{"id":21231,"date":"2021-04-27T07:16:41","date_gmt":"2021-04-27T05:16:41","guid":{"rendered":"https:\/\/www.inovex.de\/blog\/?p=21231"},"modified":"2022-11-21T15:51:55","modified_gmt":"2022-11-21T14:51:55","slug":"how-to-set-up-a-k3s-cluster-on-wireguard","status":"publish","type":"post","link":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/","title":{"rendered":"How to Set Up a K3s Cluster on WireGuard"},"content":{"rendered":"<p>This blog post is a tutorial on how to set up a WireGuard network using Raspberry Pis for a K3s cluster, with each device connected to a central cloud virtual machine (VM).\u00a0<!--more--><\/p>\n<p>At the core of inovex are the values innovation and excellence. If we want to be and remain innovative and excellent in a dynamic environment, we have to take care of it. Over the years we have developed a series of measures with which we ensure our high knowledge and quality standards.\u00a0One of these are our <strong>Tech Days<\/strong>, where colleagues from a technology department meet and train together with and on cool technologies.<\/p>\n<div class=\"sc-splash w-link\">\n\t\t<div class=\"sc-splash__content\">\t\t\n\t\t<div class=\"sc-splash__text\">\t\t\n\t\t<strong>Also read:<\/strong> Backup K3s with Litestream\n\t\t<\/div>\n\t\t<a  class=\"sc-splash__btn\" href=\"\/de\/blog\/k3s-backup-litestream\/\">\n\t\tRead now\n\t\t<\/a> \n\t\t\n\t\t<\/div>\n\t\t\n\t<\/div>\n<p><a href=\"https:\/\/www.inovex.de\/blog\/ito-techday-2020-review\/\">Our last Tech Day was held remotely due to the coronavirus<\/a>. As a socialising event, we had a hackathon with every participant getting a Raspberry Pi sent home beforehand. My group had the idea to build a K3s cluster spanning across the desks of all team members. Since we were at home and most of our home networks are behind at least one NAT device, we had to build a VPN connecting our Raspberry Pis. In this blog post I want to show our initial prototype setup with a step by step tutorial to reproduce the setup.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\"><\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#Initial-Setup\" >Initial Setup<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#Cloud-VM\" >Cloud VM<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#Wireguard\" >Wireguard<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#K3s\" >K3s<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#Raspberry-Pis\" >Raspberry Pis<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#Connecting-the-Raspberry-Pi-to-the-cluster\" >Connecting the Raspberry Pi to the cluster<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#Final-Step\" >Final Step<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#Pitfalls\" >Pitfalls<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Initial-Setup\"><\/span>Initial Setup<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In our prototype we decided to build the WireGuard network as a star topology: every Raspberry Pi is connected to a central cloud VM. We did this since the VM has a stable public IP and thus every Raspberry Pi is able to initiate a WireGuard tunnel to the VM. The VM will also host our K3s master.<\/p>\n<p><a href=\"https:\/\/www.inovex.de\/wp-content\/uploads\/k3s-on-wireguard-architektur.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-21382\" src=\"https:\/\/www.inovex.de\/wp-content\/uploads\/k3s-on-wireguard-architektur.png\" alt=\"\" width=\"1920\" height=\"1080\" \/><\/a><\/p>\n<p>The Raspberry Pis are hosting the K3s agents. (After checking the network ranges of the participants\u2019 home setups to avoid ip range collisions) we chose the network 10.222.0.0\/24 for our nodes in the WireGuard network.<\/p>\n<p>The next to section will talk you through the setup of the cloud VM and the Raspberry Pis.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cloud-VM\"><\/span>Cloud VM<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This section talks you through the installation and configuration of the cloud VM. All shell commands must be executed as the root user. As a convention we start the start of a shell command with a<span style=\"font-weight: 400;\"> <code>$<\/code> <\/span>in our listings. You do not have to type that into your shell.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Wireguard\"><\/span>Wireguard<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>We choose Ubuntu 20.04 as the operating system for our cloud VM. The first step was to install the WireGuard package:<\/p>\n<pre class=\"lang:zsh decode:true\">$ apt-get update &amp;&amp; apt-get install wireguard<\/pre>\n<p>Since we want to route traffic between the Raspberry Pis, we had to enable IP forwarding on the cloud VM<\/p>\n<pre class=\"lang:zsh decode:true\">$ sysctl -w net.ipv4.ip_forward=1\r\n<\/pre>\n<p>The next step is to generate the public and the private keys for our WireGuard tunnel:<\/p>\n<pre class=\"lang:zsh decode:true\">$ wg genkey | tee privatekey | wg pubkey &gt; publickey\r\n<\/pre>\n<p>With these two keys we are able to set up the WireGuard wg0 interface. Place the following config in \/etc\/wireguard\/wg0.conf:<\/p>\n<pre class=\"lang:default decode:true\"># \/etc\/wireguard\/wg0.conf\r\n[Interface]\r\n\r\n# The IP address of this host in the wireguard tunnels\r\nAddress = 10.222.0.1\r\n\r\n# Every Raspberry Pi connects via UDP to this port. Your Cloud VM must be reachable on this port via UDP from the internet.\r\nListenPort = 51871\r\n\r\n# Set the private key to the value of the privatekey file generated by the previous command\r\nPrivateKey = yBo18fnFVjKrRS0dfH0DDehGrVBH1aDaZValIwdEW1I=\r\n\r\n# Set the MTU according to the internet connections of your clients\r\n# In our case the autodetection assumed 8920 since the cloud network supported jumbo frames.\r\nMTU = 1420\r\n<\/pre>\n<p>With this configuration in place we can bring up the wg0 interface:<\/p>\n<pre class=\"lang:zsh decode:true\">$ wg-quick up wg0\r\n<\/pre>\n<p>After this step, your cloud VM has a network interface wg0 with the IP address 10.222.0.1 assigned. We set a static route for the network 10.222.0.0\/24 to that interface:<span style=\"font-weight: 400;\"><br \/>\n<\/span><\/p>\n<pre class=\"lang:zsh decode:true\">$ ip -4 route add 10.222.0.0\/24 dev wg0<\/pre>\n<p>This allows us to dynamically add new WireGuard clients to our network.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"K3s\"><\/span>K3s<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The next step is to install and configure the K3s master. We did this via the following oneliner:<\/p>\n<pre class=\"lang:zsh decode:true\">$ curl -sfL https:\/\/get.k3s.io | sh -<\/pre>\n<p>We recommend replacing this with a proper installation routine in a production setup since executing foreign scripts from the internet with root privileges is a security nightmare.<br \/>\nAfter the installation has finished we have to reconfigure the flannel CNI in K3s to use the wg0 interface. Place this systemd drop in \/etc\/systemd\/system\/k3s.service.d\/network.conf<\/p>\n<pre class=\"lang:default decode:true\"># \/etc\/systemd\/system\/k3s.service.d\/network.conf\u00a0\r\n[Service]\r\nExecStart=\r\nExecStart=\/usr\/local\/bin\/k3s server --advertise-address 10.222.0.1 --flannel-iface=wg0<\/pre>\n<p>and restart the k3s systemd service:<\/p>\n<pre class=\"lang:zsh decode:true\">$ systemctl daemon-reload &amp;&amp; systemctl restart k3s.service\r\n<\/pre>\n<p>To check your K3s installation, run:<\/p>\n<pre class=\"lang:zsh decode:true\">$ kubectl get nodes\r\nNAME STATUS ROLES AGE VERSION\r\n\r\nmaster Ready master 5m v1.18.9+k3s1<\/pre>\n<h3><span style=\"font-weight: 400;\"><br \/>\n<\/span>Raspberry Pis<\/h3>\n<p>The steps described in this section must be repeated for every Raspberry Pi you want to connect to your cluster.<\/p>\n<p>In our prototype, we use the Ubuntu 20.04 image from the <a href=\"https:\/\/www.raspberrypi.org\/blog\/raspberry-pi-imager-imaging-utility\/\">rasperry pi imager utility<\/a> on a Raspberry Pi 4 with 2 GB RAM. Since we want to install K3s on the nodes, we had to modify the kernel command line to enable cgroup memory management. After installing the Ubuntu 20.04 image to a SD card, mount the SD card on your PC and append<\/p>\n<pre class=\"lang:default decode:true\">cgroup_memory=1 cgroup_enable=memory\r\n<\/pre>\n<p>to the <span style=\"font-weight: 400;\"><code>boot\/cmdline.txt<\/code><\/span> file. After the first boot you should change the hostname of the Raspberry Pi to something unique, since K3s uses the hostname as kubernetes node name by default.<\/p>\n<p>\u201c(On raspbian) this can be done with the &#8222;sudo raspi-config&#8220; command or just editing the &#8222;\/etc\/hostname&#8220; file and rebooting\u201c<\/p>\n<p>Install the WireGuard package via:<\/p>\n<pre class=\"lang:zsh decode:true\">$ apt-get update &amp;&amp; apt-get install wireguard\r\n<\/pre>\n<p>Generate a public and a private key for the Raspberry Pi:<\/p>\n<pre class=\"lang:zsh decode:true\">$ wg genkey | tee privatekey | wg pubkey &gt; publickey<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Connecting-the-Raspberry-Pi-to-the-cluster\"><\/span>Connecting the Raspberry Pi to the cluster<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>To connect the Raspberry Pi to the WireGuard network and the K3s cluster we have to exchange some information.<\/p>\n<p>From the Raspberry Pi we need:<\/p>\n<ul>\n<li aria-level=\"1\">The IP address of the Raspberry Pi in the WireGuard network<\/li>\n<li aria-level=\"1\">The WireGuard public key generated on the Raspberry Pi<\/li>\n<\/ul>\n<p>From the cloud VM we need:<\/p>\n<ul>\n<li aria-level=\"1\">The WireGuard public key generated on the cloud VM<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">The K3s token located in <code><span style=\"font-weight: 400;\">\/var\/lib\/rancher\/k3s\/server\/token<\/span><\/code><\/li>\n<li aria-level=\"1\">The public IP of the VM<\/li>\n<\/ul>\n<p>Let&#8217;s assume the following information:<\/p>\n<ul>\n<li aria-level=\"1\">IP address of the Raspberry Pi in the network: 10.222.0.106<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">WireGuard public key of the Raspberry Pi: <span style=\"font-weight: 400;\"><code>csQQ8c7waCFksyIQyCOIu\/eqxaGUxueu8h02qr1f81Q=<\/code><\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">WireGuard public key of the cloud VM: <span style=\"font-weight: 400;\"><code>rcflbneYW\/3wVQy8H\/jDi\/oGlLgyrC4vmJvt4YJOVmw=<\/code><\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">K3s token: <span style=\"font-weight: 400;\"><code>K10a5fe90072692d561a72e6f793ec8392748c4e9b604e81d644c755f9dd6207::server:b730afa6f2572b914be9f226fc774<\/code><\/span><\/li>\n<li aria-level=\"1\">Public IP of the cloud VM: 192.0.2.20<\/li>\n<\/ul>\n<p>The first step is to add the Raspberry Pi as a peer to our WireGuard network on the cloud VM:<\/p>\n<pre class=\"lang:zsh decode:true\">root@cloud-vm$ wg set wg0 peer csQQ8c7waCFksyIQyCOIu\/eqxaGUxueu8h02qr1f81Q= allowed-ips 10.222.0.106\/32<\/pre>\n<p><span style=\"font-weight: 400;\"><br \/>\n<\/span>After we have allowed the Raspberry Pi to join our WireGuard network we configure the wg0 interface on the Raspberry Pi. Place the following configuration in <span style=\"font-weight: 400;\"><code>\/etc\/wireguard\/wg0.conf<\/code><\/span> on the Raspberry Pi:<\/p>\n<pre class=\"lang:default decode:true\"># \/etc\/wireguard\/wg0.conf\r\n[Interface]\r\n# The IP address of the Raspberry Pi in the wireguard network\r\nAddress = 10.222.0.106\/32\r\n\r\n# Private key of the Raspberry Pi\r\nPrivateKey = IG10ERcQaBIH0MA\/thDn5Yo1XM9tJZXwJNVwpQuCFn4=\r\n\r\n[Peer]\r\n# Public Key of the cloud VM\r\nPublicKey = rcflbneYW\/3wVQy8H\/jDi\/oGlLgyrC4vmJvt4YJOVmw=\r\n\r\n# Public IP of the cloud VM\r\nEndpoint = 192.0.2.20:51871\r\n\r\n# All traffic for the wireguard network should be routed to our cloud VM\r\nAllowedIPs = 10.222.0.0\/24\r\n\r\n# Since our Raspberry Pis are located behind NAT devices, send keep alives to our cloud VM to keep the connection in the NAT tables.\r\nPersistentKeepalive = 29\r\n\r\n<\/pre>\n<p>After creating this configuration run:<\/p>\n<pre class=\"lang:zsh decode:true\">root@pi$ wg-quick up wg0\r\n<\/pre>\n<p>Now you should be able to ping the cloud VM via the WireGuard network:<\/p>\n<pre class=\"lang:default decode:true\">root@pi$ ping -c 4 10.222.0.1\r\nPING 10.222.0.1 (10.222.0.1) 56(84) bytes of data.\r\n64 bytes from 10.222.0.1: icmp_seq=1 ttl=64 time=16.0 ms\r\n64 bytes from 10.222.0.1: icmp_seq=2 ttl=64 time=15.9 ms\r\n64 bytes from 10.222.0.1: icmp_seq=3 ttl=64 time=16.5 ms\r\n64 bytes from 10.222.0.1: icmp_seq=4 ttl=64 time=15.7 ms\r\n\r\n--- 10.222.0.1 ping statistics ---\r\n4 packets transmitted, 4 received, 0% packet loss, time 3004ms\r\nrtt min\/avg\/max\/mdev = 15.726\/16.035\/16.473\/0.275 ms\r\n\r\n<\/pre>\n<p>The next step is to install the K3s agent. We used this oneliner on our prototype:<\/p>\n<pre class=\"lang:zsh decode:true\">root@pi$: curl -sfL https:\/\/get.k3s.io | K3S_URL=https:\/\/10.222.0.1:6443 K3S_TOKEN=K10a5fe90072692d561a72e6f793ec8392748c4e9b604e81d644c755f9dd6207::server:b730afa6f2572b914be9f226fc774\u00a0 sh -<\/pre>\n<p><span style=\"font-weight: 400;\"><br \/>\n<\/span>Replace the <span style=\"font-weight: 400;\"><code>K3s_TOKEN<\/code><\/span> with the token generated on your cloud VM. The token is in the file <span style=\"font-weight: 400;\"><code>\/var\/lib\/rancher\/k3s\/server\/token<\/code><\/span> on the cloud VM.<\/p>\n<div style=\"background-color: #f4f7ff; padding: 15px; border-radius: 5px; margin: 5px;\">As already mentioned, please replace this step with a proper installation routine in a production setup to avoid the security nightmare of running unknown scripts from the internet with root permissions.<\/div>\n<p>After the installation we have to configure the flannel overlay. Create the following systemd drop in:<\/p>\n<pre class=\"lang:default decode:true \"># \/etc\/systemd\/system\/k3s-agent.service.d\/node-ip.conf\r\n[Service]\r\nExecStart=\r\nExecStart=\/usr\/local\/bin\/k3s agent --node-ip 10.222.0.106 --flannel-iface=wg0<\/pre>\n<p>Then run:<\/p>\n<pre class=\"lang:zsh decode:true\">root@pi$ systemctl daemon-reload &amp;&amp; systemctl restart k3s-agent.service<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Final-Step\"><\/span>Final Step<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The last step is to check if the Raspberry Pi joined your K3s cluster. Check via kubectl on the cloud VM:<\/p>\n<pre class=\"lang:zsh decode:true \">root@cloud-vm$ kubectl get nodes\r\nNAME STATUS ROLES AGE VERSION\r\nmaster Ready master 15m v1.18.9+k3s1\r\npi Ready &lt;none&gt; 1m v1.18.9+k3s1<\/pre>\n<p>With this setup we managed to build a K3s cluster in half a day with 22 nodes in many cities across Germany including Hamburg, Cologne and Karlsruhe.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Pitfalls\"><\/span>Pitfalls<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you use raspbian, you have to build the kernel module for WireGuard by yourself. Make sure that the correct kernel headers for the correct running kernel are used when building, especially if you have previously made an \u201crpi-update\u201c.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog post is a tutorial on how to set up a WireGuard network using Raspberry Pis for a K3s cluster, with each device connected to a central cloud virtual machine (VM).\u00a0<\/p>\n","protected":false},"author":33,"featured_media":27770,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"ep_exclude_from_search":false,"footnotes":""},"tags":[586,587],"service":[414,432,422,423],"coauthors":[{"id":33,"display_name":"Christoph Petrausch","user_nicename":"cpetrausch"}],"class_list":["post-21231","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-k3s","tag-wireguard","service-cloud","service-devops","service-it-engineering","service-kubernetes"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Set Up a K3s Cluster on WireGuard - inovex GmbH<\/title>\n<meta name=\"description\" content=\"This blog post is a tutorial on how to set up a WireGuard network using Raspberry Pis for a K3s cluster, with each device connected to a central cloud virtual machine (VM).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Set Up a K3s Cluster on WireGuard - inovex GmbH\" \/>\n<meta property=\"og:description\" content=\"This blog post is a tutorial on how to set up a WireGuard network using Raspberry Pis for a K3s cluster, with each device connected to a central cloud virtual machine (VM).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/\" \/>\n<meta property=\"og:site_name\" content=\"inovex GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inovexde\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-27T05:16:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-21T14:51:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inovex.de\/wp-content\/uploads\/k3s-on-wireguard.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christoph Petrausch\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.inovex.de\/wp-content\/uploads\/k3s-on-wireguard-1024x576.png\" \/>\n<meta name=\"twitter:creator\" content=\"@inovexgmbh\" \/>\n<meta name=\"twitter:site\" content=\"@inovexgmbh\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christoph Petrausch\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"9\u00a0Minuten\" \/>\n\t<meta name=\"twitter:label3\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data3\" content=\"Christoph Petrausch\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/\"},\"author\":{\"name\":\"Christoph Petrausch\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/person\\\/50e956dd05d9f8e78fd21af3c4d43aa4\"},\"headline\":\"How to Set Up a K3s Cluster on WireGuard\",\"datePublished\":\"2021-04-27T05:16:41+00:00\",\"dateModified\":\"2022-11-21T14:51:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/\"},\"wordCount\":1139,\"commentCount\":3,\"publisher\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/k3s-on-wireguard.png\",\"keywords\":[\"K3s\",\"Wireguard\"],\"articleSection\":[\"English Content\",\"General\",\"Infrastructure\"],\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/\",\"name\":\"How to Set Up a K3s Cluster on WireGuard - inovex GmbH\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/k3s-on-wireguard.png\",\"datePublished\":\"2021-04-27T05:16:41+00:00\",\"dateModified\":\"2022-11-21T14:51:55+00:00\",\"description\":\"This blog post is a tutorial on how to set up a WireGuard network using Raspberry Pis for a K3s cluster, with each device connected to a central cloud virtual machine (VM).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/k3s-on-wireguard.png\",\"contentUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/k3s-on-wireguard.png\",\"width\":1920,\"height\":1080,\"caption\":\"k3s on wireguard Logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/how-to-set-up-a-k3s-cluster-on-wireguard\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Set Up a K3s Cluster on WireGuard\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/\",\"name\":\"inovex GmbH\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#organization\",\"name\":\"inovex GmbH\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/inovex-logo-16-9-1.png\",\"contentUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/inovex-logo-16-9-1.png\",\"width\":1921,\"height\":1081,\"caption\":\"inovex GmbH\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/inovexde\",\"https:\\\/\\\/x.com\\\/inovexgmbh\",\"https:\\\/\\\/www.instagram.com\\\/inovexlife\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/inovex\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC7r66GT14hROB_RQsQBAQUQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/person\\\/50e956dd05d9f8e78fd21af3c4d43aa4\",\"name\":\"Christoph Petrausch\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/ChristophGopher-96x96.jpgcf9e8d784b562ae315f87ec9665b820b\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/ChristophGopher-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/ChristophGopher-96x96.jpg\",\"caption\":\"Christoph Petrausch\"},\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/author\\\/cpetrausch\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Set Up a K3s Cluster on WireGuard - inovex GmbH","description":"This blog post is a tutorial on how to set up a WireGuard network using Raspberry Pis for a K3s cluster, with each device connected to a central cloud virtual machine (VM).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/","og_locale":"de_DE","og_type":"article","og_title":"How to Set Up a K3s Cluster on WireGuard - inovex GmbH","og_description":"This blog post is a tutorial on how to set up a WireGuard network using Raspberry Pis for a K3s cluster, with each device connected to a central cloud virtual machine (VM).","og_url":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/","og_site_name":"inovex GmbH","article_publisher":"https:\/\/www.facebook.com\/inovexde","article_published_time":"2021-04-27T05:16:41+00:00","article_modified_time":"2022-11-21T14:51:55+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.inovex.de\/wp-content\/uploads\/k3s-on-wireguard.png","type":"image\/png"}],"author":"Christoph Petrausch","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.inovex.de\/wp-content\/uploads\/k3s-on-wireguard-1024x576.png","twitter_creator":"@inovexgmbh","twitter_site":"@inovexgmbh","twitter_misc":{"Verfasst von":"Christoph Petrausch","Gesch\u00e4tzte Lesezeit":"9\u00a0Minuten","Written by":"Christoph Petrausch"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#article","isPartOf":{"@id":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/"},"author":{"name":"Christoph Petrausch","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/person\/50e956dd05d9f8e78fd21af3c4d43aa4"},"headline":"How to Set Up a K3s Cluster on WireGuard","datePublished":"2021-04-27T05:16:41+00:00","dateModified":"2022-11-21T14:51:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/"},"wordCount":1139,"commentCount":3,"publisher":{"@id":"https:\/\/www.inovex.de\/de\/#organization"},"image":{"@id":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/k3s-on-wireguard.png","keywords":["K3s","Wireguard"],"articleSection":["English Content","General","Infrastructure"],"inLanguage":"de","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/","url":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/","name":"How to Set Up a K3s Cluster on WireGuard - inovex GmbH","isPartOf":{"@id":"https:\/\/www.inovex.de\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#primaryimage"},"image":{"@id":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/k3s-on-wireguard.png","datePublished":"2021-04-27T05:16:41+00:00","dateModified":"2022-11-21T14:51:55+00:00","description":"This blog post is a tutorial on how to set up a WireGuard network using Raspberry Pis for a K3s cluster, with each device connected to a central cloud virtual machine (VM).","breadcrumb":{"@id":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#primaryimage","url":"https:\/\/www.inovex.de\/wp-content\/uploads\/k3s-on-wireguard.png","contentUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/k3s-on-wireguard.png","width":1920,"height":1080,"caption":"k3s on wireguard Logo"},{"@type":"BreadcrumbList","@id":"https:\/\/www.inovex.de\/de\/blog\/how-to-set-up-a-k3s-cluster-on-wireguard\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inovex.de\/de\/"},{"@type":"ListItem","position":2,"name":"How to Set Up a K3s Cluster on WireGuard"}]},{"@type":"WebSite","@id":"https:\/\/www.inovex.de\/de\/#website","url":"https:\/\/www.inovex.de\/de\/","name":"inovex GmbH","description":"","publisher":{"@id":"https:\/\/www.inovex.de\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inovex.de\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.inovex.de\/de\/#organization","name":"inovex GmbH","url":"https:\/\/www.inovex.de\/de\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/logo\/image\/","url":"https:\/\/www.inovex.de\/wp-content\/uploads\/2021\/03\/inovex-logo-16-9-1.png","contentUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2021\/03\/inovex-logo-16-9-1.png","width":1921,"height":1081,"caption":"inovex GmbH"},"image":{"@id":"https:\/\/www.inovex.de\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inovexde","https:\/\/x.com\/inovexgmbh","https:\/\/www.instagram.com\/inovexlife\/","https:\/\/www.linkedin.com\/company\/inovex","https:\/\/www.youtube.com\/channel\/UC7r66GT14hROB_RQsQBAQUQ"]},{"@type":"Person","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/person\/50e956dd05d9f8e78fd21af3c4d43aa4","name":"Christoph Petrausch","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inovex.de\/wp-content\/uploads\/ChristophGopher-96x96.jpgcf9e8d784b562ae315f87ec9665b820b","url":"https:\/\/www.inovex.de\/wp-content\/uploads\/ChristophGopher-96x96.jpg","contentUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/ChristophGopher-96x96.jpg","caption":"Christoph Petrausch"},"url":"https:\/\/www.inovex.de\/de\/blog\/author\/cpetrausch\/"}]}},"_links":{"self":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/21231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/comments?post=21231"}],"version-history":[{"count":4,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/21231\/revisions"}],"predecessor-version":[{"id":39299,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/21231\/revisions\/39299"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/media\/27770"}],"wp:attachment":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/media?parent=21231"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/tags?post=21231"},{"taxonomy":"service","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/service?post=21231"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/coauthors?post=21231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}