Fix/bootstrapper regressions (#274)

* remove wireguard from e2e tests, conformance docs & config Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2024-09-19 15:56:03 +00:00 · 2022-07-15 11:53:14 +02:00 · 2022-07-15 11:53:14 +02:00 · a931f6692f
commit a931f6692f
parent e315a3b5d8
8 changed files with 3 additions and 43 deletions
--- a/.github/actions/constellation_create/action.yml
+++ b/.github/actions/constellation_create/action.yml
@ -20,20 +20,17 @@ inputs:
 runs:
  using: 'composite'
  steps:
-  - name: Install wireguard
-    run: sudo apt-get update && sudo apt-get install wireguard iproute2 jq -y
-    shell: bash
  - name: Install kubectl
    run: |
      curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl
      install kubectl /usr/local/bin
    shell: bash
-  - name: Install yq
+  - name: Install yq jq
    run: |
      sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
      sudo add-apt-repository ppa:rmescandon/yq
      sudo apt update
-      sudo apt install yq -y
+      sudo apt install yq jq -y
    shell: bash

  - name: Constellation config generate
@ -75,7 +72,3 @@ runs:
      if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi
      constellation init ${autoscale}
    shell: bash
-
-  - name: Configure VPN connection
-    run: wg-quick up ./wg0.conf
-    shell: bash
--- a/.github/docs/README.md
+++ b/.github/docs/README.md
@ -61,16 +61,6 @@ Then run act with the event as input:
 act -j e2e-test --eventpath event.json
 ```

-### Wireguard
-
-When running actions that use Wireguard, you need to provide privileged capabilities to Docker:
-
-```bash
-act --privileged
-```
-
-Make sure there is no wg0 interface configured on your machine, else this will fail inside container.
-
 ### Authorizing GCP

 For creating Kubernetes clusters in GCP a local copy of the service account secret is required.
--- a/cli/internal/cloudcmd/create_test.go
+++ b/cli/internal/cloudcmd/create_test.go
@ -36,7 +36,7 @@ func TestCreator(t *testing.T) {
 		GCPHealthCheck:                  "health-check",
 		GCPForwardingRule:               "forwarding-rule",
 		GCPFirewalls: []string{
-			"bootstrapper", "wireguard", "ssh", "nodeport", "kubernetes",
+			"bootstrapper", "ssh", "nodeport", "kubernetes",
 			"allow-cluster-internal-tcp", "allow-cluster-internal-udp", "allow-cluster-internal-icmp",
 			"allow-node-internal-tcp", "allow-node-internal-udp", "allow-node-internal-icmp",
 		},
--- a/conformance/README.md
+++ b/conformance/README.md
@ -4,8 +4,6 @@

 [Install & configure `gcloud` CLI](https://cloud.google.com/sdk/gcloud) for access to GCP.

-[Install WireGuard](https://www.wireguard.com/install/) for connecting to your cluster
-
 [Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) for working with Kubernetes

 For more information [follow our documentation.](https://constellation-docs.edgeless.systems/6c320851-bdd2-41d5-bf10-e27427398692/#/getting-started/install)
@ -18,7 +16,6 @@ These tests results were produced using Sonobuoy v0.56.4.
 ```sh
 constellation create gcp 1 2 n2d-standard-2 -y
 constellation init
-wg-quick up ./wg0.conf
 export KUBECONFIG="$PWD/constellation-admin.conf"
 ```

@ -50,7 +47,6 @@ cat plugins/e2e/results/global/junit_01.xml
 # Remove test deployments
 sonobuoy delete --wait
 # Or, shutdown cluster
-wg-quick down ./wg0.conf
 ./constellation terminate
 rm constellation-mastersecret.base64
 ```
--- a/go.mod
+++ b/go.mod
@ -33,8 +33,6 @@ replace (
 	k8s.io/sample-controller => k8s.io/sample-controller v0.24.0
 )

-replace github.com/nmiculinic/wg-quick-go v0.1.3 => github.com/katexochen/wg-quick-go v0.1.3-beta.1
-
 require (
 	cloud.google.com/go/compute v1.5.0
 	cloud.google.com/go/iam v0.3.0
--- a/hack/go.mod
+++ b/hack/go.mod
@ -34,7 +34,6 @@ replace (

 replace (
 	github.com/edgelesssys/constellation => ./..
-	github.com/nmiculinic/wg-quick-go v0.1.3 => github.com/katexochen/wg-quick-go v0.1.3-beta.1
 )

 require (
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -175,13 +175,6 @@ func Default() *Config {
 				IPRange:     "0.0.0.0/0",
 				FromPort:    constants.BootstrapperPort,
 			},
-			{
-				Name:        "wireguard",
-				Description: "WireGuard default port",
-				Protocol:    "udp",
-				IPRange:     "0.0.0.0/0",
-				FromPort:    constants.WireguardPort,
-			},
 			{
 				Name:        "ssh",
 				Description: "SSH",
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@ -39,7 +39,6 @@ const (
 	BootstrapperPort = 9000
 	EnclaveSSHPort   = 2222
 	SSHPort          = 22
-	WireguardPort    = 51820
 	NVMEOverTCPPort  = 8009
 	// Default NodePort Range
 	// https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
@ -99,14 +98,6 @@ const (
 	// KubernetesVersion installed by kubeadm.
 	KubernetesVersion      = "stable-1.23"
 	KubernetesJoinTokenTTL = 15 * time.Minute
-
-	//
-	// VPN.
-	//
-
-	// WireguardAdminMTU is the MTU designated for the admin's WireGuard interface.
-	// WireGuard doesn't support Path MTU Discovery. Thus, its default MTU can be too high on some networks.
-	WireguardAdminMTU = 1300
 )

 // VersionInfo is the version of a binary. Left as a separate variable to allow override during build.