Development discussion of WireGuard
 help / color / mirror / Atom feed
* Interface not deleted in kubernetes
@ 2022-05-05 19:32 Nico Schottelius
  0 siblings, 0 replies; only message in thread
From: Nico Schottelius @ 2022-05-05 19:32 UTC (permalink / raw)
  To: wireguard


Hello,

I am not sure if I am off-topic here, but I am not sure where to best
raise this issue. The situation is: if I start a Pod in Kubernetes that
uses the ungleich-wireguard:0.0.5 [0] container, which is basically
using this script [1] I am able to get the following output:

--------------------------------------------------------------------------------
[21:29] blind:~% kubectl -n test logs -f wireguard-7cf446469-gmkvd
+ wg show
interface: clients
  public key: 5QzByP8MnQyR7seJWJyiP6fFHn5OnkPI+O0WAuYoLko=
  private key: (hidden)
  listening port: 51820

peer: fnIGys3sZKfyjSA7oXw891IOxuuRi7yYM6tihNG+1WA=
  allowed ips: 10.0.0.2/32
+ wg-quick up /etc/wireguard/clients.conf
Warning: `/etc/wireguard/..2022_05_05_19_29_32.4005058985/clients.conf' is world accessible
wg-quick: `clients' already exists
+ exit 1
[21:29] blind:~%
--------------------------------------------------------------------------------

As the pod/container are freshly created, I assume that the "clients"
interface is a leftover from a previous run of that container. Which
brings me to the real questions:

  Are wireguard interfaces

      a) Not contained in a container?
      b) Not destroyed if the container is destroyed?

As containers are namespaced, I would have expected the device to die
with the container, but I even cleared the full deployment and get this
error again.

My logical understand would be that the interface should be destroyed if
the container exits, however the output implies that this is not the
case.

Any pointers in this direction are very welcome.

Best regards,

Nico

[0]
https://hub.docker.com/layers/ungleich-wireguard/ungleich/ungleich-wireguard/0.0.5/images/sha256-cf50085115df1f686509288375349ce61cc4ef06a06c940cf7cbd9041a6d9ef6?context=explore

[1]
--------------------------------------------------------------------------------
#!/bin/sh

set -x

# Ensure everything is clean / show prior state
wg show

# Start all definitions
for conf in /etc/wireguard/*.conf; do
    # Try to up and if any tunnel fails -> exit
    wg-quick up "$conf" || exit 1
done

# Debug output
while true; do
    wg show
    sleep 300
done
--------------------------------------------------------------------------------


--
Sustainable and modern Infrastructures by ungleich.ch

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-05-05 19:38 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-05 19:32 Interface not deleted in kubernetes Nico Schottelius

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).