Closed adrian-moisa closed 6 days ago
Found the official tutorial. I adapted my yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: sys-netbird
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: sys-netbird
template:
metadata:
labels:
app: sys-netbird
spec:
containers:
- name: sys-netbird
image: netbirdio/netbird:latest
env:
- name: NB_SETUP_KEY
valueFrom:
secretKeyRef:
name: netbird-peer-key
key: NETBIRD_KEY
- name: NB_MANAGEMENT_URL
value: "https://my-vpn-addr:33073"
- name: NB_HOSTNAME
value: "sys-netbird"
- name: NB_LOG_LEVEL
value: "info"
securityContext:
capabilities:
add:
- NET_ADMIN
- SYS_RESOURCE
- SYS_ADMIN
I managed to get the pod connected as a peer. now I'm trying to figure out how to route subdomains to the cluster. I already configured the custom coreDNS to point the desired subdomain to one of the pods I want to publish. So far I can't connect to the demo app pod.
Ok, one more step forward. Looks like I'm finally getting access to my pods via the VPN. For now via clusterIp. I still need to fix via subdomain. But at least I'm getting something.
kubectl get svc argocd-server -n argocd
- Managed to get the pod ip for my current subdomain/pod combo I'm attempting to publish. Look likes I needed the cluster IP of the pod. Added a DNS entry in CoreDNS.TBD - Setting up certificates for the domains. This one is easy by now, did it many times, Nothing fancy here. Just worth mentioning that I'm not using ingress to auto generate them. I'm defining them by hand. They need DNS challenge to work.
These links helped me piece everything together.
Looks like the subdomain was not responding because of local DNS cache. After computer restart I was able to visit it. Obviously, does not have a certificate for now, but I can fix that. So, consider my question resolved.
Just one minor curiosity. In my new setup I used NB_MANAGEMENT_URL
. My netbird instance is on a separate droplet. In the tutorials above I did not see any mention of this setting, neither mention of adding it as a peer. I saw management url in the create peer modal in docker command. What can you advise. Is adding a peer needed or not? Or can I just add the routes and that's it?
- name: NB_MANAGEMENT_URL
value: "https://my-vpn-addr:33073"
Describe the problem
I'm trying to install a relay in a digital ocean DOKS cluster. The cluster is hosted in a VPC. The goal is to use CoreDNS as a custom DNS inside of the VPN to route traffic to the relevant ports of the DOKS. Problem that I have now is that with current setup I have to point traffic from CoreDNS to a public loadbalancer.
My goal is to eliminate the public IP. I could not find how to setup a private load balancer in DO so therefore I tried the next trick: setting up a netbird relay as ClusterIp. Now maybe this is wrong as well but can't find enough info on the web. My hope was that using a relay as ClusterIp I'm able to maintain all the traffic inside of the VPN and VPC with no public IPs involved.
To Reproduce
kubectl logs -l app=vpn-relay
It will keep saying:my-vpn-addr right now is the netbird management domain not the relay domain. Afaik, I need to use management one.
I tested access to the VPN via curl, Works just fine.
run test-curl --rm -it --image=curlimages/curl -- curl -v https://my-vpn-addr
Expected behavior
Should create a new peer and use the created key.
Are you using NetBird Cloud?
No, I'm using self hosted.
NetBird version
0.29.4
NetBird status -dA output:
Can't share, too sensitive. All I can say it works 100% ok with other peers (droplets with netbird client installed).
Do you face any (non-mobile) client issues?
Not afaik
Screenshots
Too sensitive
Additional context
-The entire cluster is supposed to be completely hidden by the VPN. So far I can hide the DNS. I wasn't able to start a relay. Maybe I'm completely misunderstanding the entire thing.