Kubernetes service via OpenVPN

Question

We have lot of access-points which are connecting to FreeRADIUS such way:

AP is connecting to OpenVPN service
via vpn it have access to freeradius server

Now we want to move our environment to Kubernetes, but how to use in AP configuration Kubernets Service name for connection?

Im thinking to expose OpenVPN Service which will provide direct connection to Kubernetes "inside" environment and then i should have access to services.

But.. how they will be resolved on AP site? Should i add in AP some "inside" DNS server address?

AP clients should have still access to "standard" DNS resolver.

While I get that you want to move as many of your resources as possible to K8S, this doesn't seem like a good use of that technology. Why not manage your access points from an on-premis system? Your APs are on-premis as it is, and doing so would be far less complicated and prone to failure in implementation. — Spooler, Feb 12 '18 at 00:00
We have own application for clients for configuring hotspots and collecting users logs, approving accesses over SMS. This app need to be scalable and HA. If we left freeradius and vpn outside of k8s they will be weak point and when hotspots users in large objects (eg. stadium) will grown to huge amount during some events we can't let that radius will not scale. — user3069488, Feb 12 '18 at 11:52

score 0 · Answer 1 · answered Feb 15 '18 at 15:06

Since Kubernetes 1.9 there is an alpha feature, that allows you to customize the nameservers and the search domains, It should help you to reach your APs

apiVersion: v1
kind: Pod
metadata:
  namespace: default
  name: dns-example
spec:
  containers:
    - name: test
      image: nginx
  dnsPolicy: "None"
  dnsConfig:
    nameservers:
      - 1.2.3.4
    searches:
      - ns1.svc.cluster.local
      - my.dns.search.suffix
    options:
      - name: ndots
        value: "2"
      - name: edns0

But problem is that APs need to access Kubernetes service not Kubernetes Pods APs. — user3069488, Feb 19 '18 at 21:57

score 0 · Answer 2 · answered Feb 20 '18 at 14:31

0

I think i find out solution "hostNetwork" It is not exactly what i expected but i think it will do what i need.

http://alesnosek.com/blog/2017/02/14/accessing-kubernetes-pods-from-outside-of-the-cluster/

answered Feb 20 '18 at 14:31

user3069488

159
2
3
18

Kubernetes service via OpenVPN

2 Answers2