refactor(relay): fail if eBPF offloading is requested but fails (#8656)

It happens a bunch of times to me during testing that I'd forget to set
the right interface onto which the eBPF kernel should be loaded and was
wondering why it didn't work. Defaulting to `eth0` wasn't a very smart
decision because it means users cannot disable the eBPF kernel at all
(other than via the feature-flag).

It makes more sense to default to not loading the program at all AND
hard-fail if we are requested to load it but cannot. This allows us to
catch configuration errors early.

rust/relay/server/src/main.rs

@@ -82,9 +82,11 @@ struct Args {
     #[arg(long, env, hide = true)]
     google_cloud_project_id: Option<String>,
 
-    /// Which interface to load the eBPF program onto.
-    #[arg(long, env, hide = true, default_value = "eth0")]
-    primary_interface: String,
+    /// Enable offloading of TURN traffic to an eBPF program.
+    ///
+    /// Requires the name of the network interface the XDP program should be loaded onto.
+    #[arg(long, env, hide = true)]
+    ebpf_offloading: Option<String>,
 
     #[command(flatten)]
     health_check: http_health_check::HealthCheckArgs,
@@ -136,9 +138,12 @@ fn main() {
 async fn try_main(args: Args) -> Result<()> {
     setup_tracing(&args)?;
 
-    let mut ebpf = ebpf::Program::try_load(&args.primary_interface)
-        .inspect_err(|e| tracing::info!("Failed to load eBPF TURN router: {e:#}"))
-        .ok();
+    let mut ebpf = args
+        .ebpf_offloading
+        .as_deref()
+        .map(ebpf::Program::try_load)
+        .transpose()
+        .context("Failed to load eBPF TURN router")?;
 
     if let Some(ebpf) = ebpf.as_mut() {
         ebpf.set_config(Config {

terraform/modules/google-cloud/apps/relay/main.tf

@@ -48,6 +48,10 @@ locals {
     {
       name  = "FIREZONE_API_URL"
       value = var.api_url
+    },
+    {
+      name  = "EBPF_OFFLOADING"
+      value = "eth0"
     }
   ], var.application_environment_variables)
 }