GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nmiculinic → wg-operator

nmiculinic / wg-operator

Licence: MIT license
Wireguard operator

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects
Dockerfile
14818 projects

Labels

kubernetes-operatorkubernetswireguardwireguard-vpn

Projects that are alternatives of or similar to wg-operator

wireguard-kmod
WireGuard for UDM series routers
Stars: ✭ 328 (+1540%)
Mutual labels:  wireguard, wireguard-vpn
raspbian10-buster
Raspbian 10 (Buster) Lite Setup: with Wireguard, Pi-hole, Unbound
Stars: ✭ 54 (+170%)
Mutual labels:  wireguard, wireguard-vpn
aws-wireguard-linux
WireGuard VPN implemented on Amazon Linux 2 with Load Balancing
Stars: ✭ 93 (+365%)
Mutual labels:  wireguard, wireguard-vpn
WGDashboard
Simplest dashboard for WireGuard VPN written in Python w/ Flask
Stars: ✭ 772 (+3760%)
Mutual labels:  wireguard, wireguard-vpn
wgrest
WireGuard REST API
Stars: ✭ 92 (+360%)
Mutual labels:  wireguard, wireguard-vpn
terransible-wirehole
Wirehole (Wireguard, Pi-hole, Upbound) deployment on Free Tier Oracle Cloud or other providers leveraging Docker Containers and deployed using Terraform and Ansible.
Stars: ✭ 33 (+65%)
Mutual labels:  wireguard, wireguard-vpn
wireguard config maker
Simple Java program to create wireguard client config files
Stars: ✭ 51 (+155%)
Mutual labels:  wireguard, wireguard-vpn
hide.client.linux
Hide.me CLI VPN client for Linux
Stars: ✭ 41 (+105%)
Mutual labels:  wireguard, wireguard-vpn
desktop-app-ui2
IVPN Desktop app
Stars: ✭ 19 (-5%)
Mutual labels:  wireguard
netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Stars: ✭ 4,147 (+20635%)
Mutual labels:  wireguard
cloudformation-operator
A Kubernetes operator for managing CloudFormation stacks via a CustomResource
Stars: ✭ 98 (+390%)
Mutual labels:  kubernetes-operator
kubereplay
Seamless integration of goReplay and Kubernetes
Stars: ✭ 30 (+50%)
Mutual labels:  kubernetes-operator
secureCodeBox-v2
This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.
Stars: ✭ 23 (+15%)
Mutual labels:  kubernetes-operator
wiresteward
Wireguard peer manager
Stars: ✭ 50 (+150%)
Mutual labels:  wireguard
ipvpn
[WIP] Easy-to-use decentralized secure overlay private network (for any device)
Stars: ✭ 24 (+20%)
Mutual labels:  wireguard
desktop-app
Official IVPN Desktop app
Stars: ✭ 141 (+605%)
Mutual labels:  wireguard
grafana-operator
An operator for Grafana that installs and manages Grafana instances, Dashboards and Datasources through Kubernetes/OpenShift CRs
Stars: ✭ 449 (+2145%)
Mutual labels:  kubernetes-operator
wordpress-operator
Bitpoke Kubernetes operator for WordPress
Stars: ✭ 159 (+695%)
Mutual labels:  kubernetes-operator
chaos-operator
chaos engineering via kubernetes operator
Stars: ✭ 90 (+350%)
Mutual labels:  kubernetes-operator
cdap-operator
CDAP Kubernetes Operator
Stars: ✭ 17 (-15%)
Mutual labels:  kubernetes-operator
View All Similar Projects ➔

Build Status GoDoc Go Report Card

wg-operator

This project aim to dynamically reconfigure wireguard on the fly for the cluster nodes.

QuickStart

See /deploy folder. Apply CRDs, that is under /deploy/crds. Example servers/clients are under /deploy/servers and /deploy/clients. Recommended deployment is also provided under /deploy

Goals

  • Basic client-server VPN paradigm
  • Implement IPtables masqerading for out of VPN IPs --> use preUp/postDown for now, and wg-quick or wg-quick-go to run them at system boot.
  • Highly scalable for clients (i.e. supporting 1000+ clients with minimal resource usage on client side). For mostly static topologies this should be quite performant.
    • update coalescing --> implemented via 200ms coalescing time window
    • error exponential backoff --> Not implemented, on error we retry every 5 seconds
    • client query only myself --> partially implemeted, informer cache is fetching all client changes, but update is triggered only for myself
  • Implement per server interface for clients -- allows custom routing to operate on top of wireguard (e.g. OSPF/BGP)
  • Medium dynamic network topology changes, wireguard setting & nodes won't change too often
  • Unit test coverage + CI for config generation
  • End2end test within CI
  • Support key rotation
  • Have decent usage documentation

Non-goals

Docker images registy, automatically built via CI pipeline

It's located at:

Per tag images:

  • registry.gitlab.com/neven-miculinic/wg-operator:-

Example:

  • registry.gitlab.com/neven-miculinic/wg-operator:v0.1.0-amd64

Per branch images:

registry.gitlab.com/neven-miculinic/wg-operator:- registry.gitlab.com/neven-miculinic/wg-operator:--

Example:

  • registry.gitlab.com/neven-miculinic/wg-operator:master-6b18ddbf-amd64
  • registry.gitlab.com/neven-miculinic/wg-operator:master-6b18ddbf-arm32v7
  • registry.gitlab.com/neven-miculinic/wg-operator:master-6b18ddbf-arm64v8
  • registry.gitlab.com/neven-miculinic/wg-operator:master-amd64
  • registry.gitlab.com/neven-miculinic/wg-operator:master-arm32v7
  • registry.gitlab.com/neven-miculinic/wg-operator:master-arm64v8

Bare metal deployment

There's ansible role in the deploy/role with example playbook in deploy/playbook.yml

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].