search

flant / ovpn-admin

Simple web UI to manage OpenVPN users.
Apache License 2.0
1.39k stars 261 forks source link

K8s: OpenVPN management listening only on localhost #152

Closed garutilorenzo closed 1 year ago

garutilorenzo commented 2 years ago

I've tried to deploy both containers (openvpn and ovpn-admin) on K8s, but when ovpn-admin starts it cannot reach openvpn management on port 8989. So I've modified the configure.sh in this way:

openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --port 1194 --proto tcp --management 0.0.0.0 8989 --dev tun0 --server ${OVPN_SRV_NET} ${OVPN_SRV_MASK}

And on the ovpn-admin deployment I've added this env variable:

- name: OVPN_MGMT
  value: "main=openvpn-svc-priv:8989"

where openvpn-svc-priv is a service:

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: openvpn
    tier: backend
  name: openvpn-svc-priv
  namespace: ovpn
spec:
  ports:
  - port: 8989
    name: openvpn-mgt
    protocol: TCP
    targetPort: 8989
  selector:
    app: openvpn
    tier: backend
  type: ClusterIP

is this right or I'm missing something? With these configs everything works fine.

pashcovich commented 1 year ago

we usually deploy openvpn and ovpn-admin in the same Pod, so they have the same network namespace and can access each other by localhost