Gravitational has ported WireGuard to Kubernetes, that is to say that they created a network plugin for Kubernetes that uses the WireGuard VPN. It's an open source project called Gravitational Wormhole that can be found on GitHub.
The Kubernetes API is used to for the exchange of encryption keys and configuration, allowing Wormhole to set up an encrypted mesh network within a Kubernetes cluster. On the accompanying blog page Gravitational issues a warning that Wormhole should currently be considered alpha quality software.
Future work on Wormhole could include features such as: VPN to the cluster, either for developer and admins or to attach external resources to a cluster, or overlay networks spanning multiple clusters.
Wireguard is a modern, easily configurable alternative to other VPN technologies such as IPsec or OpenVPN. At the same time, Wireguard uses comparatively little code, which simplifies security audits. For a long time, Wireguard has been offered as a source code module for various Linux distributions. According to Linus Torvalds, WireGuard is a real work of art compared to the "horror of OpenVPN and IPSec". The WireGuard code has now been included in the Linux kernel, which will significantly increase its distribution in the foreseeable future.