed (ahmedtd)]

Nit: can you put the programs for each chain right below the corresponding chain definition?

[Taahir Ahmed (ahmedtd)]

Nit: You can use ptr.To: https://pkg.go.dev/k8s.io/utils/ptr#To

[Taahir Ahmed (ahmedtd)]

Can you leave a few TODOs here:

• We need to handle inbound UDP as well (actors may run QUIC servers).
• We need to handle multiple, configurable inbound ports. (I think maybe that will require multiple rules on the prerouting chain? Or maybe a more complicated rule that tests against multiple ports).

[Benjamin Elder (BenTheElder)]

We could instead DNAT the IP without filtering on ports and avoid the port config, since we don't need network traffic except for the actor currently.

EDIT: Spoke with Taahir, let's not :-)

[Taahir Ahmed (ahmedtd)]

This is really the only part that needs to be done on run / restore, I think, since gVisor wipes the routes from the links in the interior namespace. Everything else could be done on startup, at the same time we create the namespace.

(Except, eventually, I guess we will have per-actor egress rules we also program into nftables, so maybe wiping everything on each run makes more sense)

[Eitan Yarmush (EItanya)]

Agreed, but this also depends on the outcome of #123 and how the different ateom-* conversation plays out. Either way I think it's ok for now

[Taahir Ahmed (ahmedtd)]

This is unused.

[Benjamin Elder (BenTheElder)]

... Have we decided to use AgentGateway? cc Bowei Du (@bowei)

AFAICT this is the first reference in this project.

[Eitan Yarmush (EItanya)]

This was a mistaken comment, I will fix. My agent decided to hallucinate a bit based on previous stuff I was doing.

[Benjamin Elder (BenTheElder)]

needs a make update or the LICENSES script

thanks for working on this :-)