thavlik
commented
3 months ago Howdy! Thank you for your interest in the project. vpn-operator was originally intended to be used in tandem with ytdl-operator. Such a combination of tools allows one to mass download videos from any of the hundreds of backends supported by yt-dlp. Note that this is already an option with yt-dlp on desktop (i.e. without kubernetes), but this does not scale horizontally and can occupy your PC for days at a time. You probably want the videos in an S3 bucket anyway, so there isn't much of a point to downloading them to your local hard drive first.
Downloading videos in bulk is a common task for deep learning researchers working with video data, such as myself. Moving this aspect of my research to k8s means that bulk download operations can be scaled and also don't require babysitting (the advantage k8s is that you can automate behavior in case of failures). I haven't had the time/energy to bring that project to completion, nor the necessity.
vpn-operator, however, is ready to be used. I will explain how it works and plan on updating the readme to clarify these matters.
The design assumes you are making use of a VPN sidecar like gluetun. Here we define a primary container as the one running your job (e.g. downloading a video) and a sidecar container as any additional (non-primary) containers running within a kubernetes Pod. The kubernetes spec requires that all containers in the same pod share the same networking. Therefore, when the gluetun container connects to the VPN, your primary container will also utilize the VPN connection. This way, you don't have to fool around with vpn stuff within the yt-dlp container, and you don't have to modify the default gluetun image. Taking advantage of the "multiple containers inside a single Pod" feature, there is an elegant separation of concerns here.
In my mind, the best way to utilize this project is to write another operator on top of it. Create a CRD that represents the work that needs to be done, and then your custom operator automates the process of reserving VPN credentials for each job.
If you are looking to merely connect a pod to a VPN, then all you need is a gluetun sidecar. This is trivial and entails adding a gluetun container to your Pod then specifying the credentials as environment variables. This project handles the logistical complexity of distributing VPN credentials. If you don't need the scale or automation of k8s, you probably won't benefit from this project.
Before I started working on vpn-operator, the architecture & behavior of VPNs on kubernetes was also very opaque to me. The readme definitely needs better explanations, as I don't think even I would have easily understood this project before figuring it all out for myself.
Regarding installation, the project is shipped as a helm chart. chart/values.yaml has the default values that are used when the chart is installed with helm install. The exact command is available in the README.
Thanks again for the feedback. Please let me know if something needs more clarification or you have any other questions.
pablomfc
Hi, I really liked this project, but I would like to ask for an example of how to use it in practice, if possible with the inclusion of a deployment manifest example. I completed all the steps in the documentation, but in the end I didn't quite understand how to configure a sidecar with the help of vpn-operator.
Thank you !!