K
Q

Assign external ip to kubernetes pod

11/28/2018

Context:

  • We're working on an integration with one of our clients
  • In order to get access to their systems, we need to establish a VPN connection
  • For security reasons, we need to bind this VPN connection to a static IP on our side (basically, layer 4 security check enforced by a Juniper router; we use OpenSwan to connect to it).
  • To do that, we must be connecting from that IP ; that is, we need to establish a socket connection, where the source IP corresponds to that static IP from the router's perspective (and, of course, that needs to route back to our pod successfully)
  • Client's side has very limited resources ops-wise, so this security hoop is the only way to connect to their systems

While our current system is running (AWS) Kubernetes, which is:

  • Made out of transient pods, transient nodes, with shifting IPs
  • Can assign an ExternalIP to a service (which, in turn, can route it to a pod); however that, by default, makes no guarantees about the originator IP of the traffic initiated by that pod

For this reason, we set up an external box & assigned Elastic IP to it, as a binding for the VPN, exposing endpoints, and calling our Kubernetes Services. This introduces a single point of failure -if that box goes down, so does our integration.

Question: in what ways can this be made HA within the Kubernetes world, given the constrains on the first list above?

-- Silver Dragon
kubernetes
kubernetes-service

Similar Questions

Istio 1.0 does not inject envoy proxy to pods on Kubernetes 1.9.3
Share data from one Kubernetes container to another inside same pod
what should be the max allowed image size for micro services on kubernetes
elasticsearch failed to resolve host [elasticsearch-discovery]
traefik mesh with node.js http-proxy

0 Answers