mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-24 06:59:40 -05:00
Fix/bootstrapper regressions (#274)
* remove wireguard from e2e tests, conformance docs & config Signed-off-by: Fabian Kammel <fk@edgeless.systems>
This commit is contained in:
parent
e315a3b5d8
commit
a931f6692f
11
.github/actions/constellation_create/action.yml
vendored
11
.github/actions/constellation_create/action.yml
vendored
@ -20,20 +20,17 @@ inputs:
|
||||
runs:
|
||||
using: 'composite'
|
||||
steps:
|
||||
- name: Install wireguard
|
||||
run: sudo apt-get update && sudo apt-get install wireguard iproute2 jq -y
|
||||
shell: bash
|
||||
- name: Install kubectl
|
||||
run: |
|
||||
curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl
|
||||
install kubectl /usr/local/bin
|
||||
shell: bash
|
||||
- name: Install yq
|
||||
- name: Install yq jq
|
||||
run: |
|
||||
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
|
||||
sudo add-apt-repository ppa:rmescandon/yq
|
||||
sudo apt update
|
||||
sudo apt install yq -y
|
||||
sudo apt install yq jq -y
|
||||
shell: bash
|
||||
|
||||
- name: Constellation config generate
|
||||
@ -75,7 +72,3 @@ runs:
|
||||
if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi
|
||||
constellation init ${autoscale}
|
||||
shell: bash
|
||||
|
||||
- name: Configure VPN connection
|
||||
run: wg-quick up ./wg0.conf
|
||||
shell: bash
|
||||
|
10
.github/docs/README.md
vendored
10
.github/docs/README.md
vendored
@ -61,16 +61,6 @@ Then run act with the event as input:
|
||||
act -j e2e-test --eventpath event.json
|
||||
```
|
||||
|
||||
### Wireguard
|
||||
|
||||
When running actions that use Wireguard, you need to provide privileged capabilities to Docker:
|
||||
|
||||
```bash
|
||||
act --privileged
|
||||
```
|
||||
|
||||
Make sure there is no wg0 interface configured on your machine, else this will fail inside container.
|
||||
|
||||
### Authorizing GCP
|
||||
|
||||
For creating Kubernetes clusters in GCP a local copy of the service account secret is required.
|
||||
|
@ -36,7 +36,7 @@ func TestCreator(t *testing.T) {
|
||||
GCPHealthCheck: "health-check",
|
||||
GCPForwardingRule: "forwarding-rule",
|
||||
GCPFirewalls: []string{
|
||||
"bootstrapper", "wireguard", "ssh", "nodeport", "kubernetes",
|
||||
"bootstrapper", "ssh", "nodeport", "kubernetes",
|
||||
"allow-cluster-internal-tcp", "allow-cluster-internal-udp", "allow-cluster-internal-icmp",
|
||||
"allow-node-internal-tcp", "allow-node-internal-udp", "allow-node-internal-icmp",
|
||||
},
|
||||
|
@ -4,8 +4,6 @@
|
||||
|
||||
[Install & configure `gcloud` CLI](https://cloud.google.com/sdk/gcloud) for access to GCP.
|
||||
|
||||
[Install WireGuard](https://www.wireguard.com/install/) for connecting to your cluster
|
||||
|
||||
[Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) for working with Kubernetes
|
||||
|
||||
For more information [follow our documentation.](https://constellation-docs.edgeless.systems/6c320851-bdd2-41d5-bf10-e27427398692/#/getting-started/install)
|
||||
@ -18,7 +16,6 @@ These tests results were produced using Sonobuoy v0.56.4.
|
||||
```sh
|
||||
constellation create gcp 1 2 n2d-standard-2 -y
|
||||
constellation init
|
||||
wg-quick up ./wg0.conf
|
||||
export KUBECONFIG="$PWD/constellation-admin.conf"
|
||||
```
|
||||
|
||||
@ -50,7 +47,6 @@ cat plugins/e2e/results/global/junit_01.xml
|
||||
# Remove test deployments
|
||||
sonobuoy delete --wait
|
||||
# Or, shutdown cluster
|
||||
wg-quick down ./wg0.conf
|
||||
./constellation terminate
|
||||
rm constellation-mastersecret.base64
|
||||
```
|
||||
|
2
go.mod
2
go.mod
@ -33,8 +33,6 @@ replace (
|
||||
k8s.io/sample-controller => k8s.io/sample-controller v0.24.0
|
||||
)
|
||||
|
||||
replace github.com/nmiculinic/wg-quick-go v0.1.3 => github.com/katexochen/wg-quick-go v0.1.3-beta.1
|
||||
|
||||
require (
|
||||
cloud.google.com/go/compute v1.5.0
|
||||
cloud.google.com/go/iam v0.3.0
|
||||
|
@ -34,7 +34,6 @@ replace (
|
||||
|
||||
replace (
|
||||
github.com/edgelesssys/constellation => ./..
|
||||
github.com/nmiculinic/wg-quick-go v0.1.3 => github.com/katexochen/wg-quick-go v0.1.3-beta.1
|
||||
)
|
||||
|
||||
require (
|
||||
|
@ -175,13 +175,6 @@ func Default() *Config {
|
||||
IPRange: "0.0.0.0/0",
|
||||
FromPort: constants.BootstrapperPort,
|
||||
},
|
||||
{
|
||||
Name: "wireguard",
|
||||
Description: "WireGuard default port",
|
||||
Protocol: "udp",
|
||||
IPRange: "0.0.0.0/0",
|
||||
FromPort: constants.WireguardPort,
|
||||
},
|
||||
{
|
||||
Name: "ssh",
|
||||
Description: "SSH",
|
||||
|
@ -39,7 +39,6 @@ const (
|
||||
BootstrapperPort = 9000
|
||||
EnclaveSSHPort = 2222
|
||||
SSHPort = 22
|
||||
WireguardPort = 51820
|
||||
NVMEOverTCPPort = 8009
|
||||
// Default NodePort Range
|
||||
// https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||
@ -99,14 +98,6 @@ const (
|
||||
// KubernetesVersion installed by kubeadm.
|
||||
KubernetesVersion = "stable-1.23"
|
||||
KubernetesJoinTokenTTL = 15 * time.Minute
|
||||
|
||||
//
|
||||
// VPN.
|
||||
//
|
||||
|
||||
// WireguardAdminMTU is the MTU designated for the admin's WireGuard interface.
|
||||
// WireGuard doesn't support Path MTU Discovery. Thus, its default MTU can be too high on some networks.
|
||||
WireguardAdminMTU = 1300
|
||||
)
|
||||
|
||||
// VersionInfo is the version of a binary. Left as a separate variable to allow override during build.
|
||||
|
Loading…
Reference in New Issue
Block a user