What is the use of "-client" secret?

[joaogbcravo]

Maybe I'm missing something, but I don't see why the wireguard-operator is creating a "-client" secret.

As far as I see, it is not mounted by any pod, or used as an environment variable.

The creation code of it is

wireguard-operator/pkg/controllers/wireguard_controller.go

Line 698 in e9f3661

func (r *WireguardReconciler) secretForClient(m *v1alpha1.Wireguard, privateKey string, publicKey string) *corev1.Secret {

Can you clarify, please?

[jodevsa]

Hi @joaogbcravo ,

The "-client" secret contains the private key for the peer. This needs to be saved so that you can retreive the peer secret using

kubectl get wireguardpeer peer1 --template={{.status.config}} | bash

if you try to inspect the bash script generated using
kubectl get wireguardpeer peer1 --template={{.status.config}}

You'll notice that it reads that secret.

[jodevsa]

Hi @joaogbcravo,

I was wrong. I somehow thought we where talking about the *-peer secrets 🤦

Your right. That secret is being created but never gets used 😬 good catch!

[jodevsa]

Interesting :D I've added this long time ago to try to generate a peer secret and somehow forgot to remove it
e8e3952

[jodevsa]

Are you interested in opening a PR and removing that logic? please feel free to do so :)

[jodevsa]

fixed