jspaleta/Kind-Node-Instructions.md

## Kind-Node-Instructions.md

      
    Raw
  

              Kind-Node-Instructions.md
            
          
    Kind node container customizations

First drop into the kind-worker container
podman exec -ti kind-worker /bin/bash


install the wireguard-tools package without any of the additional recommended packages
root@kind-worker# apt-get install --no-install-recommends wireguard-tools 

install some helpers you may want for diagnostic testing and conf tweaking.
root@kind-worker# apt install -y vim iputils-ping netcat

Prepping Kind node-side wgD keys

Generate the wgD link keys. You'll need the public cat for the workstation side configuration.
root@kind-worker# wg genkey | tee /etc/wireguard/wgD.key | wg pubkey > /etc/wireguard/wgD.pub
root@kind-worker# cat /etc/wireguard/wgD.pub

Prepping Workstation-side wgK keys

In a different terminal, prep the keys for the workstation side of the tunnel
root@workstation# wg genkey | tee /etc/wireguard/wgK.key | wg pubkey > /etc/wireguard/wgK.pub
root@workstatation# cat /etc/wireguard/wgK.pub

Prepping Workstation-side of tunnel

install the wgK.conf into the workstation side and start up the wg-quick service
Note: You'll need to edit the wgK.conf to include kind node-side wgD device specifics
root@workstation# systemctl start wg-quick@wgK

Prepping Kind node-side of tunnel

install the wgD.conf into the kind node and start up the wg-quick service
Note: You'll need to edit the wgD.conf to include workstation-side wgK device specifics
root@kind-worker# systemctl start wg-quick@wgD

Diagnostic testing

at this point yould should be able to connect across the wgK <-> wgD tunnel using the netcat and ping tools.

  
## wgD.conf
# This file goes on the kind-worker node at /etc/wireguard/wgD.conf that you want to use as Egress Gateway node.
[Interface]
Address = 10.10.9.3/31
PostUp = wg set %i private-key /etc/wireguard/%i.key
ListenPort = 51002

[Peer]
# workstation wgK peer, redacted edit for your network specifics
# Note: The public key and endpoint here is for the wgK link on the workstation side of the tunnel
PublicKey = <replace with public key for workstation wgK side of tunnel>
Endpoint = A.B.X.Y:51001
AllowedIPs = 10.100.2.0/24,10.10.9.2/31

## wgK.conf
# This file goes on the workstation acting as external service host that you want to use Egress Gateway node with.
[Interface]
PostUp = wg set %i private-key /etc/wireguard/%i.key
Address = 10.10.9.2/31
ListenPort = 51001

[Peer]
# workstation wgD peer, redacted edit for your network specifics
# Note: The public key and endpoint here is for the wgD link on the kind-node side of the tunnel
PublicKey = <replace with public key for workstation wgD side of tunnel>
Endpoint = A.B.X.Y:51002
AllowedIPs = 10.10.9.3/31, 10.96.0.0/16, 10.244.0.0/16
	# This file goes on the kind-worker node at /etc/wireguard/wgD.conf that you want to use as Egress Gateway node.
	[Interface]
	Address = 10.10.9.3/31
	PostUp = wg set %i private-key /etc/wireguard/%i.key
	ListenPort = 51002

	[Peer]
	# workstation wgK peer, redacted edit for your network specifics
	# Note: The public key and endpoint here is for the wgK link on the workstation side of the tunnel
	PublicKey = <replace with public key for workstation wgK side of tunnel>
	Endpoint = A.B.X.Y:51001
	AllowedIPs = 10.100.2.0/24,10.10.9.2/31
	# This file goes on the workstation acting as external service host that you want to use Egress Gateway node with.
	[Interface]
	PostUp = wg set %i private-key /etc/wireguard/%i.key
	Address = 10.10.9.2/31
	ListenPort = 51001

	[Peer]
	# workstation wgD peer, redacted edit for your network specifics
	# Note: The public key and endpoint here is for the wgD link on the kind-node side of the tunnel
	PublicKey = <replace with public key for workstation wgD side of tunnel>
	Endpoint = A.B.X.Y:51002
	AllowedIPs = 10.10.9.3/31, 10.96.0.0/16, 10.244.0.0/16