Add sample wireguard app

apps/wireguard/README.md

@@ -0,0 +1,47 @@
+## Wireguard test
+
+### On the pod
+
+```
+apk update
+apk add wireguard-tools tcpdump
+cat > /etc/wireguard/wg0.conf <<EOF
+[Interface]
+ListenPort = 51820
+PrivateKey = wNTbdLXXQVynFAqIqXuqbwul7O00kuqgzajeK7/NoUw=
+
+[Peer]
+PublicKey = J3qrhOP6GjRC8qOdKiKcAYMXKdiTliBBbJgNpz8sUQI=
+AllowedIPs = 2a0a:e5c1:101::/48
+EOF
+wg-quick up wg0
+ip addr add 2a0a:e5c3::42/32 dev wg0
+tcpdump -ni eth0 port 51820
+
+```
+
+### On the client
+
+```
+[Interface]
+PrivateKey = YIhBmmE+D8NwSUijXv2Jw8FazNI73BEM9ApzAfJ9Zms=
+ListenPort = 51820
+Address = 2a0a:e5c1:101::42/48
+
+[Peer]
+PublicKey = ohMbdXf+eQQyiFFyJq+a8NMxV3pgFzjgPYcTD/T+qzs=
+Endpoint = wireguard4.default.svc.c2.k8s.ooo:51820
+AllowedIPs = 2a0a:e5c3::/32
+```
+
+## Missing
+
+* Routing / network delegation for the range
+* -Receiving traffic inside wg0-: works
+* -Different IPv6 address-: works
+* Keeping pod alive
+* IPv4: via Jool/external
+
+## Routing / delegation
+
+* Also via wg

apps/wireguard/wireguard.yaml

@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: wireguard4
+  labels:
+    use-as-service: wireguard4
+spec:
+  containers:
+  - name: alpine
+    image: alpine:3.14
+    args:
+    - sleep
+    - "1000000"
+    securityContext:
+      capabilities:
+        # ADMIN for wireguard, RAW for tcpdump
+        add: ["NET_ADMIN", "NET_RAW" ]
+    ports:
+      - containerPort: 51820
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wireguard4
+  labels:
+    app: wireguard4
+spec:
+  type: ClusterIP
+  ports:
+   - protocol: UDP
+     port: 51820
+     name: wireguard
+  selector:
+   use-as-service: wireguard4