Calico wireguard #7638
Calico wireguard #7638
Conversation
k8s-ci-robot
added
the
kind/feature
k8s-ci-robot
added
the
do-not-merge/work-in-progress
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @cristicalin. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
cncf-cla: yes
cristicalin
force-pushed
the
calico_wireguard
branch
6 times, most recently
from
1258fc1 to
a9927d3
Compare
cristicalin
force-pushed
the
calico_wireguard
branch
from
a9927d3 to
11248a8
Compare
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
With #7618 now merged this is now ready for review. |
| # Calico Wireguard support | ||
| calico_wireguard_enabled: false | ||
| calico_wireguard_packages: [] | ||
| calico_wireguard_repo: https://download.copr.fedorainfracloud.org/results/jdoss/wireguard/epel-{{ ansible_distribution_major_version }}-$basearch/ |
There was a problem hiding this comment.
Nit-pick: Should this be calico_wireguard_fedora_repo or calico_wireguard_epel_repo?
There was a problem hiding this comment.
This is used by CentOS and some derivatives (think Alma and Amazon) and is not tied to EPEL. This repo contains the wireguard-dkms kernel module while the wireguard-tools comes from EPEL (seems that non-Debian distro's are all over the map on this one).
Debian, Ubuntu, OpenSUSE Leap and Oracle Linux actually contain both wireguard-tools and wireguard-dkms packages in their main repos and are a bit more sound.
This is my reasoning for the variable naming.
|
I just tired this branch out and it works like a charm. Traffic is definitely encrypted via WireGuard. Could you document this value in k8s-net-calico.yml? |
cristicalin
force-pushed
the
calico_wireguard
branch
2 times, most recently
from
62c985b to
b8d0617
Compare
|
@cristiklein done |
k8s-ci-robot
added
ok-to-test
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cristicalin, cristiklein, floryut The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
cristicalin
force-pushed
the
calico_wireguard
branch
2 times, most recently
from
a544865 to
b480572
Compare
cristicalin
force-pushed
the
calico_wireguard
branch
from
b480572 to
85e49f4
Compare
cristicalin
force-pushed
the
calico_wireguard
branch
from
85e49f4 to
ffffcb3
Compare
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/retest |
* Calico: add Wireguard support * CI: Add Calico Wireguard scenario
* Calico: add Wireguard support * CI: Add Calico Wireguard scenario
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR adds support for enabling Wireguard encryption when deploying Kubespray with Calico.
Which issue(s) this PR fixes:
Fixes #7637
Special notes for your reviewer:
This PR requires changes coming in from #7618 and should be rebased and merged after that one is merged.
Does this PR introduce a user-facing change?: