mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-09-20 00:06:21 +00:00
Fix/bootstrapper regressions (#274)
* remove wireguard from e2e tests, conformance docs & config Signed-off-by: Fabian Kammel <fk@edgeless.systems>
This commit is contained in:
parent
e315a3b5d8
commit
a931f6692f
11
.github/actions/constellation_create/action.yml
vendored
11
.github/actions/constellation_create/action.yml
vendored
@ -20,20 +20,17 @@ inputs:
|
|||||||
runs:
|
runs:
|
||||||
using: 'composite'
|
using: 'composite'
|
||||||
steps:
|
steps:
|
||||||
- name: Install wireguard
|
|
||||||
run: sudo apt-get update && sudo apt-get install wireguard iproute2 jq -y
|
|
||||||
shell: bash
|
|
||||||
- name: Install kubectl
|
- name: Install kubectl
|
||||||
run: |
|
run: |
|
||||||
curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl
|
curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl
|
||||||
install kubectl /usr/local/bin
|
install kubectl /usr/local/bin
|
||||||
shell: bash
|
shell: bash
|
||||||
- name: Install yq
|
- name: Install yq jq
|
||||||
run: |
|
run: |
|
||||||
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
|
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
|
||||||
sudo add-apt-repository ppa:rmescandon/yq
|
sudo add-apt-repository ppa:rmescandon/yq
|
||||||
sudo apt update
|
sudo apt update
|
||||||
sudo apt install yq -y
|
sudo apt install yq jq -y
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
- name: Constellation config generate
|
- name: Constellation config generate
|
||||||
@ -75,7 +72,3 @@ runs:
|
|||||||
if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi
|
if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi
|
||||||
constellation init ${autoscale}
|
constellation init ${autoscale}
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
- name: Configure VPN connection
|
|
||||||
run: wg-quick up ./wg0.conf
|
|
||||||
shell: bash
|
|
||||||
|
10
.github/docs/README.md
vendored
10
.github/docs/README.md
vendored
@ -61,16 +61,6 @@ Then run act with the event as input:
|
|||||||
act -j e2e-test --eventpath event.json
|
act -j e2e-test --eventpath event.json
|
||||||
```
|
```
|
||||||
|
|
||||||
### Wireguard
|
|
||||||
|
|
||||||
When running actions that use Wireguard, you need to provide privileged capabilities to Docker:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
act --privileged
|
|
||||||
```
|
|
||||||
|
|
||||||
Make sure there is no wg0 interface configured on your machine, else this will fail inside container.
|
|
||||||
|
|
||||||
### Authorizing GCP
|
### Authorizing GCP
|
||||||
|
|
||||||
For creating Kubernetes clusters in GCP a local copy of the service account secret is required.
|
For creating Kubernetes clusters in GCP a local copy of the service account secret is required.
|
||||||
|
@ -36,7 +36,7 @@ func TestCreator(t *testing.T) {
|
|||||||
GCPHealthCheck: "health-check",
|
GCPHealthCheck: "health-check",
|
||||||
GCPForwardingRule: "forwarding-rule",
|
GCPForwardingRule: "forwarding-rule",
|
||||||
GCPFirewalls: []string{
|
GCPFirewalls: []string{
|
||||||
"bootstrapper", "wireguard", "ssh", "nodeport", "kubernetes",
|
"bootstrapper", "ssh", "nodeport", "kubernetes",
|
||||||
"allow-cluster-internal-tcp", "allow-cluster-internal-udp", "allow-cluster-internal-icmp",
|
"allow-cluster-internal-tcp", "allow-cluster-internal-udp", "allow-cluster-internal-icmp",
|
||||||
"allow-node-internal-tcp", "allow-node-internal-udp", "allow-node-internal-icmp",
|
"allow-node-internal-tcp", "allow-node-internal-udp", "allow-node-internal-icmp",
|
||||||
},
|
},
|
||||||
|
@ -4,8 +4,6 @@
|
|||||||
|
|
||||||
[Install & configure `gcloud` CLI](https://cloud.google.com/sdk/gcloud) for access to GCP.
|
[Install & configure `gcloud` CLI](https://cloud.google.com/sdk/gcloud) for access to GCP.
|
||||||
|
|
||||||
[Install WireGuard](https://www.wireguard.com/install/) for connecting to your cluster
|
|
||||||
|
|
||||||
[Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) for working with Kubernetes
|
[Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) for working with Kubernetes
|
||||||
|
|
||||||
For more information [follow our documentation.](https://constellation-docs.edgeless.systems/6c320851-bdd2-41d5-bf10-e27427398692/#/getting-started/install)
|
For more information [follow our documentation.](https://constellation-docs.edgeless.systems/6c320851-bdd2-41d5-bf10-e27427398692/#/getting-started/install)
|
||||||
@ -18,7 +16,6 @@ These tests results were produced using Sonobuoy v0.56.4.
|
|||||||
```sh
|
```sh
|
||||||
constellation create gcp 1 2 n2d-standard-2 -y
|
constellation create gcp 1 2 n2d-standard-2 -y
|
||||||
constellation init
|
constellation init
|
||||||
wg-quick up ./wg0.conf
|
|
||||||
export KUBECONFIG="$PWD/constellation-admin.conf"
|
export KUBECONFIG="$PWD/constellation-admin.conf"
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -50,7 +47,6 @@ cat plugins/e2e/results/global/junit_01.xml
|
|||||||
# Remove test deployments
|
# Remove test deployments
|
||||||
sonobuoy delete --wait
|
sonobuoy delete --wait
|
||||||
# Or, shutdown cluster
|
# Or, shutdown cluster
|
||||||
wg-quick down ./wg0.conf
|
|
||||||
./constellation terminate
|
./constellation terminate
|
||||||
rm constellation-mastersecret.base64
|
rm constellation-mastersecret.base64
|
||||||
```
|
```
|
||||||
|
2
go.mod
2
go.mod
@ -33,8 +33,6 @@ replace (
|
|||||||
k8s.io/sample-controller => k8s.io/sample-controller v0.24.0
|
k8s.io/sample-controller => k8s.io/sample-controller v0.24.0
|
||||||
)
|
)
|
||||||
|
|
||||||
replace github.com/nmiculinic/wg-quick-go v0.1.3 => github.com/katexochen/wg-quick-go v0.1.3-beta.1
|
|
||||||
|
|
||||||
require (
|
require (
|
||||||
cloud.google.com/go/compute v1.5.0
|
cloud.google.com/go/compute v1.5.0
|
||||||
cloud.google.com/go/iam v0.3.0
|
cloud.google.com/go/iam v0.3.0
|
||||||
|
@ -34,7 +34,6 @@ replace (
|
|||||||
|
|
||||||
replace (
|
replace (
|
||||||
github.com/edgelesssys/constellation => ./..
|
github.com/edgelesssys/constellation => ./..
|
||||||
github.com/nmiculinic/wg-quick-go v0.1.3 => github.com/katexochen/wg-quick-go v0.1.3-beta.1
|
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
|
@ -175,13 +175,6 @@ func Default() *Config {
|
|||||||
IPRange: "0.0.0.0/0",
|
IPRange: "0.0.0.0/0",
|
||||||
FromPort: constants.BootstrapperPort,
|
FromPort: constants.BootstrapperPort,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
Name: "wireguard",
|
|
||||||
Description: "WireGuard default port",
|
|
||||||
Protocol: "udp",
|
|
||||||
IPRange: "0.0.0.0/0",
|
|
||||||
FromPort: constants.WireguardPort,
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
Name: "ssh",
|
Name: "ssh",
|
||||||
Description: "SSH",
|
Description: "SSH",
|
||||||
|
@ -39,7 +39,6 @@ const (
|
|||||||
BootstrapperPort = 9000
|
BootstrapperPort = 9000
|
||||||
EnclaveSSHPort = 2222
|
EnclaveSSHPort = 2222
|
||||||
SSHPort = 22
|
SSHPort = 22
|
||||||
WireguardPort = 51820
|
|
||||||
NVMEOverTCPPort = 8009
|
NVMEOverTCPPort = 8009
|
||||||
// Default NodePort Range
|
// Default NodePort Range
|
||||||
// https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
// https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||||
@ -99,14 +98,6 @@ const (
|
|||||||
// KubernetesVersion installed by kubeadm.
|
// KubernetesVersion installed by kubeadm.
|
||||||
KubernetesVersion = "stable-1.23"
|
KubernetesVersion = "stable-1.23"
|
||||||
KubernetesJoinTokenTTL = 15 * time.Minute
|
KubernetesJoinTokenTTL = 15 * time.Minute
|
||||||
|
|
||||||
//
|
|
||||||
// VPN.
|
|
||||||
//
|
|
||||||
|
|
||||||
// WireguardAdminMTU is the MTU designated for the admin's WireGuard interface.
|
|
||||||
// WireGuard doesn't support Path MTU Discovery. Thus, its default MTU can be too high on some networks.
|
|
||||||
WireguardAdminMTU = 1300
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// VersionInfo is the version of a binary. Left as a separate variable to allow override during build.
|
// VersionInfo is the version of a binary. Left as a separate variable to allow override during build.
|
||||||
|
Loading…
Reference in New Issue
Block a user