I have a Kubernetes cluster and need to install WireGuard kernel module as a Daemonset-like job in each and every node in the cluster since the kernel version I have to deal with is pre 5.16.
My question is: is it possible to replace and mount the entire host root filesystem into the container (if it possible then the container image doesn't really matter, let's choose ubuntu) and use the host commands to install WireGuard kernel module (or generally install anything) from the container?
Why would you mount the root filesystem when you can use the docker image for wireguard.
Or build your own image based on wireguard dockerfile.
There is also a project kubewg which helps you manage Wireguard.
kubewg is a Kubernetes controller that allows you to configure and manage [Wireguard] VPN configuration using a Kubernetes API server.
It introduces the following [CustomResourceDefinition] resources:
- Network: Represents a Wireguard VPN network.
- Peer: Represents a single Peer in a a Network. Each peer will be allocated an address in the network's subnet.
- RouteBinding: Represents additional route configuration that should be used by all members of the VPN network.
And Wormhole Wireguard based overlay network CNI plugin for kubernetes.
Wormhole is a simple CNI plugin designed to create an encrypted overlay network for kubernetes clusters.
WireGuard is a fascinating Fast, Modern, Secure VPN tunnel, that has been gaining significant praise from security experts, and is currently proposed for inclusion within the linux kernel.
Wormhole uses WireGuard to create a simple and secure high performance encrypted overlay network for kubernetes clusters, that is easy to manage and troubleshoot.
Wormhole does not implement network policy, instead we recommend to use calico or kube-router as network policy controllers.