Need help with connecting to VPN protected URL from a container running on local Kubernetes pod

development

#1

Hello Folks

I need help. I’m using Kubernetes (version# 1.10) which comes as part of Docker Desktop (version# 18.09.2) for my local Windows 10. I’ve setup Jenkins container running in a pod. I need to access a bitbucket URL which is protected by VPN from the build pipeline I’ve created on Jenkins. I’m connected to VPN from my local system using Cisco VPN client when running Kubernetes on my local. However, I keep getting “Destination Host Unreachable” error in Jenkins for the bitbucket URL. I’ve tried adding name server entry into kube-dns config map and restarted kub-dns pod also after that but no luck. Any help is greatly appreciated.


#2

I don’t know what docker for windows does with the network, nor about windows. So, take this with several grains of salt.

What I would do is try to see if the pods packet arrive to the host or not, with Wireshark or some windows equivalent. If they don’t, then see how docker for windows config can be changed. And if they do arrive, see how to configure windows to forward them (Linux, by default, does not forward/act as a router, for example. Don’t know about windows).

Sorry if this isn’t very helpful. My windows knowledge is close to 0, hopefully somebody else answers with more knowledge :slight_smile:


#3

Thank you Rodrigo. So unfortunately, I wasn’t able to run wire-shark on my host and/or target host / network to check on packets but, after doing some more research, I found that by default, VMs don’t have any knowledge of network setup of host machines and it directly routes the traffic to the external gateway configured on your network. So, I need to use window’s NAT service (network address translation service) to enable routing of network traffic of virtual machine to host system’s network. With this setting, I can connect my host system to VPN and VM’s network will also be able to resolve to IP/DNS on that private network. Unfortunately, By default, Docker Desktop creates an internal Hyper-V switch instead of external one which is not NAT enabled and I couldn’t find a direct way to explicitly specify/change this setting. However, I was able to achieve my end goal by creating/using NAT enabled external virtual switch (I used Default Switch provided by Windows itself which is NAT enabled by default) with Minikube for windows and everything works now :slight_smile: Thanks again for taking time to extend your help. I’m going to write a blog on this so that others can also use it if they run into same kind of situation/need.


#4

Thank you very much for detailed email. I’m glad you found a way to make it work. Sorry I didn’t help much :slight_smile:

Minikube is a great option, in my opinion. So, glad it is working for you :slight_smile: