Reputation: 331
Routing all net traffic from a k8s container through another in the same pod
I'm using GKE for deployments.
Edit: I need to access a customer's API endpoint which is only accessible when using their VPN. So far I can run a container which connects to this VPN and I can cURL the endpoint successfully.
For the above, I have configured a Debian docker image which successfully connects to a VPN (specifically, using Kerio Control VPN) when deployed. Whenever I make a net request from this container, it runs through the VPN connection, as expected.
I have another image which runs a .NET Core program which makes necessary HTTP requests.
From this guide I know it is possible to run a container's traffic through another using pure docker. Specifically using the --net=container:something option (trimmed the example):
docker run \
--name=jackett \
--net=container:vpncontainer \
linuxserver/jackett
However, I have to use Kubernetes for this deployment so I think it would be good to use a 2-container pod. I want to keep the VPN connection logic and the program separated.
How can I achieve this?
Upvotes: 2
Views: 2343
Answers (3)
Reputation: 152
I'm using a similar approach. I have a Django app for whose static files to be served files I need nginx. I want the app to be accessible through VPN for which I'm using OpenVPN.
Both the nginx container and the django container are in the same pod. My limited understanding is that it would be enough to run VPN in the background in the nginx container and it should successfully route requests to the backend using localhost because they're in the same pod.
But this doesn't seem to be working. I get a 504 Time-Out in the browser and the nginx logs confirm that the upstream timed out. Have you done anything extra to make this work in your case?
Upvotes: 0
Reputation: 14102
Based on your comment I think I can advise you two methods.
In this setup, you should you use Private GKE cluster with CloudNAT for external communication. You would need to to use manual externalIP.
This scenario is using specific externalIP for VPN connection, but it's required from your customer to whitelist access for this IP.
- Site to site VPN using CloudVPN
You can configure your VPN to forward packets to your cluster. For details you should check other Stackoverflow threads:
Upvotes: 1
Reputation: 515
Each container in pod have shared network resources. If you run vpn client in one container them all containers in this pod will have access to network via vpn.
Upvotes: 1
Related Questions
- Routing between Kubernetes cluster and Docker container in the VM
- Forwarding all Kubernetes traffic through a single node
- Re-route traffic in kubernetes to a working pod
- Interconnect a Kubernetes cluster with a Docker network
- Forcing traffic from one pod to another
- How to route all traffic from a container through another container in the same Kubernetes pod?
- Kubernetes internet access with two network interfaces
- Routing traffic to kubernetes cluster
- Kubernetes traffic forwarding between services
- Routing Docker traffic through a container