New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What to consider when runPodOnHostNetwork = true #61

Open

ALIP-0 opened this issue Sep 17, 2024 · 1 comment

ALIP-0 commented Sep 17, 2024

What should be considered when setting runPodOnHostNetwork = TRUE ?

Must we amend other areas of the configuration ?

I am working off the assumption that the purpose of runPodOnHostNetwork = TRUE is to allow peers on any node/pod to communicate ?

Owner

bryopsida commented Sep 24, 2024 •

edited

Loading

Typically you would also want to run as daemonset as well.

Here's an example value override for a daemonset: https://github.com/bryopsida/wireguard-chart/blob/main/ci/test-with-healthsidecar-daemonset-hostport.yaml.

Some things to be aware of related to that setting

I am working off the assumption that the purpose of runPodOnHostNetwork = TRUE is to allow peers on any node/pod to communicate ?

There's probably more cases/reasons one might want to use it but here's a few

Removes the overhead of ingressing through a kubernetes service and instead exposes the WG server listening port directly on the node's network
Depending on network, may reduce complexity of hooks with iptable rules to setup NAT.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment