K
Q

How to configure a specific address space in kubernetes to meet IPsec requirements in Azure?

12/26/2018

My company has this Linux VM running strongswan which serves as VPN gateway to a partner. This VM runs on a specific address space to meet IPsec requirements.

We want to replace this VM with a container running in a kubernetes cluster. The question is: how to configure kubernetes so that strongswan can successfully establish connection with external partner?

Update: my cluster will run on Azure cloud. Calico is not supported. Flannel, cilium and Azure CNI are supported.

-- Igor Gatis
ipsec
kubernetes
strongswan

Similar Questions

Intermittent loss of kubernetes cluster
Minikube was configured correctly but there's no access to dashboard - Kubernetes
Where does ConfigMap data gets stored?
How to configure minikube ssh?
Run Ingress in minikube and its address shows localhost
Pod status as `CreateContainerConfigError` in Kubernetes cluster

1 Answer

12/30/2018

As comments say Calico is okay, https://docs.projectcalico.org/v3.4/reference/cni-plugin/configuration#requesting-a-specific-ip-address has some details. Basically pick an unused address in your normal pool and add an annotation like "cni.projectcalico.org/ipAddrs": "[\"192.168.0.1\"]" to your pod. Just above that shows how to use multiple IPAM pools which might even be enough if you can use a range rather than a single address.

-- coderanger
Source: StackOverflow