To try and summarize without speaking too much for projects that I'm not intimately familiar with, Wormhole takes the approach of automating the configuration of WireGuard to create a full mesh encrypted network.
Other approaches take a much more comprehensive approach, of trying to solve key signing, identity, revocation, offload to the kernel and intercept via sidecars (using ebpf), etc. These tools come with many features and an inherent complexity, where I believe there is room for a simpler tool that is easier to use and troubleshoot.
FYI to readers, the above project was completed as part of a 'take-home assignment' that I was explicitly told was not a project being worked on.
The feedback I received indicated that this approach was not considered previously, and may indicate (also your commit dates) that this entire project may have been fabricated after my submission.
Here's the feedback from Gravitational around Oct 2018 (before this project was 'started'):
> * I do think re-using the kubernetes certs for IPSec is a compelling solution for the IPSec secrets
> * I like the re-use of the kubernetes keys/certs for ipsec as it avoids use of the PSK
At least it was released as OSS, but seriously you should be ashamed of yourselves.
FYI, I was hired by Gravitational back in April 2018 and I was given that same take-home assignment as part of the interview process - to write a CNI plugin for k8s which created an encrypted mesh network between nodes. My work is here: https://github.com/webvictim/k8s-ipsec-cni
I found some other resources/projects online while I was writing this which indicated that I certainly wasn't the first interviewee to be asked to do this - I evidently wasn't the last either as your project shows.
My point is that it seems Gravitational has had this 'idea' for quite some time as they've been using it as an interview question for at least the year 2018. I don't feel like that constitutes them using anyone's interview work as free labour.
To try and summarize without speaking too much for projects that I'm not intimately familiar with, Wormhole takes the approach of automating the configuration of WireGuard to create a full mesh encrypted network.
Other approaches take a much more comprehensive approach, of trying to solve key signing, identity, revocation, offload to the kernel and intercept via sidecars (using ebpf), etc. These tools come with many features and an inherent complexity, where I believe there is room for a simpler tool that is easier to use and troubleshoot.