0

I have a private Kubernetes cluster that needs to be accessible by a client, but I still want to keep everything enclosed within a VPN. Unfortunately, the VPN I created requires an address space that I've defined with a /12, containing too many addresses. To avoid sharing all those addresses with the client, I'm thinking of using an Application Gateway Ingress Controller (AGIC). This way, I can establish a site-to-site VPN and only connect the client to the gateway's address. Can I get an opinion on this solution? Could it work? Also, since it's an operation I've never done before, does the Application Gateway require any specific configuration? Thanks to anyone who can provide assistance.

kubernetes

DevLookForHelp
  • 1

1 Answers1

0

I would create a vnet with an better address range and then create subnets in that vnet for the vpn. Use that as a sort network hub and let the VPN land in there (if possible), and then using peering connect it to the other vnets where the VPNs needs access to and have the services from the private cluster. This is also more in detail explained in the hub and spoke architecture of the Microsoft reference architecture called enterprise scale https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke

You can then place the application gateway controller in a so called spoke-network, which peers with hub network

(a vnet peering is a connection in Azure between two vnets)

Turdie
  • 2,945