Comments (5)
kahkhang
commented on May 22, 2024
Hmm I'm sorry I haven't really looked into the networking traffic and verified that the api servers are communicating through the private network. It might actually be the case that the nodes are communicating using the public ip, since each of them is using a kubeconfig file with the public ip address. If so, that is a bug that needs fixing. The traffic is TLS secured though, but would probably be better if we can have it communicate over a private network. Also, perhaps using a Calico network overlay instead of flannel (https://www.projectcalico.org/calico-network-policy-comes-to-kubernetes/) might be more convenient than manually configuring iptable routes, since it supports the K8S NetworkPolicy resource (https://kubernetes.io/docs/concepts/services-networking/network-policies/), and K8S automatically configures the necessary underlying network, including iptables. I didn't use this because I wanted to keep the setup simple, but this can possibly be supported with some tweaking and experimentation.
I doubt its using IPv6 networking because the config file is using a IPv4 address (https://github.com/kahkhang/kube-linode/blob/master/install-coreos.sh#L125), but I must admit my knowledge of computer networking is pretty limited so I'm not exactly sure.
I think this issue warrants looking into. I think a general fix would be to replace the public IP address with the private IP address in this line: https://github.com/kahkhang/kube-linode/blob/master/linode-utilities.sh#L321. Unfortunately I'll be rather busy this week so I might not be able to fix this right away.
Thanks!
from kube-linode.
orbitalmedia
commented on May 22, 2024
I think PeerVPN might be a solution for internal networking - for now I think its great you got this established over Public Networking - great job.
from kube-linode.
r4j4h
commented on May 22, 2024
PeerVPN seems like it's not maintained anymore, but could be a good solution. A fork of it renamed to MeshVPN and is more up to date but not sure of its state. There is also another mesh-based VPN called tinc which is well maintained but IIRC is working on reducing memory usage still which may be a factor here. Sorry I'm only complicating things 😊
Also, yes, great job putting this all together!! :)
from kube-linode.
camflan
commented on May 22, 2024
WireGuard works really well for this as well, fwiw
- Camron
… On Feb 11, 2018, at 3:42 PM, Jasmine Hegman ***@***.***> wrote:
PeerVPN seems like it's not maintained anymore, but could be a good solution. A fork of it renamed to MeshVPN and is more up to date but not sure of its state. There is also another mesh-based VPN called tinc which is well maintained but IIRC is working on reducing memory usage still which may be a factor here. Sorry I'm only complicating things 😊
Also, yes, great job putting this all together!! :)
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
from kube-linode.
zllovesuki
commented on May 22, 2024
IPSec (StrongSwan) in Transport mode is also a good option. Kernel based VPN is always the most performant. The latest Linode kernel (4.15.13-x86_64-linode106, despite what the UI is actually saying) supports AES-GCM, which is an another order of magnitude faster AEAD cipher to use.
from kube-linode.
Related Issues (20)
- Kubernetes 1.10
- Stuck on Enter Linode API Key - Urgent Help Needed HOT 13
- ERR_SSL_PROTOCOL_ERROR HOT 10
- SSL_ERROR_INTERNAL_ERROR_ALERT on Ingress services HOT 13
- Allow user to specify SSH key(s) to use
- Clairify what email is used for
- Verify contents of downloaded files
- Validate SSH host keys
- Try out OpenEBS
- Make email address optional HOT 1
- Prompt before deleting any files on teardown HOT 2
- Add a new ssh key HOT 2
- Hangs at "Installing CoreOS" with no PRIVATE_IP for legacy accounts HOT 3
- Let user choose to reuse old settings / create new cluster with new settings
- Guide for arch linux installation - install.sh missing HOT 2
- Old kubernetes version is deployed HOT 1
- Question: Kube Linode Backups? HOT 1
- Issue with rook provisioning HOT 5
- No Config Profile provided HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-linode.