Double Checking How Kubernetes Works #1762
-
In the wiki there are instructions for using I want to be sure before I start running traffic on my Kubernetes server, so I don't accidentally leak any data out through a non VPN route. My understanding is that containers in the same pod share the same networking namespace. Which is essentially what the Additional thought: Has anyone tried using Kubernetes Network Policies on a pod to ensure that traffic only goes through the VPN? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
I'm also interested. Have you find the answer @Noah-Huppert? I hanve't done that yet, but my plan is to apply policies with Calico. |
Beta Was this translation helpful? Give feedback.
-
@renannprado Oh shoot sorry for not updating this thread with my solution. Basically what I learned is that within a Kubernetes pod all stuff related networking is shared between containers (at least using Digital Ocean managed k8s which I believe uses Cilium). This means if you run Glutun as one of the containers in your pod, other containers will only be able to send traffic via the VPN. I used Kubernetes network policies just as an extra safety net in case the VPN shut down. Here is a link to the Kustomize stack I made which runs qBittorrent and Glutun. This is specifically how I ran Glutun and here is where I setup a network policy only allowing VPN traffic. I obtained the IPs in the network policy using these steps. |
Beta Was this translation helpful? Give feedback.
@renannprado Oh shoot sorry for not updating this thread with my solution. Basically what I learned is that within a Kubernetes pod all stuff related networking is shared between containers (at least using Digital Ocean managed k8s which I believe uses Cilium). This means if you run Glutun as one of the containers in your pod, other containers will only be able to send traffic via the VPN.
I used Kubernetes network policies just as an extra safety net in case the VPN shut down.
Here is a link to the Kustomize stack I made which runs qBittorrent and Glutun. This is specifically how I ran Glutun and here is where I setup a network policy only allowing VPN traffic. I obtained the IPs in the …