Replace ipsec with wireguard

vitobotta · Feb 17, 2022 · 960d513 · 960d513
1 parent 64fdaa0
commit 960d513
Show file tree

Hide file tree

Showing 10 changed files with 12 additions and 15 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hetzner-k3s (0.5.0)
+    hetzner-k3s (0.5.3)
       bcrypt_pbkdf
       ed25519
       http

diff --git a/README.md b/README.md
@@ -39,7 +39,7 @@ This will install the `hetzner-k3s` executable in your PATH.
 Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
 
 ```bash
-docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.2 create-cluster --config-file /cluster/test.yaml
+docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.3 create-cluster --config-file /cluster/test.yaml
 ```
 
 Replace `test.yaml` with the name of your config file.
@@ -73,7 +73,7 @@ worker_node_pools:
   instance_count: 2
 additional_packages:
 - somepackage
-enable_ipsec_encryption: true
+enable_encryption: true
 ```
 
 It should hopefully be self explanatory; you can run `hetzner-k3s releases` to see a list of the available releases from the most recent to the oldest available.
@@ -256,9 +256,6 @@ Once the cluster is ready you can create persistent volumes out of the box with
 I recommend that you create a separate Hetzner project for each cluster, because otherwise multiple clusters will attempt to create overlapping routes. I will make the pod cidr configurable in the future to avoid this, but I still recommend keeping clusters separated from each other. This way, if you want to delete a cluster with all the resources created for it, you can just delete the project.
 
 
-## changelog
-
-See changelog [here](https://github.com/vitobotta/hetzner-k3s/wiki/Changelog).
 ## Contributing and support
 
 Please create a PR if you want to propose any changes, or open an issue if you are having trouble with the tool - I will do my best to help if I can.

diff --git a/bin/build.sh b/bin/build.sh
@@ -6,9 +6,9 @@ set -e
 
 IMAGE="vitobotta/hetzner-k3s"
 
-docker build -t ${IMAGE}:v0.5.2 \
+docker build -t ${IMAGE}:v0.5.3 \
   --platform=linux/amd64 \
-  --cache-from ${IMAGE}:v0.5.1 \
+  --cache-from ${IMAGE}:v0.5.2 \
   --build-arg BUILDKIT_INLINE_CACHE=1 .
 
-docker push vitobotta/hetzner-k3s:v0.5.2
+docker push vitobotta/hetzner-k3s:v0.5.3
diff --git a/bin/console.sh b/bin/console.sh
diff --git a/bin/setup.sh b/bin/setup.sh
diff --git a/entrypoint.sh b/entrypoint.sh
diff --git a/exe/hetzner-k3s b/exe/hetzner-k3s
diff --git a/lib/hetzner/infra/server.rb b/lib/hetzner/infra/server.rb
@@ -81,7 +81,7 @@ def find_server(server_name)
     end
 
     def user_data
-      packages = ['fail2ban']
+      packages = ['fail2ban', 'wireguard']
       packages += additional_packages if additional_packages
       packages = "'#{packages.join("', '")}'"
 

diff --git a/lib/hetzner/k3s/cluster.rb b/lib/hetzner/k3s/cluster.rb
@@ -38,7 +38,7 @@ def create(configuration:)
     @verify_host_key = configuration.fetch('verify_host_key', false)
     @servers = []
     @networks = configuration['ssh_allowed_networks']
-    @enable_ipsec_encryption = configuration.fetch('enable_ipsec_encryption', false)
+    @enable_encryption = configuration.fetch('enable_encryption', false)
 
     create_resources
 
@@ -81,7 +81,7 @@ def upgrade(configuration:, new_k3s_version:, config_file:)
               :location, :public_ssh_key_path,
               :hetzner_token, :new_k3s_version, :configuration,
               :config_file, :verify_host_key, :networks, :private_ssh_key_path,
-              :enable_ipsec_encryption
+              :enable_encryption
 
   def find_worker_node_pools(configuration)
     configuration.fetch('worker_node_pools', [])
@@ -190,7 +190,7 @@ def upgrade_cluster
   def master_script(master)
     server = master == first_master ? ' --cluster-init ' : " --server https://#{api_server_ip}:6443 "
     flannel_interface = find_flannel_interface(master)
-    flannel_ipsec = enable_ipsec_encryption ? ' --flannel-backend=ipsec ' : ' '
+    flannel_wireguard = enable_encryption ? ' --flannel-backend=wireguard ' : ' '
 
     taint = schedule_workloads_on_masters? ? ' ' : ' --node-taint CriticalAddonsOnly=true:NoExecute '
 
@@ -205,7 +205,7 @@ def master_script(master)
         --node-name="$(hostname -f)" \
         --cluster-cidr=10.244.0.0/16 \
         --etcd-expose-metrics=true \
-        #{flannel_ipsec} \
+        #{flannel_wireguard} \
         --kube-controller-manager-arg="address=0.0.0.0" \
         --kube-controller-manager-arg="bind-address=0.0.0.0" \
         --kube-proxy-arg="metrics-bind-address=0.0.0.0" \

diff --git a/lib/hetzner/k3s/version.rb b/lib/hetzner/k3s/version.rb
@@ -2,6 +2,6 @@
 
 module Hetzner
   module K3s
-    VERSION = '0.5.2'
+    VERSION = '0.5.3'
   end
 end