• Have access to NET2 K8S, doing some tests at a small scale. Coordinating with Eduardo on figuring out minimal privileges for e.g. WireGuard in OpenShift
  • Aidan will try Armada for Kubernetes-level federation against this cluster as well
• stretched k8s upgraded to Kubernetes 1.31
• having a working unprivileged wireguard container with manual configuration. capabilies added _in the namespace_ only 
  •  [12:03]:~/wg-test/config $ podman run --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_MODULE --sysctl="net.ipv4.conf.all.src_valid_mark=1" -p 51820:51820/udp -v /lib/modules:/lib/modules -v /home/lincolnb/wg-test/config/:/etc/wiregua
rd wgtest3 /bin/bash -c "wg-quick up wg0; ping 10.20.10.1"
PING 10.20.10.1 (10.20.10.1) 56(84) bytes of data.
64 bytes from 10.20.10.1: icmp_seq=1 ttl=64 time=3.74 ms
64 bytes from 10.20.10.1: icmp_seq=2 ttl=64 time=1.85 ms
^C
--- 10.20.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 1.851/2.794/3.737/0.943 ms