Use softEther VPN (virtual adapter) for kubernetes network and default adapter for ingress

3/30/2019

I have a softether Vpn server hosted on ubuntu server 16.04, I can connect to the vpn from other linux/windows machines. My goal is to use the vpn only for Kubernetes networking or when the server is making a web request. but I don't want to use the vpn to expose my nodePorts/Ingress/loadbalancers. I want to use the default adapter (eth0) to exposes those. I am not an linux expert or a network engineer. Is this possible? If yes, please help. thanks

-- Methnani Bilel
kubernetes
networking
vpn

1 Answer

6/26/2019

Ingress controllers and loadbalancers usually rely on the NodePort functionality which in turn relies on Kubernetes network layer. Kubernetes has some network requirements to ensure all its functionalities work as expected.

Because SoftEther VPN supports Layer2 connectivity it's possible to use it for connecting cluster nodes.

To limit its usage for NodePorts and LBs you just need to ensure that nodes on other side of the VPN haven't been included in the LB pool used for traffic forwarding to NodePort services which may require managing LB pool manually or use CloudAPI call from some scripts.

Ingress controllers are usually exposed by NodePort also, so the same thing here.

-- VAS
Source: StackOverflow