Is it possible to route traffic through a pod with a OpenVPN and a Nginx reverse proxy in Kubernetes?

10/24/2020

So I need to connect a keycloak instance deployed in a Kubernetes cluster to an identity provider behind a VPN, I've been working with Nginx reverse proxies for quite a while.

AFAIK pods with 2 containers share the same network, so if there is one container with nginx reverse proxy and another one with a VPN connected to Azure the requests should be able to be proxied to the identity provider, is this going to work?

Are there any best practices on this?

-- paltaa
kubernetes
nginx
nginx-reverse-proxy
vpn

1 Answer

11/9/2020

You are correct. A pod has a virtual network card that the containers share. Your idea may work. This could be hard to "productionize". For example, when the VPN container disconnects this solution must handle that. It could say shutdown the pod so that it is spun up again. I would seriously consider other approaches that do not involve a VPN if this requires decent uptime and reliability.

If it proves to be unreliable have a look at Chisel github.com/jpillora/chisel

-- Justin Tamblyn
Source: StackOverflow