diff --git a/config/crd/bases/vpn.wireguard-operator.io_wireguards.yaml b/config/crd/bases/vpn.wireguard-operator.io_wireguards.yaml index 252a2e1..c9934b3 100644 --- a/config/crd/bases/vpn.wireguard-operator.io_wireguards.yaml +++ b/config/crd/bases/vpn.wireguard-operator.io_wireguards.yaml @@ -115,6 +115,10 @@ spec: be useful to enable if the peers are having problems with sending traffic to the internet. type: boolean + hostNetwork: + description: A boolean field that specifies whether the Wireguard + VPN pod should run in the host network namespace. + type: boolean metric: description: WireguardPodSpec defines spec for respective containers created for Wireguard diff --git a/pkg/api/v1alpha1/wireguard_types.go b/pkg/api/v1alpha1/wireguard_types.go index a2e0615..068e536 100644 --- a/pkg/api/v1alpha1/wireguard_types.go +++ b/pkg/api/v1alpha1/wireguard_types.go @@ -53,6 +53,8 @@ type WireguardSpec struct { EnableIpForwardOnPodInit bool `json:"enableIpForwardOnPodInit,omitempty"` // A boolean field that specifies whether to use the userspace implementation of Wireguard instead of the kernel one. UseWgUserspaceImplementation bool `json:"useWgUserspaceImplementation,omitempty"` + // A boolean field that specifies whether the Wireguard VPN pod should run in the host network namespace. + HostNetwork bool `json:"hostNetwork,omitempty"` NodeSelector map[string]string `json:"nodeSelector,omitempty"` Agent WireguardPodSpec `json:"agent,omitempty"` diff --git a/pkg/controllers/wireguard_controller.go b/pkg/controllers/wireguard_controller.go index b191a24..d9b4179 100644 --- a/pkg/controllers/wireguard_controller.go +++ b/pkg/controllers/wireguard_controller.go @@ -863,6 +863,11 @@ func (r *WireguardReconciler) deploymentForWireguard(m *v1alpha1.Wireguard) *app } } + if m.Spec.HostNetwork { + dep.Spec.Template.Spec.HostNetwork = true + dep.Spec.Template.Spec.DNSPolicy = corev1.DNSClusterFirstWithHostNet + } + ctrl.SetControllerReference(m, dep, r.Scheme) return dep }