On Tue, Jun 07, 2022 at 01:15:48PM +0200, darknao wrote: > > On 2022-06-06 19:45, Kevin Fenzi wrote: > > 2. Try and get the ocp4 compute nodes on our vpn. I looked around and > > could not find any handy openvpn reference for openshift4. I'm guessing > > this needs a machine-config of some kind to establish the vpn and > > possibly some kind of ingress policy to allow incoming connections > > there. > > > That can be done, but I'm not sure doing it with machine-config is the right > way. > Instead, I would run a deployment (or daemonset) on all workers that run a > router pod, with at least hostnetwork capability (this part needs to be > checked). > This pod will run the openvpn process and since the openshift router listen > on all interfaces by default, it should be available through the vpn > automagically. Hum... that sounds reasonable, but I am not sure what the details would look like. ;( Would that be in openshift-ingress? The vpn part itself is pretty simple, just needs the openvpn service, a small config file and a pub/private/ca cert tripplet. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
