Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jodevsa/wireguard-operator
Painless deployment of wireguard on kubernetes
https://github.com/jodevsa/wireguard-operator
kubernetes kubernetes-controller kubernetes-operator operator operator-sdk vpn wireguard
Last synced: about 1 month ago
JSON representation
Painless deployment of wireguard on kubernetes
- Host: GitHub
- URL: https://github.com/jodevsa/wireguard-operator
- Owner: jodevsa
- License: mit
- Created: 2021-12-19T17:14:40.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2024-10-24T14:54:56.000Z (about 2 months ago)
- Last Synced: 2024-10-26T05:38:40.889Z (about 2 months ago)
- Topics: kubernetes, kubernetes-controller, kubernetes-operator, operator, operator-sdk, vpn, wireguard
- Language: Go
- Homepage:
- Size: 776 KB
- Stars: 648
- Watchers: 12
- Forks: 37
- Open Issues: 39
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-jordan - wireguard-operator - A wireguard operator created to easily provision a VPN in a k8s cluster. (Docker, Linux containers and Kubernetes)
README
# Wireguard Operator
Painless deployment of wireguard on kubernetes
## Support and discussions
If you are facing any problems please open an [issue](https://github.com/jodevsa/wireguard-operator/issues) or start a
[discussion](https://github.com/jodevsa/wireguard-operator/discussions)## Tested with
- [x] IBM Cloud Kubernetes Service
- [x] Gcore Labs KMP
* requires `spec.enableIpForwardOnPodInit: true`
- [x] Google Kubernetes Engine
* requires `spec.mtu: "1380"`
* Not compatible with "Container-Optimized OS with containerd" node images
* Not compatible with autopilot
- [x] DigitalOcean Kubernetes
* requires `spec.serviceType: "NodePort"`. DigitalOcean LoadBalancer does not support UDP.
- [ ] Amazon EKS
- [ ] Azure Kubernetes Service
- [ ] ...?## Architecture
![alt text](./readme/main.png)
## Features
* Falls back to userspace implementation of wireguard [wireguard-go](https://github.com/WireGuard/wireguard-go) if wireguard kernal module is missing
* Automatic key generation
* Automatic IP allocation
* Does not need persistance. peer/server keys are stored as k8s secrets and loaded into the wireguard pod
* Exposes a metrics endpoint by utilizing [prometheus_wireguard_exporter](https://github.com/MindFlavor/prometheus_wireguard_exporter)## Example
### Server
```
apiVersion: vpn.wireguard-operator.io/v1alpha1
kind: Wireguard
metadata:
name: "my-cool-vpn"
spec:
mtu: "1380"
```### Peer
```
apiVersion: vpn.wireguard-operator.io/v1alpha1
kind: WireguardPeer
metadata:
name: peer1
spec:
wireguardRef: "my-cool-vpn"
```#### Peer configuration
Peer configuration can be retrieved using the following command:
```console
kubectl get wireguardpeer peer1 --template={{.status.config}} | bash
```After executing it, something similar to the following will be shown. Use this config snippet to configure your
preferred Wireguard client:```console
[Interface]
PrivateKey = WOhR7uTMAqmZamc1umzfwm8o4ZxLdR5LjDcUYaW/PH8=
Address = 10.8.0.3
DNS = 10.48.0.10, default.svc.cluster.local
MTU = 1380[Peer]
PublicKey = sO3ZWhnIT8owcdsfwiMRu2D8LzKmae2gUAxAmhx5GTg=
AllowedIPs = 0.0.0.0/0
Endpoint = 32.121.45.102:51820
```## How to deploy
```
kubectl apply -f https://github.com/jodevsa/wireguard-operator/releases/download/v2.1.0/release.yaml
```## How to remove
```
kubectl delete -f https://github.com/jodevsa/wireguard-operator/releases/download/v2.1.0/release.yaml
```## How to collaborate
This project is done on top of [Kubebuilder](https://github.com/kubernetes-sigs/kubebuilder), so read about that project
before collaborating. Of course, we are open to external collaborations for this project. For doing it you must fork the
repository, make your changes to the code and open a PR. The code will be reviewed and tested (always)> We are developers and hate bad code. For that reason we ask you the highest quality on each line of code to improve
> this project on each iteration.