是否可以在 Kube.netes 中使用 OpenVPN 和 Nginx 反向代理通过 pod 路由流量?
[英]Is it possible to route traffic through a pod with a OpenVPN and a Nginx reverse proxy in Kubernetes?
问题描述
So I need to connect a keycloak instance deployed in a Kube.netes cluster to an identity provider behind a VPN, I've been working with Nginx reverse proxies for quite a while.
所以我需要将部署在 Kube.netes 集群中的 keycloak 实例连接到 VPN 后面的身份提供者,我使用 Nginx 反向代理已经有一段时间了。
AFAIK pods with 2 containers share the same.network, so if there is one container with nginx reverse proxy and another one with a VPN connected to Azure the requests should be able to be proxied to the identity provider, is this going to work?具有 2 个容器的 AFAIK pod 共享同一个网络,因此,如果一个容器具有 nginx 反向代理,而另一个容器具有连接到 Azure 的 VPN,则请求应该能够代理到身份提供者,这会起作用吗?
Are there any best practices on this?这方面有什么最佳做法吗?
1 个解决方案
解决方案1
2 已采纳 2020-11-09 19:52:11
You are correct.你是对的。 A pod has a virtual.network card that the containers share. Pod 有一个容器共享的 virtual.network 卡。 Your idea may work.你的想法可能会奏效。 This could be hard to "productionize".这可能很难“生产化”。 For example, when the VPN container disconnects this solution must handle that.例如,当 VPN 容器断开连接时,此解决方案必须处理该问题。 It could say shutdown the pod so that it is spun up again.它可以说关闭 pod,以便它再次启动。 I would seriously consider other approaches that do not involve a VPN if this requires decent uptime and reliability.如果这需要良好的正常运行时间和可靠性,我会认真考虑其他不涉及 VPN 的方法。
If it proves to be unreliable have a look at Chisel github.com/jpillora/chisel如果证明不可靠,请查看 Chisel github.com/jpillora/chisel
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.