Using ClusterIP for instead of ports for forwarding to clients - Githubissues

pieterlange / kube-openvpn

:closed_lock_with_key: Kubernetes native OpenVPN

MIT License

383 stars 57 forks source link

Using ClusterIP for instead of ports for forwarding to clients #71

Closed gravypod closed 4 years ago

gravypod commented 4 years ago

Hello everyone. I just saw this project and it seems to be perfect for a usecase I have at work. I was wondering how difficult it would be to route traffic to clients of the VPN using a unique ClusterIP Service created for each client instead of a port assignment.

I think this will have the following unique benefits:

No difference between a client and a pod from a kubernetes perspective
You don't need to manually assign ports to clients. The CNI and IPAM stuff will manage making ClusterIPs for you.
Unique internal dns for service discovery (user-10.svc.cluster.local)

Is doing something like this possible? Thanks for your time!

pieterlange commented 4 years ago

Yes this is possible, see the example service here: https://github.com/pieterlange/kube-openvpn#routing-back-to-the-client (below the figure)