Hi all, Weare running an OpenVPN server for clients on various versions of Ubuntu for tunnel termination. We also have a highly customised radius plugin for auth and various attribute applications. We also run FRR with BGP for these servers. My issue is that it’s an admin nightmare to keep all our servers (100+) updated on the OS version, and all the radius plugins updated to the latest stable release.
I am investigating building a Kubernetes environment and containerise our servers. I am new to Docker and investigating if it’s even possible especially because we have multiple applications having dependencies on one another. Any recommendations or pointers for this deployment?
Could you clarify some parts of your question? Maybe It’s just me, but I’m not sure I understand.
Do you really want to run Kubernetes? The rest of the question does not indicate you need it. If you need only Docker, you can probably run the services in a container, but we usually run one process in one container. You can run multiple processes if necessary, but then you need an init process / process manager (s3-init, supervisor) and but it is often easier to choose the best base image for each services and run multiple containers which can communicate over the network or using common volumes (shared folders).
You can search for the mentioned services on Docker Hub. For examle if you want radius, this might be interesting:
Good day, let’s forget about Kubernetes in this discussion. What I am after is if we used to run an Ubuntu server with OpenVPN, FRR for instance, how can I make OpenVPN and FFR interact with each other inside a Docker containers, or for that matter containers inside a POD. Is it possible? For instance if traffic comes in on the OpenVPN container and a route lookup needs to be done can that lookup be redirected or action by FRR running in a seperate docker container? I hope I’m clear on this request.
I’m not the best guy to ask when it comes to OpenVPN or any VPN in containers. Since I would need to try it and never had to, I leave that part to someone else, but it was discussed on the forum in multiple topics and I would either use the openvpn container as a gateway or connect to its network namespace which has downsides as all containers would use the same container network.
On the other hand, even if you run openVPN in a container but use the host network and give the container permission to handle host network, that should work and other containers could use that connection, unless I’m wrong and it needs some special routing, but I don’t see why. At least when I start Surfshark VPN on my Mac, and run Docker Desktop, and then this command:
docker run --rm -it curlimages/curl:8.4.0 'https://api.ipify.org?format=json
I get the IP address on the VPN.
I don’t know what FRR is. Can you share a link or the meaning of the abbreviation?