Is it possible to route traffic through a pod with a OpenVPN and a Nginx reverse proxy in Kubernetes?

Issue

So I need to connect a keycloak instance deployed in a Kubernetes cluster to an identity provider behind a VPN, I’ve been working with Nginx reverse proxies for quite a while.

AFAIK pods with 2 containers share the same network, so if there is one container with nginx reverse proxy and another one with a VPN connected to Azure the requests should be able to be proxied to the identity provider, is this going to work?

Are there any best practices on this?

Solution

You are correct. A pod has a virtual network card that the containers share. Your idea may work. This could be hard to "productionize". For example, when the VPN container disconnects this solution must handle that. It could say shutdown the pod so that it is spun up again. I would seriously consider other approaches that do not involve a VPN if this requires decent uptime and reliability.

If it proves to be unreliable have a look at Chisel github.com/jpillora/chisel

Answered By – Justin Tamblyn

Answer Checked By – Dawn Plyler (AngularFixing Volunteer)

Leave a Reply

Your email address will not be published.