masipcat / Wireguard Go Docker
Licence: gpl-3.0
Wireguard docker image
Stars: ✭ 57
Projects that are alternatives of or similar to Wireguard Go Docker
netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Stars: ✭ 4,147 (+7175.44%)
Mutual labels: vpn, k8s
Helmfiles
Comprehensive Distribution of Helmfiles for Kubernetes
Stars: ✭ 205 (+259.65%)
Mutual labels: makefile, k8s
K8s Mediaserver Operator
Repository for k8s Mediaserver Operator project
Stars: ✭ 81 (+42.11%)
Mutual labels: makefile, k8s
Slugrunner
Buildpack application runner for Deis Workflow.
Stars: ✭ 14 (-75.44%)
Mutual labels: makefile, k8s
Kubernetes Starter
kubernetes入门,包括kubernetes概念,架构设计,集群环境搭建,认证授权等。
Stars: ✭ 1,077 (+1789.47%)
Mutual labels: k8s
Mylinux
myLinux is a small UNIX like OS for embedded systems based on Westermo NetBox
Stars: ✭ 53 (-7.02%)
Mutual labels: makefile
Sdl manual
The Manual for writing Games in Perl using SDL. Part of TPF grant.
Stars: ✭ 57 (+0%)
Mutual labels: makefile
Openfaas On Digitalocean
Ansible playbook to create a Digital Ocean droplet and deploy OpenFaaS onto it.
Stars: ✭ 57 (+0%)
Mutual labels: k8s
Linux Kernel Programming
Linux Kernel Programming, published by Packt
Stars: ✭ 53 (-7.02%)
Mutual labels: makefile
Kubernetes Cicd
Demonstration of a Kubernetes-centric CI/CD workflow
Stars: ✭ 54 (-5.26%)
Mutual labels: makefile
Vipertemplate
Viper Template makes the process of generation of the Viper's modules easier and faster.
Stars: ✭ 57 (+0%)
Mutual labels: makefile
Docker Unifi Controller
unifi controller runnning in docker
Stars: ✭ 53 (-7.02%)
Mutual labels: makefile
Build
A simple makefile-based build system that I split from ELFE / XL
Stars: ✭ 55 (-3.51%)
Mutual labels: makefile
Gba vscode basic
A 'simple' Game Boy Advance development setup using Visual Studio Code
Stars: ✭ 55 (-3.51%)
Mutual labels: makefile
wireguard-go docker
Setup
First of all you need a key pair for the server. Use the following command to generate the public and private keys:
# Generate privatekey
docker run --rm -i masipcat/wireguard-go wg genkey > privatekey
# Generate publickey from privatekey
docker run --rm -i masipcat/wireguard-go wg pubkey < privatekey > publickey
Run server
Docker
docker-compose.yaml
version: '3.3'
services:
wireguard:
image: masipcat/wireguard-go:latest
cap_add:
- NET_ADMIN
sysctls:
- net.ipv4.ip_forward=1
volumes:
- /dev/net/tun:/dev/net/tun
# Folder with 'publickey', 'privatekey' and 'wg0.conf'
- ./wireguard:/etc/wireguard
environment:
- WG_COLOR_MODE=always
- LOG_LEVEL=info
ports:
- 51820:51820/udp
# Uncomment the following line when 'AllowedIPs' is '0.0.0.0/0'
# privileged: true
restart: always
docker-compose up -d
Kubernetes
Steps to deploy Wireguard-go to a k8s cluster:
- Set the
privatekey
for the wireguard server in theSecret
object - Add at least one peer in
wg0.conf
- Run
kubectl apply -f wireguard.yaml
to deploy wireguard
wireguard.yaml
kind: Secret
apiVersion: v1
metadata:
name: wg-secret
type: Opaque
data:
# Generate and encode the server private key: `wg genkey | base64`
privatekey: REPLACE_WITH_BASE64_PRIVKEY
---
kind: ConfigMap
apiVersion: v1
metadata:
name: wg-configmap
data:
wg0.conf: |
[Interface]
Address = 10.33.0.1/24
ListenPort = 51820
PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING -s 10.33.0.0/24 -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -s 10.33.0.0/24 -o eth0 -j MASQUERADE
# [Peer]
# PublicKey =
# AllowedIPs = 10.33.0.2/32
---
kind: Service
apiVersion: v1
metadata:
name: wireguard
labels:
app: wireguard
spec:
type: LoadBalancer
ports:
- name: wg
protocol: UDP
port: 51820
targetPort: 51820
selector:
app: wireguard
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wireguard
spec:
replicas: 1
selector:
matchLabels:
app: wireguard
template:
metadata:
labels:
app: wireguard
spec:
initContainers:
- name: sysctls
image: busybox
command:
- sh
- -c
- sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.forwarding=1
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
containers:
- name: wireguard
image: masipcat/wireguard-go:latest
command:
- sh
- -c
- echo "Public key '$(wg pubkey < /etc/wireguard/privatekey)'" && /entrypoint.sh
ports:
- containerPort: 51820
protocol: UDP
name: wireguard
env:
- name: LOG_LEVEL
value: info
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
resources:
requests:
memory: 64Mi
cpu: "100m"
limits:
memory: 256Mi
volumeMounts:
- name: cfgmap
mountPath: /etc/wireguard/wg0.conf
subPath: wg0.conf
- name: secret
mountPath: /etc/wireguard/privatekey
subPath: privatekey
volumes:
- name: cfgmap
configMap:
name: wg-configmap
- name: secret
secret:
secretName: wg-secret
Client config examples
Basic
/etc/wireguard/wg0.conf
[Interface]
# Assign you an IP (that's not in use) and add it to server configmap
Address = 10.33.0.2/32
# generate private key using `wg genkey`
PrivateKey = <your private key>
[Peer]
# Wireguard server public key
PublicKey = AbC...XyZ=
# LoadBalancer IP (replace with your LoadBalancer ip)
Endpoint = 1.2.3.4:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Basic + kube-dns
(This example only works with OS that use openresolv
)
/etc/wireguard/wg0.conf
[Interface]
...
# Configure kube-dns ip address as dns resolver in you local machine (resolves names like 'your-service.default.svc.cluster.local')
PostUp = printf "nameserver 10.90.0.5\nsearch default.svc.cluster.local svc.cluster.local cluster.local" | resolvconf -a %i
[Peer]
...
# Change AllowedIPs to 10.0.0.0/8 if you only want to connect to k8s pods/services
AllowedIPs = 10.0.0.0/8
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].