This documentation is a reference architecture for a multi-tenant application where an instance of OpenVPN in each Kubernetes namespace is needed to connect to each facility's store.
This diagram shows running OpenVPN inside a Docker container using a single VM inside Azure with a Public IP.
This diagram shows running OpenVPN instance per Kubernetes namespace on an AKS cluster.
A multi-tenant Kubernetes cluster with OpenVPN container deployed per namespace with remote access to corresponding on-premises stores. Each namespace must be isolated from others.
- Familiarity with Docker and Kubernetes networking
- Linux VM in Azure with Public IP as a Docker Host
- AKS Cluster in Azure with Calico Network Policy
- Docker Desktop Running Docker + Kubernetes and WSL(This is optional if you are using #3 and #4. This option can be use for quick testing)
Note: Steps 1-6 involves manual steps to prove out end-to-end network connectivity for this POC design. Starting task#6 we will introduce automation.
- Run Openvpn Access Server(openvpn-as) container on a docker host
- Configure and test end-to-end connectivity with Openvpn Client
- Build docker-compose.yaml file
- Generate k8s manifest files using kompose
- Run the container in AKS
- Test outbound access from AKS pod -> OpenVPN Client for connections initiated from AKS side
- Configure AKS pod as an OpenVPN client
- Build a secure custom image for OpenVPN server (not Access Server)
- Build automation and devops practice
- Secure management access
- Kubernetes namespace security with Azure Policy
Thank you Tommy Falgout for the contributions