I'm trying to connect a Google Kubernetes Cluster with an on-premise network over Cloud VPN.
The Problem are POD ip's and Virtual Service Ip's that I not able to reach.
Are there any best practices on how to do this in a secure and robust way?
Should I run an OpenVPN Pod in the cluster and connect to it? Or run kube-proxy in my on-premise network?
You can configure your VPN to forward packets to your cluster as described in CJ's answer to Google Container Engine and VPN.