wg-access-server: Deployment via Helm chart - missing admin password: please set via environment variable, flag or config file
Using the latest Helm chart version ghcr.io/freifunkmuc/wg-access-server:v0.5.1 and upon boot, the pod crashes with the following:
time="2022-01-26T21:18:27Z" level=fatal msg="missing admin password: please set via environment variable, flag or config file" file="main.go:236"
My values file is:
wireguard:
config:
privateKey: "random-20-alpha-numeric-here"
persistence:
enabled: true
size: 1Gi
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
hosts:
- vpn.acme.dev
tls:
- hosts:
- vpn.acme.dev
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 16 (8 by maintainers)
@DasSkelett I tried out your idea of setting the sysctls on the pod. Unfortunately, that does not work, as there is only a certain list of ‘allowed’ sysctls that you can set on a pod, and
net.ipv6.conf.all.disable_ipv6is not among them, and would have to be enabled by setting a flag on the kubelet. Documentation on this: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ So as far as I can see it, there is really no good way of using IPv6 in a pod without having an IPv6 / dual-stack k8s cluster.I tested the current helm template on a dual-stack cluster though and it worked as expected there. I was not able to test it on an IPv6-only cluster yet, since I don’t have one running/available right now. Since it can probably be assumed that the majority of all k8s-clusters out there is still IPv4-only though, I think it would be a good idea to disable IPv6 by default in
values.yaml, and let users explicitly enable it if they have a cluster that supports it.@DasSkelett, what I find quite interesting is that we have already set the NET_ADMIN security context (https://github.com/freifunkMUC/wg-access-server/blob/master/deploy/helm/wg-access-server/templates/deployment.yaml#L34)