Expose containers to private network

9/13/2017

I am looking for a way to create a docker cluster (probably kubernetes) on azure, and expose the containers only via a vnet to my datacenter.

Is such a setup possible?

That is that the container services can only be access via the vpn that is created. So that the container can use private resources (mainly database) not available in the azure cloud?

And so that I can access the resources in the cloud, only from my dc.

-- Wouter
azure
kubernetes
resources
vnet
vpn

2 Answers

9/13/2017

I am looking for a way to create a docker cluster (probably kubernetes) on azure, and expose the containers only via a vnet to my datacenter.

Yes, we just create k8s pod, and not expose it to internet. Then create S2S VPN connect Azure Vnet to your DC, in this way, your DC's VMs can connect to Azure K8S pod via Azure private IP address.


Update:

If you want to connect your K8S pods via VPN, we can create Azure route table to achieve that.

More information about create route table, please refer to my another answer.

-- Jason Ye
Source: StackOverflow

9/13/2017

Yes, that is perfectly possible. depending on your setup you need to deploy regular kubernetes cluster and use site-to-site VPN to connect networks or use ACS engine to deploy kubernetes into existing vnet\subnet.

You would also need to tweak your network security group rules to allow traffic to flow (if you have them).

https://github.com/Azure/acs-engine/tree/master/examples/vnet
https://docs.microsoft.com/en-us/azure/container-service/kubernetes/container-service-kubernetes-walkthrough
https://blogs.technet.microsoft.com/canitpro/2017/06/28/step-by-step-configuring-a-site-to-site-vpn-gateway-between-azure-and-on-premise/

-- 4c74356b41
Source: StackOverflow