1

I currently have a docker-compose setup with one container running an OpenVPN client and some containers behind it using --net=container to attach to the network stack of the OpenVPN client container to use it's network connection for outgoing traffic.

I want to adapt this to k8s (I'm using Weave currently for networking) but I am not sure how to approach it. I could route it on the host system manually but I want to implement this in Kubernetes directly without the need of manually messing around with the host system.

Since the Pod's pause container has a similar set-up with --net=container for all containers inside I though of utilizing this but I figured out that the only way to use a custom image for the pause container will change it globally and not on a per-pod basis.

Any ideas?

Davd
  • 11
  • 2
  • I can't catch the reason, you need OpenVPN client to connect your cluster to different network or you just provide the connection outside through the OpenVPN client? – Nick Rak Jan 03 '19 at 11:45
  • @NickRak I want some of my pods to route their traffic through a different network that's only reachable by VPN while some other pods keep the connectivity through the host system's network. In my old setup, I had one OpenVPN client container with IP forwarding turned on and just used --net=container:openvpn to route all the packets of the containers behind through this VPN connection. – Davd Jan 03 '19 at 12:01
  • If I understand clear you need to manage your traffic from your new kubernetes env to another network by one endpoint, you could use for it [Istio](https://istio.io/docs/concepts/traffic-management/). Using gateways for [egress traffic](https://istio.io/docs/concepts/traffic-management/#ingress-and-egress) you will manage all connections from inside the kubernetes cluster. For more detailed information I need more details to provide you better answer. – Nick Rak Jan 03 '19 at 13:50

0 Answers0