{"id":15996208,"url":"https://github.com/manics/wireguard-helm-chart","last_synced_at":"2026-01-03T02:04:43.171Z","repository":{"id":146023996,"uuid":"606862840","full_name":"manics/wireguard-helm-chart","owner":"manics","description":"Deploys a Wireguard server on Kubernetes","archived":false,"fork":false,"pushed_at":"2025-01-03T17:58:49.000Z","size":19,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-22T00:46:45.968Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Smarty","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/manics.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-26T19:29:39.000Z","updated_at":"2025-01-03T17:58:54.000Z","dependencies_parsed_at":"2023-04-11T15:46:38.027Z","dependency_job_id":null,"html_url":"https://github.com/manics/wireguard-helm-chart","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/manics%2Fwireguard-helm-chart","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/manics%2Fwireguard-helm-chart/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/manics%2Fwireguard-helm-chart/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/manics%2Fwireguard-helm-chart/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/manics","download_url":"https://codeload.github.com/manics/wireguard-helm-chart/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243713415,"owners_count":20335567,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-08T07:40:34.114Z","updated_at":"2026-01-03T02:04:43.166Z","avatar_url":"https://github.com/manics.png","language":"Smarty","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Wireguard Helm Chart\n\n[![CI Status](https://github.com/manics/wireguard-helm-chart/workflows/Test%20and%20Publish/badge.svg)](https://github.com/manics/wireguard-helm-chart/actions?query=branch%3Amain)\n\nDeploys a Wireguard server on Kubernetes.\nWireguard listens on UDP port 51820 by default.\n\n## Kubernetes node prerequisites\n\nWireguard requires that the host kernel includes the Wireguard module.\n\nFor example, on AWS EKS the default AMIs do not currently (February 2023) support Wireguard, but the [BottleRocket AMIs](https://docs.aws.amazon.com/eks/latest/userguide/launch-node-bottlerocket.html) do.\n\n## Installation\n\n```\nhelm upgrade --install wireguard oci://quay.io/manics/wireguard --version 0.1.0\n```\n\nSee https://github.com/manics/wireguard-helm-chart/tags for the available versions.\n\n## Configuration\n\n- `wireguard.accessibleIps`: Comma separate list of CIDRs that are accessible from the Wireguard network, e.g. `10.0.0.0/8, 172.16.0.0/20`, default `0.0.0.0/0`.\n- `wireguard.clientPeers`: Either the number of client configurations to generate, or a comma separated list of client names that will be used to generate the client configuration files, default `example1, example2`.\n- `wireguard.peerDns`: The DNS server to advertise to clients, default is the same as the Wireguard server (unlikely to work unless the DNS server is included in `accessibleIps`).\n- `persistence.enabled`: The generated server and client configuration files are stored in a persistent volume, default `true`.\n- `configFiles` is a map of `filename.conf: file content` to fully override the Wireguard configuration\n\nSee [`values.yaml`](./values.yaml) for the full set of configuration parameters and defaults.\n\n### Load-balancer configuration\n\nWireguard listens on UDP port 51820 by default.\nIf you are using a load-balancer be aware that some load-balancers will not forward traffic unless the Wireguard service provides a TCP or HTTP health check.\nThe Wireguard pod includes a simple HTTP server listening on port 58000 that returns status code `200` if Wireguard is running.\n\nFor example, to use an external AWS load-balancer add the following annotations to the service:\n\n```yaml\n# wireguard:\n\nhealthcheck:\n  enabled: true\n\nservice:\n  annotations:\n    service.beta.kubernetes.io/aws-load-balancer-type: external\n    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip\n    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing\n    service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: \"58000\"\n    service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: TCP\n```\n\n## Client configuration\n\nWhen Wireguard starts it should generate configuration directories `/config/peer_*` for each client in `wireguard.clientPeers`.\nThese files can be copied from the Wireguard pod:\n\n```\nkubectl exec deploy/wireguard -- ls /config/\nkubectl exec deploy/wireguard -c wireguard -- cat /config/peer_example1/peer_example1.conf \u003e peer_example1.conf\n```\n\nIf necessary change `Endpoint` in `peer_example1.conf` to the external IP address of the loadbalancer.\n\nTo connect to the Wireguard network on Linux:\n\n```\nwg-quick up peer_example1.conf\n```\n\nOr using NetworkManager:\n\n```\nnmcli con import type wireguard file peer_example1.conf\n```\n\n## References\n\n- https://www.perdian.de/blog/2022/02/21/setting-up-a-wireguard-vpn-using-kubernetes/\n- https://www.procustodibus.com/blog/2021/03/wireguard-health-check-for-python-3/\n- https://docs.linuxserver.io/images/docker-wireguard\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmanics%2Fwireguard-helm-chart","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmanics%2Fwireguard-helm-chart","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmanics%2Fwireguard-helm-chart/lists"}