search

masipcat / wireguard-go-docker

Wireguard docker image
https://hub.docker.com/r/masipcat/wireguard-go
GNU General Public License v3.0
182 stars 42 forks source link

access k8s services using wg-go deployment #20

Closed pratikbin closed 3 years ago

pratikbin commented 3 years ago

Hello, Thanks for amazing project, i setup this on my k3s cluster and it works fine, i can ping from both ends vice versa.

Now i want to access k8s services through wg-go from my local pc, i know there is something to do with iptables but don't know how and what!

masipcat commented 3 years ago

Hello,

Have you tried https://github.com/masipcat/wireguard-go-docker#basic--kube-dns ? Basically you're configurung the wg-go from you local pc to use the k8s dns server, so you can discover the services by name.

I assume you already configured your k3s cluster with this yaml: https://github.com/masipcat/wireguard-go-docker#kubernetes (contains the iptables to set up NAT on PostUp)

pratikbin commented 3 years ago

Thanks @masipcat for fast reply,

I am using k3s with coreDNS (default out of the box) and connecting wg (kernel version) from local pc which is successful so far

Have you tried https://github.com/masipcat/wireguard-go-docker#basic--kube-dns ? Basically you're configurung the wg-go from you local pc to use the k8s dns server, so you can discover the services by name.

yes

I assume you already configured your k3s cluster with this yaml: https://github.com/masipcat/wireguard-go-docker#kubernetes (contains the iptables to set up NAT on PostUp)

masipcat commented 3 years ago

I am using k3s with coreDNS (default out of the box)

Have you tried https://github.com/masipcat/wireguard-go-docker#basic--kube-dns ? Basically you're configurung the wg-go from you local pc to use the k8s dns server, so you can discover the services by name.

I've never used k3s nor CoreDNS but it should work the same way. You need to configure the ip address of CoreDNS service in your local resolver.

But if you want, before configuring DNS, did you tried to connect to any k8s service using the ip address?

If you can ping k8s peer and you used the yaml in the readme, you should be able to talk to any k8s service.

I'm not sure if I understood where is the problem... I hope this helps

pratikbin commented 3 years ago

kindly can you look at below wg configs wg-configmap wg.conf image local wg.conf. coredns is pod and it's ip is 10.41.0.10 image

still can't ping/curl pod/services through ip/k8s-fully-qualified-name

masipcat commented 3 years ago

Why you use a different IP range for the tunnel?

I'd try using 11.0.0.2/16 for the local config (you need to set 11.0.0.0/16 in the AllowedIPs in the server).

pratikbin commented 3 years ago

yeah thanks for suggestion, actually i was trying create topology.

I'd try using 11.0.0.2/16 for the local config (you need to set 11.0.0.0/16 in the AllowedIPs in the server).

pratikbin commented 3 years ago

Application changed, Thanks for amazing project and support. :+1: