On 2022-06-06 19:45, Kevin Fenzi wrote:
2. Try and get the ocp4 compute nodes on our vpn. I looked around and could not find any handy openvpn reference for openshift4. I'm guessing this needs a machine-config of some kind to establish the vpn and possibly some kind of ingress policy to allow incoming connections there.
That can be done, but I'm not sure doing it with machine-config is the right way. Instead, I would run a deployment (or daemonset) on all workers that run a router pod, with at least hostnetwork capability (this part needs to be checked). This pod will run the openvpn process and since the openshift router listen on all interfaces by default, it should be available through the vpn automagically.
darknao _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
