WireGuard on K8s (road-warrior-style VPN server)
April 27, 2020•684 words
(See comments on Hacker News.)
WireGuard first appears in Linux kernel 5.6, but Ubuntu 20.04 LTS includes a backport in its 5.4 kernel.
So if your K8s nodes are running Ubuntu 20.04 LTS, they come with WireGuard installed as a kernel module that will automatically load when needed. This means that if you can set CAP_NET_ADMIN on containers, you can run a road-warrior-style WireGuard server in K8s without making changes to the node.
Here's my deployment:
apiVersion: apps/v1
kind: Deployment
me...
Read post