fix: ignore failures to dial wireguard client

This is required when running Talos in a container when host OS kernel
doesn't have support for Wireguard.

The failure is deferred so that controller actually fails when it needs
the wireguard client, but if wireguard is not used, controller continues
running.

This should fix errors when running Talos on Docker/WSL:

```
[talos] 2022/05/11 08:52:28 controller failed {"component": "controller-runtime", "controller": "network.LinkStatusController", "error": "error creating wireguard client: setsockopt: protocol not available"}
[talos] 2022/05/11 08:50:48 controller failed {"component": "controller-runtime", "controller": "kubespan.ManagerController", "error": "error creating wireguard client: setsockopt: protocol not available"}
[talos] 2022/05/11 08:50:32 controller failed {"component": "controller-runtime", "controller": "network.LinkSpecController", "error": "error creating wireguard client: setsockopt: protocol not available"}
```

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>

internal/app/machined/pkg/controllers/kubespan/manager.go

@@ -133,12 +133,13 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
 		ctrl.PeerReconcileInterval = DefaultPeerReconcileInterval
 	}
 
-	wgClient, err := ctrl.WireguardClientFactory()
-	if err != nil {
-		return fmt.Errorf("error creating wireguard client: %w", err)
-	}
+	var wgClient WireguardClient
 
-	defer wgClient.Close() //nolint:errcheck
+	defer func() {
+		if wgClient != nil {
+			wgClient.Close() //nolint:errcheck
+		}
+	}()
 
 	var rulesMgr RulesManager
 
@@ -207,6 +208,13 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
 			continue
 		}
 
+		if wgClient == nil {
+			wgClient, err = ctrl.WireguardClientFactory()
+			if err != nil {
+				return fmt.Errorf("error creating wireguard client: %w", err)
+			}
+		}
+
 		if ticker == nil {
 			ticker = time.NewTicker(ctrl.PeerReconcileInterval)
 			tickerC = ticker.C

internal/app/machined/pkg/controllers/network/link_spec.go

@@ -75,11 +75,11 @@ func (ctrl *LinkSpecController) Run(ctx context.Context, r controller.Runtime, l
 
 	wgClient, err := wgctrl.New()
 	if err != nil {
-		return fmt.Errorf("error creating wireguard client: %w", err)
+		logger.Warn("error creating wireguard client", zap.Error(err))
+	} else {
+		defer wgClient.Close() //nolint:errcheck
 	}
 
-	defer wgClient.Close() //nolint:errcheck
-
 	for {
 		select {
 		case <-ctx.Done():
@@ -394,6 +394,10 @@ func (ctrl *LinkSpecController) syncLink(ctx context.Context, r controller.Runti
 
 		// sync wireguard settings
 		if link.TypedSpec().Kind == network.LinkKindWireguard {
+			if wgClient == nil {
+				return fmt.Errorf("wireguard client not available, cannot configure wireguard link %q", link.TypedSpec().Name)
+			}
+
 			wgDev, err := wgClient.Device(link.TypedSpec().Name)
 			if err != nil {
 				return fmt.Errorf("error getting wireguard settings for %q: %w", link.TypedSpec().Name, err)

internal/app/machined/pkg/controllers/network/link_status.go

@@ -89,11 +89,11 @@ func (ctrl *LinkStatusController) Run(ctx context.Context, r controller.Runtime,
 
 	wgClient, err := wgctrl.New()
 	if err != nil {
-		return fmt.Errorf("error creating wireguard client: %w", err)
+		logger.Warn("error creating wireguard client", zap.Error(err))
+	} else {
+		defer wgClient.Close() //nolint:errcheck
 	}
 
-	defer wgClient.Close() //nolint:errcheck
-
 	for {
 		select {
 		case <-ctx.Done():
@@ -236,6 +236,10 @@ func (ctrl *LinkStatusController) reconcile(ctx context.Context, r controller.Ru
 					logger.Warn("failure decoding bond attributes", zap.Error(err), zap.String("link", link.Attributes.Name))
 				}
 			case network.LinkKindWireguard:
+				if wgClient == nil {
+					return fmt.Errorf("wireguard client not available, but wireguard interface was discovered: %q", link.Attributes.Name)
+				}
+
 				var wgDev *wgtypes.Device
 
 				wgDev, err = wgClient.Device(link.Attributes.Name)