Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: use private networks instead of wireguard VPN #286

Open
fogs opened this issue Jul 12, 2019 · 8 comments
Open

Feature request: use private networks instead of wireguard VPN #286

fogs opened this issue Jul 12, 2019 · 8 comments

Comments

@fogs
Copy link

fogs commented Jul 12, 2019

Hetzner recently introduced private networks to configure traffic between cloud VM instances. This feature is still marked as beta.

Giving users the choice between provider networks and the wireguard VPN on the hosts would be a nice feature for hetzner-kube though.
@LKaemmerling
Copy link
Contributor

FYI: We have opened a Beta for our Cloud Controller Manager with Networks support: hetznercloud/hcloud-cloud-controller-manager#19 (comment)
I guess when we can release our new provider, it would be really easy to implement this feature request, so please help us testing the provider :) Please keep in mind: Do not run this beta software on production nodes!

@mavimo
Copy link
Collaborator

mavimo commented Jul 27, 2019

@fogs @LKaemmerling I'm on it, are you interested on some kind of preview in order to test it? :)

@LKaemmerling
Copy link
Contributor

@mavimo sure :) I am available for testing :D

@suchwerk
Copy link

suchwerk commented Aug 5, 2019

Hey @mavimo I would like to test also :)

@mavimo
Copy link
Collaborator

mavimo commented Aug 6, 2019

Hey, sorry I was a bit late on my tests.

There are some blocker related to the external worker (that will not be able to joint the VPN), I need to test if is possible to have a mixed network (VPN for external + Hetzner Network for internal nodes), but I think will add extra complexity that I'm not sure that can be handled; a secondo option is to drop external worker but I dunno how many user should be affected (I never used external worker but I know that someone use this feature).

I'll keep you updated ;)

@LKaemmerling
Copy link
Contributor

What about providing booth @mavimo (optional)?

When a user wants to use wireguard VPN he can use it (with external workers)
When a user wants to use our Networks he can use it (only with hcloud workers)

@mavimo
Copy link
Collaborator

mavimo commented Aug 6, 2019

@LKaemmerling should be an option :)

Actually I'm not convinced from this options since:

  • it add more complexity to the project (we I think actually there is not enough work force to maintains "variant")
  • add extra cost to handle E2E tests (we are not spending too much to have it working but if we add a duplication we "duplicate" also the cost)
  • since adding external worker should be done any time this will force user to destroy and recreate the cluster if they start with a "hetzner network" version until we add a migration procedure (that is not so easy to manage)

@LKaemmerling @suchwerk @xetys WDYT?

@mcadam
Copy link

mcadam commented Aug 8, 2019

Hey, any change to get a PR to try that out? I am going to start a new test cluster soon and could give some feedback too :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mavimo @fogs @suchwerk @mcadam @LKaemmerling