diff --git a/config/crd/bases/vpn.wireguard-operator.io_wireguards.yaml b/config/crd/bases/vpn.wireguard-operator.io_wireguards.yaml
index f18bed1f..291d23ab 100644
--- a/config/crd/bases/vpn.wireguard-operator.io_wireguards.yaml
+++ b/config/crd/bases/vpn.wireguard-operator.io_wireguards.yaml
@@ -180,6 +180,10 @@ spec:
                 description: A string field that specifies the maximum transmission
                   unit (MTU) size for Wireguard packets for all peers.
                 type: string
+              nodeSelector:
+                additionalProperties:
+                  type: string
+                type: object
               port:
                 description: A field that specifies the value to use for a nodePort
                   ServiceType
diff --git a/pkg/api/v1alpha1/wireguard_types.go b/pkg/api/v1alpha1/wireguard_types.go
index 22e8326d..b8b77a96 100644
--- a/pkg/api/v1alpha1/wireguard_types.go
+++ b/pkg/api/v1alpha1/wireguard_types.go
@@ -54,8 +54,9 @@ type WireguardSpec struct {
 	// A boolean field that specifies whether to use the userspace implementation of Wireguard instead of the kernel one.
 	UseWgUserspaceImplementation bool `json:"useWgUserspaceImplementation,omitempty"`
 
-	Agent  WireguardPodSpec `json:"agent,omitempty"`
-	Metric WireguardPodSpec `json:"metric,omitempty"`
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+	Agent        WireguardPodSpec  `json:"agent,omitempty"`
+	Metric       WireguardPodSpec  `json:"metric,omitempty"`
 }
 
 // WireguardPodSpec defines spec for respective containers created for Wireguard
diff --git a/pkg/api/v1alpha1/zz_generated.deepcopy.go b/pkg/api/v1alpha1/zz_generated.deepcopy.go
index 76ba379a..ff0bcfac 100644
--- a/pkg/api/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/api/v1alpha1/zz_generated.deepcopy.go
@@ -317,6 +317,13 @@ func (in *WireguardSpec) DeepCopyInto(out *WireguardSpec) {
 			(*out)[key] = val
 		}
 	}
+	if in.NodeSelector != nil {
+		in, out := &in.NodeSelector, &out.NodeSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
 	in.Agent.DeepCopyInto(&out.Agent)
 	in.Metric.DeepCopyInto(&out.Metric)
 }
diff --git a/pkg/controllers/wireguard_controller.go b/pkg/controllers/wireguard_controller.go
index cea2892f..f5e988d7 100644
--- a/pkg/controllers/wireguard_controller.go
+++ b/pkg/controllers/wireguard_controller.go
@@ -704,6 +704,7 @@ func (r *WireguardReconciler) deploymentForWireguard(m *v1alpha1.Wireguard) *app
 					Labels: ls,
 				},
 				Spec: corev1.PodSpec{
+					NodeSelector: m.Spec.NodeSelector,
 					SecurityContext: &corev1.PodSecurityContext{
 						SeccompProfile: &corev1.SeccompProfile{
 							Type: corev1.SeccompProfileType("RuntimeDefault"),