wg-operator icon indicating copy to clipboard operation
wg-operator copied to clipboard

Published 20 hours ago verified publisher icon nmiculinic

Metadata

Wireguard operator

Build Status GoDoc Go Report Card

wg-operator

This project aim to dynamically reconfigure wireguard on the fly for the cluster nodes.

QuickStart

See /deploy folder. Apply CRDs, that is under /deploy/crds. Example servers/clients are under /deploy/servers and /deploy/clients. Recommended deployment is also provided under /deploy

Goals

  • [x] Basic client-server VPN paradigm
  • [ ] Implement IPtables masqerading for out of VPN IPs --> use preUp/postDown for now, and wg-quick or wg-quick-go to run them at system boot.
  • [ ] Highly scalable for clients (i.e. supporting 1000+ clients with minimal resource usage on client side). For mostly static topologies this should be quite performant.
    • [x] update coalescing --> implemented via 200ms coalescing time window
    • [ ] error exponential backoff --> Not implemented, on error we retry every 5 seconds
    • [ ] client query only myself --> partially implemeted, informer cache is fetching all client changes, but update is triggered only for myself
  • [ ] Implement per server interface for clients -- allows custom routing to operate on top of wireguard (e.g. OSPF/BGP)
  • [x] Medium dynamic network topology changes, wireguard setting & nodes won't change too often
  • [ ] Unit test coverage + CI for config generation
  • [ ] End2end test within CI
  • [ ] Support key rotation
  • [ ] Have decent usage documentation

Non-goals

  • support OpenVPN or other VPN providers
  • install wireguard on the target machines/perform upgrades. Use ansible or something else for it. Also look into https://github.com/KrakenSystems/wg-cni

Docker images registy, automatically built via CI pipeline

It's located at:

  • https://gitlab.com/neven-miculinic/wg-operator/container_registry

Per tag images:

  • registry.gitlab.com/neven-miculinic/wg-operator:-

Example:

  • registry.gitlab.com/neven-miculinic/wg-operator:v0.1.0-amd64

Per branch images:

registry.gitlab.com/neven-miculinic/wg-operator:- registry.gitlab.com/neven-miculinic/wg-operator:--

Example:

  • registry.gitlab.com/neven-miculinic/wg-operator:master-6b18ddbf-amd64
  • registry.gitlab.com/neven-miculinic/wg-operator:master-6b18ddbf-arm32v7
  • registry.gitlab.com/neven-miculinic/wg-operator:master-6b18ddbf-arm64v8
  • registry.gitlab.com/neven-miculinic/wg-operator:master-amd64
  • registry.gitlab.com/neven-miculinic/wg-operator:master-arm32v7
  • registry.gitlab.com/neven-miculinic/wg-operator:master-arm64v8

Bare metal deployment

There's ansible role in the deploy/role with example playbook in deploy/playbook.yml

Metadata

21
Stars
4
Forks
Watchers

Owner

verified publisher icon nmiculinic

Metadata

Wireguard operator

Back