Helm/wg-easy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1 Commit 1 Branch 0 Tags
0bd6cd012d2c9af527dbb6d1805743e9b4796f4a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Swordsteel 0bd6cd012d initialize wg-easy
2025-08-30 17:09:21 +02:00
.gitea/workflows
initialize wg-easy
2025-08-30 17:09:21 +02:00
helm
initialize wg-easy
2025-08-30 17:09:21 +02:00
.gitignore
initialize wg-easy
2025-08-30 17:09:21 +02:00
README.md
initialize wg-easy
2025-08-30 17:09:21 +02:00

README.md

WireGuard with UI

Basic stuff

Install

helm install wg-easy ./helm --namespace wireguard --create-namespace

Update

helm -n wireguard upgrade wg-easy ./helm/

Check

kubectl -n wireguard get cm,pvc,pod,svc

Tail Log

kubectl -n wireguard logs -f wg-easy-0

Delete

kubectl delete ns wireguard

K8s and unsafe option

Config file on k8s host

sudo nano /var/snap/microk8s/current/args/kubelet

add ipv4 and ipv6 to be added to the end of the kubelet file.

--allowed-unsafe-sysctls=net.ipv4.ip_forward,net.ipv6.conf.all.forwarding

Changing IP

these are recommended, as we use 8.0.0.0/8 for other things...

IPv4 172.16.0.0/24
IPv6 fdb0::/112

info: changing ip's, a restart of the pod is needed... for iptables and nat to change to new ip.

Problems with traffic

This are more here for help if there is problem

Rout traffic

Here is two ways of making the k8s server handle routing of traffic

persistent iptables

sudo apt install iptables-persistent
  • replace <interface> with your network card like eth0.
  • replace <host-ipv4> with ip like 10.8.0.0/24.
  • replace <host-ipv6> with ip like fdcc:ad94:bacf:61a4::cafe:0/112.
sudo iptables -t nat -A POSTROUTING -s <host-ipv4> -o <interface> -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s <host-ipv6> -o <interface> -j MASQUERADE

sudo netfilter-persistent save

Systemd service

create this file /etc/systemd/system/wireguard-masquerade.service

sudo nano /etc/systemd/system/wireguard-masquerade.service

Changes

  • replace <interface> with your network card like eth0.
  • replace <host-ipv4> with ip like 10.8.0.0/24.
  • replace <host-ipv6> with ip like fdcc:ad94:bacf:61a4::cafe:0/112.
[Unit] 
Description=WireGuard MASQUERADE for <host-ipv4> and <host-ipv6>
After=network.target 

[Service] 
Type=oneshot 
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s <host-ipv4> -o <interface> -j MASQUERADE 
ExecStart=/sbin/ip6tables -t nat -A POSTROUTING -s <host-ipv6> -o <interface> -j MASQUERADE
RemainAfterExit=yes 

[Install] 
WantedBy=multi-user.target
Enable
sudo systemctl enable wireguard-masquerade
Start
sudo systemctl start wireguard-masquerade

check things

kubectl -n wireguard exec -it pod/wg-easy-0 -- sysctl net.ipv4.ip_forward

kubectl -n wireguard exec -it pod/wg-easy-0 -- sysctl net.ipv6.conf.all.forwarding

kubectl -n wireguard exec -it wg-easy-0 -- wg show

microk8s kubectl -n wireguard exec -it wg-easy-0 -- iptables -t nat -L -n -v | grep 10.8

kubectl -n wireguard exec -it pod/wg-easy-0 -- ip add
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 51 KiB
Languages
Smarty 100%