how to manage VPN connection with customer when using K8s on AWS

GID

12/20/22, 2:36 PM

Apps on AWS K8s clusters (set up with Kops, i.e. not using EKS) are typically accessed via an Application Load Balancer, which resolves to a couple of volatile IP addressses.

Yet frequently, when setting up a site2site VPN, customers ask for an encryption domain with a few static IP addresses, not a DNS name. (They also don't allow large CIDRs in the encryption domain, they demand that you give them only a few specific IPs. For this reason we cannot use the AWS method to set up a s2s VPN, we instead have to use a 3rd party VPN solution such as Cohesive VNS3.)

How can this be resolved?

1 + 0

vpn

amazon-web-services

kubernetes

Score:0

Server

SYN

12/20/22, 8:33 PM

Wait... Kops create Elastic IPs for your LoadBalancer, doesn't it? Aren't those supposed to be fixed?

What's your issue? Can't you just setup your VPN using those, as an encryption domain?

Otherwise, you could still deploy a pair of HAproxy instances, using your ELB FQDN as a backend, setting up your VPN using those proxies as an encryption domain.

Not being sure what's that Cohesive stuff is about, you mention encryption domains, I'll assume IPSEC: you could look into OpenSwan, StrongSwan, OpenBSD's Isakmpd or IKEd, ... Or with a GUI: pfSense, OPNSense, RouterOS, Zentyal, ...

0 + 1

GID

12/21/22, 10:09 PM

Thanks for answering. I don't think Kops creates ElasticIPs for the LB. On this cluster (that was setup by another sysadmin who is now gone) there is no EIP associated with our k8s LB. Yes indeed, I too have thought of the HAproxy solution.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: how to manage VPN connection with customer when using K8s on AWS

TH: วิธีจัดการการเชื่อมต่อ VPN กับลูกค้าเมื่อใช้ K8 บน AWS

RO: cum să gestionați conexiunea VPN cu clientul atunci când utilizați K8s pe AWS

RU: как управлять VPN-соединением с клиентом при использовании K8s на AWS

VI: cách quản lý kết nối VPN với khách hàng khi sử dụng K8s trên AWS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.