如何建立VPN隧道连接到kubernetes集群外的eureka

Question

I have spring-boot microservices deployed to kubernetes cluster. Outside cluster there is netflix eureka discovery service on AWS. I want to register my services on this eureka. Gateway is also on AWS. On my localmachine I need to create vpn connection via openvpn to get access to eureka, Kubernetes cluster is also outside aws and vpn is needed. I have *.ovpn, I guess that I have to create some vpn tunneling on kubernetes but I don't know the proper tool for that

In the past I looked for something like openvpn client for kubernetes but I got only openvpn servers

I expect that when I set a proper host as Eureka url, my services will register properly over vpn

Answer 1

It is possible to put every Kubernetes pod on the OpenVPN network so that they would be able to access the Eureka instance. However, since you want Eureka to do service discovery, it also needs to know the "real" IP of every pod instead of just seeing their VPN IP. If Eureka advertises VPN IPs for everything, all traffic will be routed through OpenVPN connection, which introduces extra latency. Such a setup is also hard to debug and monitor.

It is a better idea to use the network bridging solution of your cloud provider. If you're on AWS, Site-to-Site VPN should do the trick. Azure also has an offering of the same name. Google has Cloud VPN and also several enterprise options .