Description:

Currently, InterLink provides a wstunnel feature to enable secure port exposure for offloaded pods running containers with exposed ports (https://interlink-project.dev/docs/next/guides/wstunnel-configuration). This approach allows external access to pod services without requiring a traditional VPN connection.
As part of this mechanism, InterLink deploys a shadow pod alongside the original pod. This shadow pod acts as a proxy endpoint for network traffic and handles the wstunnel connection.
However, in its current state, the shadow pod only supports port exposure through wstunnel and does not provide full bidirectional connectivity between offloaded pods and in-cluster pods.
To extend this capability, a possible solution could be the integration of WireGuard into the shadow pod, enabling it to participate in a full mesh network among all pods (both offloaded and local).

Goal:
Enhance the current shadow pod logic so that:

• The shadow pod runs WireGuard over an existing wstunnel connection.

• VK automatically handles the setup and configuration of the WireGuard interfaces and keys.

• InterLink is extended to support this setup by modifying the wstunnel command to properly establish the WireGuard connection through the tunnel.