Adding the above should have the following benefits:
Reference flannel wireguard support:
https://github.com/coreos/flannel/blob/master/dist/extension-wireguard
We're using flannel with wireguard backend in production for the past 1.5 years now and would like to simplify our network stack around Calico.
Thank you for making Calico great!
@mindw good news! Calico v3.14.0 has tech-preview support for wireguard.
Read more about it here: https://docs.projectcalico.org/security/try-node-to-node-encryption.
I'll leave this issue open for now in order to gather feedback.
Indeed. Many thanks we'll take this to a spin ASAP!
That is awesome news! From what I can tell from https://github.com/projectcalico/libcalico-go/pull/1215 there is no support for wireguard nodes that live outside of the kube cluster(?) as the public keys exchange rely on reading calico nodes' attributes (if I read this right). Are there any plans to support communication outside the cluster (non-calico hosts or another remote kube cluster)?
An update on this. We've successfully replaced our custom setup of Canal/wireguard with Calico 3.15.x.
Many thanks yet again!
Most helpful comment
That is awesome news! From what I can tell from https://github.com/projectcalico/libcalico-go/pull/1215 there is no support for wireguard nodes that live outside of the kube cluster(?) as the public keys exchange rely on reading calico nodes' attributes (if I read this right). Are there any plans to support communication outside the cluster (non-calico hosts or another remote kube cluster)?