Deploy IPsec VPN server on Kubernetes

  1. #kubernetes
  2. #vpn

NOTE: In general case, you should not setup the VPN server on the kubernetes. If you need the VPN services, you should create an independent instance of it or use cloud platform’s VPN service. Otherwise, you may have some security risk.

Steps

  1. Create vpn.yaml and replace vpn_ipsec_psk, vpn_user and vpn_password by your secret

    apiVersion: apps/v1beta2
    kind: StatefulSet
    metadata:
    name: vpn
    spec:
    selector:
      matchLabels:
        app: vpn
    serviceName: vpn
    replicas: 1
    template:
      metadata:
        labels:
          app: vpn
      spec:
        containers:
          - name: vpn
            image: hwdsl2/ipsec-vpn-server
            imagePullPolicy: Always
            securityContext:
              privileged: true
            ports:
              - containerPort: 500
                hostPort: 500
                name: vpn-isakmp
                protocol: UDP
              - containerPort: 4500
                hostPort: 4500
                name: vpn-ike
                protocol: UDP
            env:
              - name: "VPN_IPSEC_PSK"
                value: "vpn_ipsec_psk"
              - name: "VPN_USER"
                value: "vpn_user"
              - name: "VPN_PASSWORD"
                value: "vpn_password"
  2. Deploy to your cluster

    kubectl apply -f vpn.yaml
  3. Check your public IP of VPN server

    kubectl logs vpn-0

    And your will see below information

  4. Open your VPN client and connect to VPN to check it

References

  1. https://github.com/hwdsl2/docker-ipsec-vpn-server
  2. https://kubernetes.io/docs/concepts/configuration/overview/