Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
menu search
person
Welcome To Ask or Share your Answers For Others

Categories

I'm running an app on Kubernetes / GKE.

(我正在Kubernetes / GKE上运行一个应用程序。)

I have a bunch of devices without a public IP.

(我有一堆没有公共IP的设备。)

Nevertheless, I need to access them from the app.

(不过,我需要从应用程序访问它们。)

The initial thought was to run an OpenVPN server within the cluster and have the device connect, but then I hit the problem:

(最初的想法是在群集中运行OpenVPN服务器并连接设备,但随后出现了问题:)

There doesn't seem to be any elegant / idiomatic way to route traffic to a subnet through a pod.

(似乎没有任何优雅/惯用的方式将流量通过Pod路由到子网。)

Basically, all I need is to be able to tell route 10.8.0.0/24 through vpn-pod

(基本上,我只需要能够route 10.8.0.0/24 through vpn-pod告诉route 10.8.0.0/24 through vpn-pod)

Possible solutions I found:

(我发现的可能解决方案:)

  • Modifying routes on the nodes.

    (修改节点上的路由。)

    I'd like to keep nodes ephemeral and have everything in K8s manifests only.

    (我想暂时保留节点,并仅在K8s清单中显示所有内容。)

  • Istio.

    (伊斯蒂奥)

    Seems like an overkill, and I wasn't able to find a solution to my problem in the documentation.

    (似乎有点过头了,但是我无法在文档中找到解决我问题的方法。)

  • Routes within GCP / GKE itself.

    (GCP / GKE本身内的路由。)

    They only allow to specify a node as the next hop.

    (它们仅允许将节点指定为下一跳。)

I'm currently leaning towards running the OpenVPN server on a bare-bones VM and using the GCP routes.

(我目前倾向于在裸机上运行OpenVPN服务器并使用GCP路由。)

It works, I can ping the VPN clients from the K8s app, but it still seems brittle and hard-wired.

(它可以正常工作,我可以从K8s应用程序ping VPN客户端,但是它似乎仍然很脆弱且很难连接。)

Is there an idiomatic solution to accessing the pod-private network from other pods?

(是否有惯用的解决方案从其他Pod访问Pod专用网络?)

  ask by amq translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
509 views
Welcome To Ask or Share your Answers For Others

1 Answer

等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
...