Network design: how to route (not NAT) all ip traffic from and to networks in different containers on different hosts

Hi docker community,

this may not be the right place to ask, but I found no better community/forum so far - please excuse me.

I’m some kind of an network engineer but new to docker networking and need a little hint or be pushed into the right direction.

I set up a (open)VPNserver in a docker container which creates a virtual network behind a TUN device, let´s say behind the containers network interface.

If I bridge the docker container to the host network via a macvlan-bridge I can set up a static route from my internal office lan to with the docker container as the gateway - so far so good.

But I´d like to use docker for terms of scaling, e.g. if more vpnClients are needed in a hurry, I´d like to (automatically) deploy a second container with the next network, maybe even on a different docker host.

How do I manage this by network design?

How do I dynamically know from my office backend router on what host, in which container I find client IP or in above’s example. There should be no NAT included, I would like to directly reach all VPN clients from my internal networks. Also for any traffic so that a reverse https proxy is not the solution :-).

I´m thinking about Kubernetes as a solution, I could route everything to “Kubernetes”, how does Kubernetes know to what POD to route the traffic (back) ?

I hope you understand my question and why I call it a “network design question”.

I´d be very happy about any ideas.

Bests Regards from Hamburg, Germany,