Hacker News new | ask | show | jobs
by KenanSulayman 2245 days ago
Well if you make it a DaemonSet you could technically use the container as the network interface of other containers throughout the whole cluster. That said, I'm very happy that his example k8s deployment uses secrets.

I didn't know Ubuntu 20.04 back ported WG into its 5.4 kernel. I spent a few hours yesterday fixing a node after breaking ZFS because I upgraded to 5.6 for WG support. I feel rather silly now..

edit: rektide mentioned 'kilo' which actually does exactly what I said (https://github.com/squat/kilo).
1 comments
tombh 2245 days ago
That's an interesting idea about using a unified network interface. Do you know how you might then get the right packets to the right containers/processes? Does that even matter with Wireguard?
link
KenanSulayman 2245 days ago
You can use a different container as network in docker: 'container:<name>' would route the container traffic through specified container.

Example vpn container:

  docker run --name foo --cap-add=NET_ADMIN ...
Other container:

  docker run --net=container:foo ...
Now you'd need to specify the respective routing rules [1] in the container.

[1] i.e. https://github.com/bubuntux/nordvpn/blob/master/start_vpn.sh...

link