This project aim to dynamically reconfigure wireguard on the fly for the cluster nodes.
See /deploy
folder. Apply CRDs, that is under /deploy/crds
. Example servers/clients are under /deploy/servers
and /deploy/clients
. Recommended deployment is also provided under /deploy
- Basic client-server VPN paradigm
- Implement IPtables masqerading for out of VPN IPs --> use preUp/postDown for now, and wg-quick or wg-quick-go to run them at system boot.
- Highly scalable for clients (i.e. supporting 1000+ clients with minimal resource usage on client side). For mostly static topologies this should be quite performant.
- update coalescing --> implemented via 200ms coalescing time window
- error exponential backoff --> Not implemented, on error we retry every 5 seconds
- client query only myself --> partially implemeted, informer cache is fetching all client changes, but update is triggered only for myself
- Implement per server interface for clients -- allows custom routing to operate on top of wireguard (e.g. OSPF/BGP)
- Medium dynamic network topology changes, wireguard setting & nodes won't change too often
- Unit test coverage + CI for config generation
- End2end test within CI
- Support key rotation
- Have decent usage documentation
- support OpenVPN or other VPN providers
- install wireguard on the target machines/perform upgrades. Use ansible or something else for it. Also look into https://github.com/KrakenSystems/wg-cni
It's located at:
Per tag images:
- registry.gitlab.com/neven-miculinic/wg-operator:-
Example:
- registry.gitlab.com/neven-miculinic/wg-operator:v0.1.0-amd64
Per branch images:
registry.gitlab.com/neven-miculinic/wg-operator:- registry.gitlab.com/neven-miculinic/wg-operator:--
Example:
- registry.gitlab.com/neven-miculinic/wg-operator:master-6b18ddbf-amd64
- registry.gitlab.com/neven-miculinic/wg-operator:master-6b18ddbf-arm32v7
- registry.gitlab.com/neven-miculinic/wg-operator:master-6b18ddbf-arm64v8
- registry.gitlab.com/neven-miculinic/wg-operator:master-amd64
- registry.gitlab.com/neven-miculinic/wg-operator:master-arm32v7
- registry.gitlab.com/neven-miculinic/wg-operator:master-arm64v8
There's ansible role in the deploy/role
with example playbook in deploy/playbook.yml