Pod VPN to external ServicesΒΆ

If one of your Kubernetes applications needs to communicate with a service behind a VPN, it is the simplest solution to add a VPN connection to your application.

We recommend taking advantage of how sidecar containers work in a Kubernetes Pod. Instead of installing a VPN stack inside your application, start a sidecar container in the same pod as the VPN stack.

All containers in the same pod share network namespace, meaning that if one container runs a VPN connection, will other containers in the same pod use the same VPN connection.

This has been tested with OpenVPN and Wireguard sidecar containers. No unique configuration was needed for these 2 tests.

Example of a wireguard sidecar configuration

  - name: wireguard
    image: ghcr.io/linuxserver/wireguard
    imagePullPolicy: IfNotPresent
      privileged: true
          - NET_ADMIN
          - SYS_MODULE
      allowPrivilegeEscalation: true
      readOnlyRootFilesystem: false
      - mountPath: /config
        name: wireguard