Question

Kubernetes nodes - unable to create wireguard in the Pod

I use the Digital Ocean managed Kubernetes cluster and would like to create a wireguard interface. For the command wg-quick up wg0

the error message is ‘RTNETLINK answers: Not supported’.

How would I go about getting a node that has the support for the wireguard kernel module?

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Still looking forward to the wireguard server and client support in the Linux kernel and being able to deploy it from the Pods. Being able to use the module may require additional privileges. While you are at it, can you also look into using the eBPF feature of the node’s kernel?

A tangential questions: Is there a specific reason to use Debian as your OS instead of Ubuntu (say, licensing or the ability to customize…)

We currently run a debian-maintained Linux 4.19 whereas the in-tree wireguard didn’t make it into the kernel until 5.6. We’re currently looking into upgrading to Linux 5.7 which is consideration to be released soon.

For now I manually installed wireguard on a node and tagged it as wireguard_capable.