Hello,
I am not sure if I am off-topic here, but I am not sure where to best raise this issue. The situation is: if I start a Pod in Kubernetes that uses the ungleich-wireguard:0.0.5 [0] container, which is basically using this script [1] I am able to get the following output: -------------------------------------------------------------------------------- [21:29] blind:~% kubectl -n test logs -f wireguard-7cf446469-gmkvd + wg show interface: clients public key: 5QzByP8MnQyR7seJWJyiP6fFHn5OnkPI+O0WAuYoLko= private key: (hidden) listening port: 51820 peer: fnIGys3sZKfyjSA7oXw891IOxuuRi7yYM6tihNG+1WA= allowed ips: 10.0.0.2/32 + wg-quick up /etc/wireguard/clients.conf Warning: `/etc/wireguard/..2022_05_05_19_29_32.4005058985/clients.conf' is world accessible wg-quick: `clients' already exists + exit 1 [21:29] blind:~% -------------------------------------------------------------------------------- As the pod/container are freshly created, I assume that the "clients" interface is a leftover from a previous run of that container. Which brings me to the real questions: Are wireguard interfaces a) Not contained in a container? b) Not destroyed if the container is destroyed? As containers are namespaced, I would have expected the device to die with the container, but I even cleared the full deployment and get this error again. My logical understand would be that the interface should be destroyed if the container exits, however the output implies that this is not the case. Any pointers in this direction are very welcome. Best regards, Nico [0] https://hub.docker.com/layers/ungleich-wireguard/ungleich/ungleich-wireguard/0.0.5/images/sha256-cf50085115df1f686509288375349ce61cc4ef06a06c940cf7cbd9041a6d9ef6?context=explore [1] -------------------------------------------------------------------------------- #!/bin/sh set -x # Ensure everything is clean / show prior state wg show # Start all definitions for conf in /etc/wireguard/*.conf; do # Try to up and if any tunnel fails -> exit wg-quick up "$conf" || exit 1 done # Debug output while true; do wg show sleep 300 done -------------------------------------------------------------------------------- -- Sustainable and modern Infrastructures by ungleich.ch