Openvpn – Running OpenVPN within k8s container

google-kubernetes-enginekube-openvpnkubernetesopenvpn

Suppose I have a k8s cluster whose services IP range is 10.198.240.0/20.

Now I want this IP range to be accessible from another cluster or data center.

Is it feasible to run OpenVPN within kubernetes POD so that this IP range is accessible via VPN?

Best Answer

Had the same problem and made this solution:

Try it and let me know if it works for you.

Instructions:

docker run --user=$(id -u) -e OVPN_SERVER_URL=tcp://vpn.my.fqdn:1194 \
-v $PWD:/etc/openvpn:z -ti ptlange/openvpn ovpn_initpki
docker run --user=$(id -u) -e EASYRSA_CRL_DAYS=180 \
-v $PWD:/etc/openvpn:z -ti ptlange/openvpn easyrsa gen-crl

get the service ID

$ ./kube/deploy.sh
Usage: ./kube/deploy.sh <namespace> <OpenVPN URL> <service cidr> <pod cidr>

$ ./kube/deploy.sh default tcp://vpn.my.fqdn:1194 10.3.0.0/24 10.2.0.0/16
secret "openvpn-pki" created
configmap "openvpn-settings" created
configmap "openvpn-ccd" created
deployment "openvpn" created
You have exposed your service on an external port on all nodes in your
cluster.  If you want to expose this service to the external internet, you may
need to set up firewall rules for the service port(s) (tcp:30xxx) to serve traffic.

See http://releases.k8s.io/release-1.3/docs/user-guide/services-firewalls.md for
more details. service "openvpn-ingress" created
Related Topic