I started OpenVPN on my k8s cluster and now clients can directly connect to the ClusterIP services but i need masquerade for it because pods (except OpenVPN pod) do not know route to clients.
Is there possibility to add custom route to Kubernetes pods and direct traffic for specific IP range to OpenVPN service – ClusterIP?
Best Answer
Due to the fact that you have already connected
OpenVPN
Node to the Kubernetes cluster usingClusterIP
services, which are managed by kube-proxy, it is recommended to route network packets viaiptables
. Now it's time to configurekube-proxy
for transferring all requests to internalCNI network
viaOpenVPN
Node:xx.xx.xx.xx - your OpenVPN node IP address
yy.yy.yy.0/cc - Cluster CIDR
Ensure that
OpenVPN
Pod is configured to connect the Kubernetes network:To create routes from your Node services to the
OpenVPN
gateway, consider using Site-to-site routing viaOpenVPN
explained in this Article.