OpenVPN : Access your k8s cluster

1. Install OpenVPN on the Cluster:
   Ensure that OpenVPN is deployed as a pod or service within your Kubernetes cluster. This installation is a prerequisite for any remote connections to the cluster.

2. Verify Installation:
   you will find OpenVPN under installed components.

Access & Security

1. Download VPN Configuration File:
   In the Access & Security section, download the VPN configuration file. This file contains the basic settings required by your VPN client.

2. Adding a Firewall Rule

Under the VPN Firewall Rules section, click on Add firewall rule to specify a CIDR block that will allow networks or individual IP addresses to access your cluster.

• Example 1:
  Rule: 85.95.6.3/32
  Explanation: This rule permits access exclusively from the IP address 85.95.6.3.

• Example 2:
  Rule: 85.95.0.0/16
  Explanation: This rule allows access from all IP addresses within the range 85.95.0.0 to 85.95.255.255.
  Calculation:

  • Starting IP: 85.95.0.0

  • Ending IP: 85.95.255.255

  • Total Addresses: 65,536 (i.e., 2^(32-16))

These rules ensure that only the specified networks or IP addresses can access your cluster, providing a secure and controlled environment.

VPN Configuration File

Important:
The VPN configuration file provided by Kubedna is a starting point. On its own, it is not sufficient to secure access to your cluster.

Firewall Rules and IP Whitelisting

1. Add VPN Firewall Rules:
   To secure your cluster, configure the VPN firewall rules. This step involves defining the allowed IP addresses or network ranges that can access the server.

2. Whitelist Allowed IP Addresses:
   Update your firewall settings to include the IP addresses or network ranges that are permitted to connect to the VPN server. This is crucial to prevent unauthorized access.

3. Configure the VPN Client Settings:
   Once the firewall rules are in place, adjust your VPN configuration file to reflect the allowed IP ranges. This may involve editing the file or importing it into your VPN client with the updated settings.

Connecting to Your Network

1. Use a Supported VPN Client:
   Import the updated VPN configuration file into your preferred VPN client, such as:

   • OpenVPN Client

   • Tunnelblick (for macOS)

2. Establish Connection:
   Launch your VPN client and connect using the imported configuration. Once connected, your client will have a secure tunnel into your Kubernetes cluster.

Accessing Your Cluster

1. Download the kubeconfig File:
   In addition to the VPN configuration, download the kubeconfig file from Kubedna. This file is required to interact with your Kubernetes cluster using tools like kubectl.

2. Configure kubectl:
   Use the kubeconfig file to set up your kubectl context:

   CODE

   bash

   Copy

   export KUBECONFIG=/path/to/your/kubeconfig.yaml kubectl get nodes

   This will confirm that you have proper access to your cluster.

Additional Notes

• Security Reminder:
  Always ensure that your VPN firewall rules are up-to-date. The configuration file must be tailored to include the correct allowed IP addresses or network ranges.

• Troubleshooting:
  If you are unable to connect, verify that:

  • OpenVPN is properly running on the cluster.

  • Firewall rules have been correctly configured.

  • The VPN client configuration file is updated with the allowed IPs.

  • The kubeconfig file is properly set up to access the cluster.

For further assistance, consult the Kubedna support team or refer to our online documentation portal.