Skip to content

Latest commit

 

History

History
38 lines (26 loc) · 1.23 KB

README.md

File metadata and controls

38 lines (26 loc) · 1.23 KB

wireguardaks

1- register custom node config to allow unsafe sysctl (you need to create a new cluster or a new nodepool with custom config). https://docs.microsoft.com/en-us/azure/aks/custom-node-configuration

2- Create LB service to expose udp 51820 which will be used by wireguard clients (get the External ip)

use wireservice.yaml

kubectl apply -f wireservice.yaml
kubectl get service wireguard-service -n wireguard

3- create a pvc to store wireguard data using wirepvc.yaml

kubectl apply -f wireservice.yaml

4- edit the deployment wiredeploy.yaml and update the environment variables:

TZ: timezone
SERVERURL: <external ip exposed by the LB service>
PEERDNS: <DNS Server IP> # can be set to coredns ip.
ALLOWEDIPS: <this is the network clients will be able to access> #you can set this to the vnet subnet. if peerdns is outside this range, you may want to set it also.
#example using podcidr and servicecidr: 
#ALLOWEDIPS: 10.244.0.0/16, 10.0.0.0/16
INTERNAL_SUBNET: <this will be used by the clients and the wireguard pod, better not to conflict with allowed ips from the vnet.>

References:
https://docs.linuxserver.io/images/docker-wireguard
https://docs.microsoft.com/en-us/azure/aks/custom-node-configuration