I'm running an app on Kubernetes / GKE.
(我正在Kubernetes / GKE上运行一个应用程序。)
I have a bunch of devices without a public IP.
(我有一堆没有公共IP的设备。)
Nevertheless, I need to access them from the app. (不过,我需要从应用程序访问它们。)
The initial thought was to run an OpenVPN server within the cluster and have the device connect, but then I hit the problem:
(最初的想法是在群集中运行OpenVPN服务器并连接设备,但随后出现了问题:)
There doesn't seem to be any elegant / idiomatic way to route traffic to a subnet through a pod.
(似乎没有任何优雅/惯用的方式将流量通过Pod路由到子网。)
Basically, all I need is to be able to tell route 10.8.0.0/24 through vpn-pod
(基本上,我只需要能够route 10.8.0.0/24 through vpn-pod告诉route 10.8.0.0/24 through vpn-pod)
Possible solutions I found:
(我发现的可能解决方案:)
Modifying routes on the nodes.
(修改节点上的路由。)
I'd like to keep nodes ephemeral and have everything in K8s manifests only. (我想暂时保留节点,并仅在K8s清单中显示所有内容。)
Istio.
(伊斯蒂奥)
Seems like an overkill, and I wasn't able to find a solution to my problem in the documentation. (似乎有点过头了,但是我无法在文档中找到解决我问题的方法。)
Routes within GCP / GKE itself.
(GCP / GKE本身内的路由。)
They only allow to specify a node as the next hop. (它们仅允许将节点指定为下一跳。)
I'm currently leaning towards running the OpenVPN server on a bare-bones VM and using the GCP routes.
(我目前倾向于在裸机上运行OpenVPN服务器并使用GCP路由。)
It works, I can ping the VPN clients from the K8s app, but it still seems brittle and hard-wired. (它可以正常工作,我可以从K8s应用程序ping VPN客户端,但是它似乎仍然很脆弱且很难连接。)
Is there an idiomatic solution to accessing the pod-private network from other pods?
(是否有惯用的解决方案从其他Pod访问Pod专用网络?)
ask by amq translate from so 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
