Subsections of Proxy
Daocloud
1. install container tools
systemctl stop firewalld && systemctl disable firewalld
sudo dnf install -y podman
podman run -d -P m.daocloud.io/docker.io/library/nginxKubeVPN
1.install krew
- download and install
krew
- download and install
- Add the $HOME/.krew/bin directory to your PATH environment variable.
export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"- Run kubectl krew to check the installation
kubectl krew list2. Download from kubevpn source from github
kubectl krew index add kubevpn https://gitclone.com/github.com/kubenetworks/kubevpn.git
kubectl krew install kubevpn/kubevpn
kubectl kubevpn 3. Deploy VPN in some cluster
Using different config to access different cluster and deploy vpn in that k8s.
kubectl kubevpn connectYour terminal should look like this:
➜ ~ kubectl kubevpn connect
Password:
Starting connect
Getting network CIDR from cluster info...
Getting network CIDR from CNI...
Getting network CIDR from services...
Labeling Namespace default
Creating ServiceAccount kubevpn-traffic-manager
Creating Roles kubevpn-traffic-manager
Creating RoleBinding kubevpn-traffic-manager
Creating Service kubevpn-traffic-manager
Creating MutatingWebhookConfiguration kubevpn-traffic-manager
Creating Deployment kubevpn-traffic-manager
Pod kubevpn-traffic-manager-66d969fd45-9zlbp is Pending
Container Reason Message
control-plane ContainerCreating
vpn ContainerCreating
webhook ContainerCreating
Pod kubevpn-traffic-manager-66d969fd45-9zlbp is Running
Container Reason Message
control-plane ContainerRunning
vpn ContainerRunning
webhook ContainerRunning
Forwarding port...
Connected tunnel
Adding route...
Configured DNS service
+----------------------------------------------------------+
| Now you can access resources in the kubernetes cluster ! |
+----------------------------------------------------------+already connected to cluster network, use command kubectl kubevpn status to check status
➜ ~ kubectl kubevpn status
ID Mode Cluster Kubeconfig Namespace Status Netif
0 full ops-dev /root/.kube/zverse_config data-and-computing Connected utun0use pod productpage-788df7ff7f-jpkcs IP 172.29.2.134
➜ ~ kubectl get pods -o wide
NAME AGE IP NODE NOMINATED NODE GATES
authors-dbb57d856-mbgqk 7d23h 172.29.2.132 192.168.0.5 <none>
details-7d8b5f6bcf-hcl4t 61d 172.29.0.77 192.168.104.255 <none>
kubevpn-traffic-manager-66d969fd45-9zlbp 74s 172.29.2.136 192.168.0.5 <none>
productpage-788df7ff7f-jpkcs 61d 172.29.2.134 192.168.0.5 <none>
ratings-77b6cd4499-zvl6c 61d 172.29.0.86 192.168.104.255 <none>
reviews-85c88894d9-vgkxd 24d 172.29.2.249 192.168.0.5 <none> use ping to test connection, seems good
➜ ~ ping 172.29.2.134
PING 172.29.2.134 (172.29.2.134): 56 data bytes
64 bytes from 172.29.2.134: icmp_seq=0 ttl=63 time=55.727 ms
64 bytes from 172.29.2.134: icmp_seq=1 ttl=63 time=56.270 ms
64 bytes from 172.29.2.134: icmp_seq=2 ttl=63 time=55.228 ms
64 bytes from 172.29.2.134: icmp_seq=3 ttl=63 time=54.293 ms
^C
--- 172.29.2.134 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 54.293/55.380/56.270/0.728 msuse service productpage IP 172.21.10.49
➜ ~ kubectl get services -o wide
NAME TYPE CLUSTER-IP PORT(S) SELECTOR
authors ClusterIP 172.21.5.160 9080/TCP app=authors
details ClusterIP 172.21.6.183 9080/TCP app=details
kubernetes ClusterIP 172.21.0.1 443/TCP <none>
kubevpn-traffic-manager ClusterIP 172.21.2.86 84xxxxxx0/TCP app=kubevpn-traffic-manager
productpage ClusterIP 172.21.10.49 9080/TCP app=productpage
ratings ClusterIP 172.21.3.247 9080/TCP app=ratings
reviews ClusterIP 172.21.8.24 9080/TCP app=reviewsuse command curl to test service connection
➜ ~ curl 172.21.10.49:9080
<!DOCTYPE html>
<html>
<head>
<title>Simple Bookstore App</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">seems good too~