I have a Kubernetes cluster with multiple nodes in two different subnets (x and y). I have an IPsec VPN tunnel setup between my x subnet and an external network. Now my problem is that the pods that get scheduled in the nodes on the y subnet can't send requests to the external network because they're in nodes not covered by the VPN tunnel. Creating another VPN to cover the y subnet isn't possible right now. Is there a way in k8s to force all pods' traffic to go through a single source? Or any clean solution even if outside of k8s?
Forwarding all Kubernetes traffic through a single node
1.2k Views Asked by alkhatim At
1
There are 1 best solutions below
Related Questions in KUBERNETES
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- I can't create a pod in minikube on windows
- Oracle setting up on k8s cluster using helm charts enterprise edition
- Retrieve the Dockerfile configuration from the Kubernetes and also change container Java parameter?
- Summarize pods not running, by Namespace and Reason - I'm having trouble finding the reason
- How to get Java running parameters from Spring Boot running inside container in pod where no ps exist
- How do we configure prometheus server to scrape metrics from a pod with Istio sidecar proxy?
- In rke kube-proxy pod is not present
- problem with edge server registration in Eureka
- Unable to Access Kubernetes LoadBalancer Service from Local Device Outside Cluster
- Kubernetes cluster on GCE connection refused error
- Based on my experience, I've outlined the Kubernetes request flow. Could someone please add or highlight any points I might have overlooked?
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Python3.11 can't open file [Errno 2] No such file or directory
- Cannot find remote pod service - SERVICE_UNAVAILABLE
Related Questions in NETWORKING
- How to avoid duplicates with the pull-based subscribe model?
- How to simulate CSMA/CD protocol in ns3?
- Network System - Cisco Packet Tracer
- Adhoc / mesh network not working (with and without batman-adv)
- Algorithm for finding a subset of nodes in a weighted connected graph such that the distance between any pair nodes are under a postive number?
- Python Client-Server Communication with Protocol
- I registered a service in eureka which is resolving through java code. But it is not able to resolve its name when hitting through chrome or postman
- Share files from the server without data or internet usage
- Player names not synchronizing in unity Mirror Networking
- My phone can not visit the server on macos in the same local network
- Unable to ping remote websites from an ipV6 only ubuntu ec2 Instance
- Linux Networking - Routing packets from one network interface to another
- wrong output from Supernetting algorithm
- Mapping localhost port on host to docker container
- Microsoft Message Analyzer disable resolving IP address to their domain names a.k.a turn off AutoIP feature
Related Questions in FLANNEL
- k3s change requested UDP port assignment
- kube-flannel-rbac.yml - 404 error (not able to install)
- Pods cannot resolve kubernetes DNS
- Kubernetes: Frequently unable to communicate with kublet api (connection refused)
- pods have no access to the internet
- Kube-Proxy and Kube-Flannel CrashLoopBackOff
- must worker nodes have static IPs?
- Kubernetes windows worker node addition: "failed to create containerd task: hcsshim::CreateComputeSystem kube-proxy: The directory name is invalid"
- The connection to the server 192.168.1.11:6443 was refused - did you specify the right host or port?
- Kubernetes 1.24+ fails with flannel giving "cni plugin not initialized"
- can't expose kubernetes service aws ec2
- kube-system (kube-controller and kube-flannels) pods are using too much resources
- coredns giving "network is unreachable" errors
- Kubernetes Pods unable to resolve external host
- How to assign VPC subnet(GCP) to kubernetes cluster?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Posting this as a community wiki, feel free to edit and expand.
There is no built-in functionality in kubernetes that can do it. However there are two available options which can help to achieve the required setup:
If services are well known then it's possible to use istio egress gateway. We are interested in this use case:
There's another solution which can be used - antrea egress. Use cases are:
You may be interested in using this capability if any of the following apply: