vpnsidecar

package
v2.14.9+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

README

VPN Sidecar

This is about resources for the sidecar running alongside master components in cluster-namespace to provide connectivity into the user-cluster (worker). Two things:

OpenVPN container

This container runs an OpenVPN client to connect to the OpenVPN server running in the cluster-namespace. This provides connectivity to the service and pod network.

KubeletDnatController container

This container runs the KubeletDnatController. This controller watches nodes in the user-cluster and creates iptable rules based on node addresses. The rules implement:

  • DNAT translation for locally originated packets (pod network namespace) from node-addresses to respective addresses in the node-access-network. On the OpenVPN-client side in the user-cluster there is another DNAT translating from these node-access-addresses back to the actual node-addresses.
  • MASQUERADING for packets leaving via the VPN tunnel

All this makes sure that nodes (kubelets) can be reached by its unmodified node-addresses via the VPN. This allows using non-public (or firewalled) IP-addresses for the workers.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DnatControllerContainer

func DnatControllerContainer(data dnatControllerData, name, apiserverAddress string) (*corev1.Container, error)

DnatControllerContainer returns a sidecar container for running the dnat controller.

func OpenVPNSidecarContainer

func OpenVPNSidecarContainer(data openvpnData, name string) (*corev1.Container, error)

OpenVPNSidecarContainer returns a `corev1.Container` for running alongside a master component, providing vpn access to user cluster networks. Also required but not provided by this func: * volumes: resources.OpenVPNClientCertificatesSecretName, resources.CACertSecretName

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL