GithubHelp home page GithubHelp logo

jgilfoil / pod-gateway Goto Github PK

View Code? Open in Web Editor NEW

This project forked from angelnu/pod-gateway

0.0 0.0 0.0 1.13 MB

Container image used to set a pod gateway

License: Apache License 2.0

Shell 92.78% Makefile 1.52% Dockerfile 5.70%

pod-gateway's Introduction

pod-gateway

This container includes scripts used to route trafic from pods through another gateway pod. Typically the gateway pod then runs a openvpn client to forward the traffic.

This container is injected by the gateway-admision-controller so that existing K8S PODs can be extended to route their trafic through a VPN. Check the README to learn how to use it.

The connection between the pods is done via a vxlan. The gatway provides a DHCP server to let client pods to get automatically an IP.

Ougoing traffic is masqueraded (SNAT). It is also possible to define port forwardind so ports of client pods can be reached from the outside.

The .github folder will get PRs from this template so you can apply the latest workflows.

Design

Client PODs are connected through a tunnel to the gateway POD and route default traffic and DNS queries through it. The tunnel is implemented as VXLAN overlay.

This container provides the required init/sidecar containers for clients and gateway PODs:

  • client PODs connecting through gateway POD:
    • client_init.sh: starts the VXLAN tunnel and change the default gateway in the POD. It can get its IP via DHCP or use an static IP within the VXLAN (needed for port) forwarding.
    • client_sidecar.sh: periodically checks connection to the gateway is still working. Reset the vxlan if this is not the case. This happens, for example, when the gateway POD is restarted and it gets a new IP from K8S.
  • gateway POD:
    • gateway_init.sh: creates the VXLAN tunnel and set traffic forwading rules. Optionally, if a VPN is used in the gateway, blocks non VPN outbound traffic.
    • gateway_sidecar.sh: deploys a DHCP and DNS server

Settings are expected in the /config folder - see examples under config:

  • config/settings.sh: variables used by all helper scripts
  • config/nat.conf: static IP and nat rules for PODs exposing ports through the gateway (and optional VPN) POD Default settings might be overwritten by attachin a container volume with the new values to the helper pods.

Prereqs

You need to create the following secrets (not needed within the k8s-at-home org - there we use org-wide secrets):

  • WORKFLOW_REPO_SYNC_TOKEN # Needed to do PRs that update the workflows
  • GHCR_USERNAME # Needed to upload container to the Github Container Registry
  • GHCR_TOKEN # Needed to upload container to the Github Container Registry

How to build

  1. Build the container 
    make

Testing requires multiple containers - see the gateway-admision-controller and check the Makefile for other build targets.

pod-gateway's People

Contributors

angelnu avatar angelnu-bot[bot] avatar renovate-bot avatar pumba98 avatar toboshii avatar bjw-s avatar brujoand avatar mergwyn avatar renovate[bot] avatar samos667 avatar dberardo-com avatar samip5 avatar szpadel avatar michaelwasher avatar frederiknjs avatar disconn3ct avatar onedr0p avatar antoncuranz avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.