mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
1c0f52e04e
* refactor cli vpn config Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| azure | ||
| cloud/cloudtypes | ||
| cloudprovider | ||
| cmd | ||
| ec2 | ||
| file | ||
| gcp | ||
| proto | ||
| status | ||
| vpn | ||
| main.go | ||
| README.md | ||
CLI to spawn a confidential kubernetes cluster
Usage
- (optional) replace the responsible in
cli/cmd/defaults.gowith yourself. - Build the CLI and authenticate with <AWS/Azure/GCP> according to the README.md.
- Execute
constellation create <aws/azure/gcp> 2 <4xlarge|n2d-standard-2>. - Execute
wg genkey | tee privatekey | wg pubkey > publickeyto generate a WireGuard keypair. - Execute
constellation init --publickey publickey. Since the CLI waits for all nodes to be ready, this step can take up to 5 minutes. - Use the output from
constellation initand the wireguard template below to create/etc/wireguard/wg0.conf, then executewg-quick up wg0. - Execute
export KUBECONFIG=<path/to/admin.conf>. - Use
kubectl get nodesto inspect your cluster. - Execute
constellation terminateto terminate your Constellation.
[Interface]
Address = <address from the init output>
PrivateKey = <your base64 encoded private key>
ListenPort = 51820
[Peer]
PublicKey = <public key from the init output>
AllowedIPs = 10.118.0.1/32 # IP set on the peer's wg interface
Endpoint = <public IPv4 address from the activated coordinator>:51820 # address where the peer listens on
PersistentKeepalive = 10
Note: Skip the manual configuration of WireGuard by executing Step 2 as root. Then, replace steps 4 and 5 with sudo constellation init --privatekey <path/to/your/privatekey>. This will automatically configure a new WireGuard interface named wg0 with the coordinator as peer.