diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml index efc1492fd..5c067413d 100644 --- a/.github/actions/constellation_create/action.yml +++ b/.github/actions/constellation_create/action.yml @@ -20,20 +20,17 @@ inputs: runs: using: 'composite' steps: - - name: Install wireguard - run: sudo apt-get update && sudo apt-get install wireguard iproute2 jq -y - shell: bash - name: Install kubectl run: | curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl install kubectl /usr/local/bin shell: bash - - name: Install yq + - name: Install yq jq run: | sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64 sudo add-apt-repository ppa:rmescandon/yq sudo apt update - sudo apt install yq -y + sudo apt install yq jq -y shell: bash - name: Constellation config generate @@ -75,7 +72,3 @@ runs: if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi constellation init ${autoscale} shell: bash - - - name: Configure VPN connection - run: wg-quick up ./wg0.conf - shell: bash diff --git a/.github/docs/README.md b/.github/docs/README.md index d32430e2b..b2e12ed6c 100644 --- a/.github/docs/README.md +++ b/.github/docs/README.md @@ -61,16 +61,6 @@ Then run act with the event as input: act -j e2e-test --eventpath event.json ``` -### Wireguard - -When running actions that use Wireguard, you need to provide privileged capabilities to Docker: - -```bash -act --privileged -``` - -Make sure there is no wg0 interface configured on your machine, else this will fail inside container. - ### Authorizing GCP For creating Kubernetes clusters in GCP a local copy of the service account secret is required. diff --git a/cli/internal/cloudcmd/create_test.go b/cli/internal/cloudcmd/create_test.go index da172f312..ce992bb92 100644 --- a/cli/internal/cloudcmd/create_test.go +++ b/cli/internal/cloudcmd/create_test.go @@ -36,7 +36,7 @@ func TestCreator(t *testing.T) { GCPHealthCheck: "health-check", GCPForwardingRule: "forwarding-rule", GCPFirewalls: []string{ - "bootstrapper", "wireguard", "ssh", "nodeport", "kubernetes", + "bootstrapper", "ssh", "nodeport", "kubernetes", "allow-cluster-internal-tcp", "allow-cluster-internal-udp", "allow-cluster-internal-icmp", "allow-node-internal-tcp", "allow-node-internal-udp", "allow-node-internal-icmp", }, diff --git a/conformance/README.md b/conformance/README.md index 171aee181..f162a7487 100644 --- a/conformance/README.md +++ b/conformance/README.md @@ -4,8 +4,6 @@ [Install & configure `gcloud` CLI](https://cloud.google.com/sdk/gcloud) for access to GCP. -[Install WireGuard](https://www.wireguard.com/install/) for connecting to your cluster - [Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) for working with Kubernetes For more information [follow our documentation.](https://constellation-docs.edgeless.systems/6c320851-bdd2-41d5-bf10-e27427398692/#/getting-started/install) @@ -18,7 +16,6 @@ These tests results were produced using Sonobuoy v0.56.4. ```sh constellation create gcp 1 2 n2d-standard-2 -y constellation init -wg-quick up ./wg0.conf export KUBECONFIG="$PWD/constellation-admin.conf" ``` @@ -50,7 +47,6 @@ cat plugins/e2e/results/global/junit_01.xml # Remove test deployments sonobuoy delete --wait # Or, shutdown cluster -wg-quick down ./wg0.conf ./constellation terminate rm constellation-mastersecret.base64 ``` diff --git a/go.mod b/go.mod index 47de9096f..1787532cb 100644 --- a/go.mod +++ b/go.mod @@ -33,8 +33,6 @@ replace ( k8s.io/sample-controller => k8s.io/sample-controller v0.24.0 ) -replace github.com/nmiculinic/wg-quick-go v0.1.3 => github.com/katexochen/wg-quick-go v0.1.3-beta.1 - require ( cloud.google.com/go/compute v1.5.0 cloud.google.com/go/iam v0.3.0 diff --git a/hack/go.mod b/hack/go.mod index 8762ab246..5a05371f0 100644 --- a/hack/go.mod +++ b/hack/go.mod @@ -34,7 +34,6 @@ replace ( replace ( github.com/edgelesssys/constellation => ./.. - github.com/nmiculinic/wg-quick-go v0.1.3 => github.com/katexochen/wg-quick-go v0.1.3-beta.1 ) require ( diff --git a/internal/config/config.go b/internal/config/config.go index d3dce4aca..831c898c4 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -175,13 +175,6 @@ func Default() *Config { IPRange: "0.0.0.0/0", FromPort: constants.BootstrapperPort, }, - { - Name: "wireguard", - Description: "WireGuard default port", - Protocol: "udp", - IPRange: "0.0.0.0/0", - FromPort: constants.WireguardPort, - }, { Name: "ssh", Description: "SSH", diff --git a/internal/constants/constants.go b/internal/constants/constants.go index 8c4cff95d..ec04d7763 100644 --- a/internal/constants/constants.go +++ b/internal/constants/constants.go @@ -39,7 +39,6 @@ const ( BootstrapperPort = 9000 EnclaveSSHPort = 2222 SSHPort = 22 - WireguardPort = 51820 NVMEOverTCPPort = 8009 // Default NodePort Range // https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport @@ -99,14 +98,6 @@ const ( // KubernetesVersion installed by kubeadm. KubernetesVersion = "stable-1.23" KubernetesJoinTokenTTL = 15 * time.Minute - - // - // VPN. - // - - // WireguardAdminMTU is the MTU designated for the admin's WireGuard interface. - // WireGuard doesn't support Path MTU Discovery. Thus, its default MTU can be too high on some networks. - WireguardAdminMTU = 1300 ) // VersionInfo is the version of a binary. Left as a separate variable to allow override during build.