Pod VPN to external Services¶
If one of your Kubernetes applications needs to communicate with a service behind a VPN, it is the simplest solution to add a VPN connection to your application.
We recommend taking advantage of how sidecar containers work in a Kubernetes Pod. Instead of installing a VPN stack inside your application, start a sidecar container in the same pod as the VPN stack.
All containers in the same pod share network namespace, meaning that if one container runs a VPN connection, will other containers in the same pod use the same VPN connection.
This has been tested with OpenVPN and Wireguard sidecar containers. No unique configuration was needed for these 2 tests.
Example of a wireguard sidecar configuration
containers: - name: wireguard image: ghcr.io/linuxserver/wireguard imagePullPolicy: IfNotPresent securityContext: privileged: true capabilities: add: - NET_ADMIN - SYS_MODULE allowPrivilegeEscalation: true readOnlyRootFilesystem: false volumeMounts: - mountPath: /config name: wireguard