Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backend/extension: Add Wireguard configuration #898

Merged
merged 1 commit into from
Dec 13, 2017
Merged

backend/extension: Add Wireguard configuration #898

merged 1 commit into from
Dec 13, 2017

Conversation

tomdee
Copy link
Contributor

@tomdee tomdee commented Dec 7, 2017

This PR adds

  • the wireguard tools to the flannel container images (~0.1MB
    size increase)
  • an example extensions config
  • a one-line change to extension.go to pass in the flannel network

The tests are commented out since they won't pass unless the wireguard
kernel module is loaded.

@tomdee tomdee mentioned this pull request Dec 7, 2017
Closed
@klausenbusk
Copy link

Nice work :) A bit sad though that installing the Wireguard kernel module on CoreOS is a mess.

klausenbusk
klausenbusk reviewed Dec 8, 2017
View reviewed changes
dist/extension-wireguard Outdated
"Backend": {
"Type": "extension",
"PreStartupCommand": "wg genkey | tee privatekey | wg pubkey",
"PostStartupCommand": "export SUBNET_IP=`echo $SUBNET | cut -d'/' -f 1`; ip link del flannel-wg 2>/dev/null; ip link add flannel-wg type wireguard && wg set flannel-wg listen-port 8285 private-key privatekey && ip addr add $SUBNET_IP/32 dev flannel-wg && ip link set flannel-wg up && ip route add $NETWORK dev flannel-wg",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why port 8285 and not 51820 (which is the default WG port (?))?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed 51820 is preferred.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I'll update the port.

@zx2c4
Copy link

zx2c4 commented Dec 9, 2017

Great to hear you all are adding WireGuard support to CoreOS. Let me know if I can be of any assistance.

@tomdee tomdee force-pushed the wireguard-extension branch 2 times, most recently from a9dd403 to f6a0fd5 Compare December 13, 2017 00:49
@tomdee
backend/extension: Add Wireguard configuration
0641140 
This PR adds
- the wireguard tools to the flannel container images (~0.1MB
size increase)
- an example extensions config
- a one-line change to extension.go to pass in the flannel network

The tests are commented out since they won't pass unless the wireguard
kernel module is loaded.
@tomdee tomdee force-pushed the wireguard-extension branch from f6a0fd5 to 0641140 Compare December 13, 2017 01:00
@tomdee tomdee merged commit a5b458b into flannel-io:master Dec 13, 2017
@tomdee tomdee deleted the wireguard-extension branch December 13, 2017 01:02
@eranreshef
Copy link

I have a question that might be a bit silly but I hope you'll forgive since I'm new in this:
If I deployed the latest flanneld image in my k8s cluster, is there something special I need to do in order to "activate" wireguard? If not, how can I tell if its running?
Thanks.

@tomdee
Copy link
Contributor Author

tomdee commented Jan 15, 2018

@eranreshef This wireguard config isn't in a release yet, so unless you really know what you're doing I wouldn't recommend it! If you need more help then maybe swing by the #flannel channel on the calico users slack (see contact info in the readme)

@eranreshef
Copy link

eranreshef commented Jan 16, 2018
edited
Loading

Well I'm not 100% know what I'm doing but I don't mind experimenting with this.
I deployed the latest flannel image and installed the wireguard module on the host. When the flanneld is starting it prints the following lines and exit:

I0116 14:30:01.902096       1 main.go:353] Found network config - Backend type: extension-wireguard

E0116 14:30:01.902115       1 main.go:272] Error fetching backend: unknown backend type: extension-wireguard

whats wrong here?

@tomdee
Copy link
Contributor Author

tomdee commented Jan 19, 2018

The config needs to look like this https://github.com/coreos/flannel/blob/master/dist/extension-wireguard

Hope that helps!

@eranreshef
Copy link

Yes it does. Thanks!

@pierreozoux pierreozoux mentioned this pull request Feb 23, 2018
Closed
@ghost ghost mentioned this pull request Mar 31, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klausenbusk klausenbusk klausenbusk left review comments

@zx2c4 zx2c4 zx2c4 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tomdee @klausenbusk @zx2c4 @eranreshef