Wireguard known issues

This section lists the Wireguard known issues with workarounds for the Mirantis OpenStack for Kubernetes release 23.2.

[35147] The Wireguard interface does not have the IPv4 address assigned

Fixed in 23.3

Due to the upstream Calico issue, on clusters with Wireguard enabled, the Wireguard interface on a node may not have the IPv4 address assigned. This leads to broken inter-Pod communication between the affected node and other cluster nodes.

The node is affected if the IP address is missing on the Wireguard interface:

ip a show wireguard.cali

Example of system response:

40: wireguard.cali: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000 link/none

The workaround is to manually restart the calico-node Pod to allocate the IPv4 address on the Wireguard interface:

docker restart $(docker ps -f "label=name=Calico node" -q)