This deployment will setup Wireguard VPN with autoscaling.
WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks, and was designed with the goals of ease of use, high speed performance, and low attack surface
-
This deployment depends on dynamic-dns deployment, because the Wireguard will use the domain name.
-
This deployment depends on nfs-server deployment.
Update the file deploy-wireguard.yml.j2 with your domain name.
apiVersion: v1
kind: ConfigMap
metadata:
name: wireguard-configmap
namespace: devops-tools
data:
PUID: "1000"
PGID: "1000"
TZ: "Australia/Sydney" # Your time zone
SERVERPORT: "31820"
SERVERURL: example.com # Your DNS name
PEERS: "5" #How many client will be able to connect.
PEERDNS: auto
ALLOWEDIPS: "0.0.0.0/0, ::/0"
INTERNAL_SUBNET: "10.13.13.0"
The first step is to access the peer created, you can either download it from the volume, in my case I'm not use an external storage and it's located on rpi-k8s-node-1 at /volume/devops/wireguard.
You can access each peer folder and grep the .conf
The easiet way to access the conf is via QR Code.
Option 1:
Run kubectl get pods -n devops-tools to grep the wireguard pod name, in my case it's wireguard-5fd8cbd895-szxfh
Run kubectl logs wireguard-5fd8cbd895-szxfh -n devops-tools
This will output all peers QR Code.
Option 2:
Run kubectl exec -ti wireguard-5fd8cbd895-szxfh -n devops-tools -- /app/show-peer 1
You can run the command kubectl exec -ti wireguard-5fd8cbd895-szxfh -n devops-tools -- wg to show the tunnel interface. The wg utility provides a series of sub-commands for changing WireGuard-specific aspects of WireGuard interfaces.
