diff --git a/config/crd/bases/vpn.wireguard-operator.io_wireguardpeers.yaml b/config/crd/bases/vpn.wireguard-operator.io_wireguardpeers.yaml index dd4672c5..ed9356cc 100644 --- a/config/crd/bases/vpn.wireguard-operator.io_wireguardpeers.yaml +++ b/config/crd/bases/vpn.wireguard-operator.io_wireguardpeers.yaml @@ -72,6 +72,9 @@ spec: Important: Run "make" to regenerate code after modifying this file The address of the peer. type: string + allowedIPs: + description: The AllowedIPs of the peer. + type: string disabled: description: Set to true to temporarily disable the peer. type: boolean diff --git a/pkg/api/v1alpha1/wireguardpeer_types.go b/pkg/api/v1alpha1/wireguardpeer_types.go index ff5a9950..b8dd1281 100644 --- a/pkg/api/v1alpha1/wireguardpeer_types.go +++ b/pkg/api/v1alpha1/wireguardpeer_types.go @@ -37,6 +37,8 @@ type WireguardPeerSpec struct { // Important: Run "make" to regenerate code after modifying this file // The address of the peer. Address string `json:"address,omitempty"` + // The AllowedIPs of the peer. + AllowedIPs string `json:"allowedIPs,omitempty"` // Set to true to temporarily disable the peer. Disabled bool `json:"disabled,omitempty"` // The DNS configuration for the peer. diff --git a/pkg/controllers/wireguard_controller.go b/pkg/controllers/wireguard_controller.go index 512c7950..6d5892c4 100644 --- a/pkg/controllers/wireguard_controller.go +++ b/pkg/controllers/wireguard_controller.go @@ -193,6 +193,12 @@ func (r *WireguardReconciler) updateWireguardPeers(ctx context.Context, req ctrl dnsConfiguration = dns + ", " + dnsSearchDomain } + allowIps := peer.Spec.AllowedIPs + + if allowIps == "" { + allowIps = "0.0.0.0/0" + } + newConfig := fmt.Sprintf(` echo " [Interface] @@ -208,8 +214,8 @@ DNS = %s`, peer.Name, peer.Namespace, peer.Spec.Address, dnsConfiguration) [Peer] PublicKey = %s -AllowedIPs = 0.0.0.0/0 -Endpoint = %s:%s"`, serverPublicKey, serverAddress, wireguard.Status.Port) +AllowedIPs = %s +Endpoint = %s:%s"`, serverPublicKey, allowIps, serverAddress, wireguard.Status.Port) if peer.Status.Config != newConfig || peer.Status.Status != v1alpha1.Ready { peer.Status.Config = newConfig peer.Status.Status = v1alpha1.Ready diff --git a/pkg/controllers/wireguard_controller_test.go b/pkg/controllers/wireguard_controller_test.go index cfd47f4c..56874ec7 100644 --- a/pkg/controllers/wireguard_controller_test.go +++ b/pkg/controllers/wireguard_controller_test.go @@ -3,12 +3,13 @@ package controllers import ( "context" "fmt" - "github.com/jodevsa/wireguard-operator/pkg/api/v1alpha1" - "sigs.k8s.io/controller-runtime/pkg/client" "strconv" "strings" "time" + "github.com/jodevsa/wireguard-operator/pkg/api/v1alpha1" + "sigs.k8s.io/controller-runtime/pkg/client" + . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" appsv1 "k8s.io/api/apps/v1" @@ -371,8 +372,8 @@ DNS = %s, %s.svc.cluster.local [Peer] PublicKey = %s -AllowedIPs = 0.0.0.0/0 -Endpoint = %s:%s"`, peerKey.Name, peer.Spec.Address, dnsServiceIp, peer.Namespace, wgPublicKey, expectedAddress, expectedNodePort), +AllowedIPs = %s +Endpoint = %s:%s"`, peerKey.Name, peer.Spec.AllowedIPs, peer.Spec.Address, dnsServiceIp, peer.Namespace, wgPublicKey, expectedAddress, expectedNodePort), Status: "ready", Message: "Peer configured", })) @@ -500,8 +501,8 @@ DNS = %s, %s.svc.cluster.local [Peer] PublicKey = %s -AllowedIPs = 0.0.0.0/0 -Endpoint = %s:%s"`, peerKey.Name, peer.Spec.Address, dnsServiceIp, peer.Namespace, wgPublicKey, expectedExternalHostName, wg.Status.Port), +AllowedIPs = %s +Endpoint = %s:%s"`, peerKey.Name, peer.Spec.AllowedIPs, peer.Spec.Address, dnsServiceIp, peer.Namespace, wgPublicKey, expectedExternalHostName, wg.Status.Port), Status: "ready", Message: "Peer configured", })) @@ -515,7 +516,7 @@ Endpoint = %s:%s"`, peerKey.Name, peer.Spec.Address, dnsServiceIp, peer.Namespac for _, useWgUserspace := range []bool{true, false} { testTextPrefix := "uses" if !useWgUserspace { - testTextPrefix="does not use" + testTextPrefix = "does not use" } It(fmt.Sprintf("%s userspace implementation of wireguard if spec.useWgUserspaceImplementation is set to %t", testTextPrefix, useWgUserspace), func() {