背景
最近在开发微服务,有个别本地需要调用开发k8s集群中的pod
故使用vpn方式打通本地和pod网络
配置步骤
1、下载helm chart
wget http://mirror.azure.cn/kubernetes/charts/openvpn-4.2.5.tgz
tar zxvf openvpn-4.2.5.tgz
cd openvpn
2、修改values.yaml
replicaCount: 1
updateStrategy: {}
imagePullSecretName:
image:
repository: jfelten/openvpn-docker
tag: 1.1.0
pullPolicy: IfNotPresent
service:
type: NodePort
externalPort: 443
internalPort: 443
externalIPs: []
nodePort: 32085
annotations: {}
podAnnotations: {}
ipForwardInitContainer: true
resources:
limits:
cpu: 300m
memory: 128Mi
requests:
cpu: 300m
memory: 128Mi
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 2
persistence:
enabled: false # 我的开发集群没有pvc, 如果有打开,否则每次重启client 证书文件会变
accessMode: ReadWriteOnce
size: 2M
openvpn:
OVPN_NETWORK: 10.9.0.0
OVPN_SUBNET: 255.255.0.0
OVPN_PROTO: tcp
OVPN_K8S_POD_NETWORK: "10.42.0.0" # 修改成自己的pod网络,当然也可以加svc网络
OVPN_K8S_POD_SUBNET: "255.255.0.0"
DEFAULT_ROUTE_ENABLED: false
dhcpOptionDomain: true
redirectGateway: false
useCrl: false
taKey: false
istio:
enabled: false
proxy:
port: 15001
iptablesExtra: []
ccd:
enabled: false
config: {}
nodeSelector: {}
tolerations: []
3、安装到集群
helm install openvpn . -f values.yaml -n xxx
根据这步的输出获取client.ovpn配置文件,然后使用openvpn软件连接即可
4、连接vpn即可访问pod网络