userspace logic

docker/Dockerfile-userspace

@@ -10,7 +10,17 @@ RUN git clone https://git.zx2c4.com/wireguard-go && \
     make && \
     make install
 
+ENV WITH_WGQUICK=yes
+RUN git clone https://git.zx2c4.com/wireguard-tools && \
+    cd wireguard-tools && \
+    cd src && \
+    make && \
+    make install
+
 FROM gravitl/netmaker:${NM_VERSION}
 
-RUN apk add --no-cache --update libmnl iptables openresolv iproute2
+RUN apk add --no-cache --update bash libmnl iptables openresolv iproute2
 COPY --from=builder /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/
+COPY scripts/userspace-entrypoint.sh ./entrypoint.sh
+
+ENTRYPOINT ["/bin/sh", "./entrypoint.sh"]

docker/Dockerfile-wg-quick

@@ -1,23 +0,0 @@
-ARG NM_VERSION=
-
-FROM gravitl/builder as builder
-
-RUN apk add --update git build-base libmnl-dev iptables
-
-WORKDIR /root/
-RUN git clone https://git.zx2c4.com/wireguard-go && \
-    cd wireguard-go && \
-    make && \
-    make install
-
-ENV WITH_WGQUICK=yes
-RUN git clone https://git.zx2c4.com/wireguard-tools && \
-    cd wireguard-tools && \
-    cd src && \
-    make && \
-    make install
-
-FROM gravitl/netmaker:${NM_VERSION}
-
-RUN apk add --no-cache --update bash libmnl iptables openresolv iproute2
-COPY --from=builder /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/

kube/helm/netmaker/templates/netmaker-statefulset.yaml

@@ -77,7 +77,7 @@ spec:
               apiVersion: v1
               fieldPath: metadata.name
         - name: SQL_HOST
-          value: '{{ .Release.Name }}-postgresql-ha-postgresql.{{ .Release.Namespace }}.svc.cluster.local'
+          value: '{{ .Release.Name }}-postgresql-ha-pgpool.{{ .Release.Namespace }}.svc.cluster.local'
         - name: SQL_PORT
           value: "5432"
         - name: SQL_DB
@@ -88,7 +88,11 @@ spec:
           value: {{ index .Values "postgresql-ha" "postgresql" "password" }}
         - name: DATABASE
           value: postgres
-        image: gravitl/netmaker:userspace5
+      {{- if or (not .Values.wireguard.enabled) (.Values.wireguard.kernel) }}
+        image: gravitl/netmaker:v0.8.4
+      {{- else }}
+        image: gravitl/netmaker:v0.8.4-userspace
+      {{- end }}
         imagePullPolicy: Always
         name: {{ include "netmaker.fullname" . }}
         ports:

kube/helm/netmaker/templates/services.yaml

@@ -27,7 +27,7 @@ spec:
     protocol: TCP
     targetPort: {{ .Values.service.restPort }}
   selector:
-    {{- include "netmaker.selectorLabels" . | nindent 4 }}
+    app: '{{ include "netmaker.fullname" . }}'
   sessionAffinity: None
   type: {{ .Values.service.type }}
 ---
@@ -44,6 +44,6 @@ spec:
     protocol: TCP
     targetPort: {{ .Values.service.grpcPort }}
   selector:
-    {{- include "netmaker.selectorLabels" . | nindent 4 }}
+    app: '{{ include "netmaker.fullname" . }}'
   sessionAffinity: None
   type: {{ .Values.service.type }}

logic/wireguard.go

@@ -108,7 +108,7 @@ func initWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
 
 	if !ncutils.IsKernel() {
 		var newConf string
-		if node.UDPHolePunch != "yes" {
+		if node.UDPHolePunch != "yes" || node.IsServer == "yes" {
 			newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), strconv.FormatInt(int64(node.ListenPort), 10), node.MTU, node.PersistentKeepalive, peers)
 		} else {
 			newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), "", node.MTU, node.PersistentKeepalive, peers)

scripts/userspace-entrypoint.sh

@@ -0,0 +1,6 @@
+# If running userspace wireguard in Docker, create missing tun device.
+if [ ! -d /dev/net ]; then mkdir /dev/net; fi
+if [ ! -e /dev/net/tun ]; then  mknod /dev/net/tun c 10 200; fi
+
+# Wait and then run netmaker.
+/bin/sh -c "sleep 3; ./netmaker"