Announcements
December 19, 2017 By jason-mcalpin 2 min read

Connecting your Kubernetes cluster to on-premises resources

Writing microservices in containers and deploying them to a Kubernetes cluster running on IBM Cloud is a great way to create greenfield applications. Frequently you’ll also have mountains of useful data hosted by on-premises systems.  What if you can’t migrate this data to the cloud due to compliance reasons, but you still want to allow your new microservice application to leverage it?

In the IBM Cloud Container Service you can use a Vyatta Gateway Appliance or Fortigate Appliance as an IPSec VPN endpoint to connect your Kubernetes cluster to your on-premise datacenter. This allows your services running in Kubernetes to communicate with on-premise applications and resources through a secure encrypted tunnel.  Information on how to configure the IPSec VPN endpoint with a Vyatta Gateway Appliance can be found here.

Setting up a Vyatta Gateway Appliance or Fortigate Appliance as an IPSec VPN endpoint is not a simple, straight forward task.   The complexity and cost of both of these appliances makes them unattractive solutions when you have a single small Kubernetes cluster or multiple small clusters located in different IBM Cloud regions. The IBM Cloud Container Service now supports a third IPSec VPN method, the Strongswan IPSec VPN service, which resolves these concerns.

Strongswan IPSec VPN service

Unlike the Vyatta Gateway Appliance or Fortigate Appliance solutions which sit outside of your cluster, the Strongswan IPSec VPN service is completely integrated within your Kubernetes cluster. The IPSec VPN endpoint is provided as a Kubernetes pod. Configuration, deployment, and management of the Strongswan IPSec VPN service is also much easier since the normal Kubernetes commands can be utilized. Better yet, there is no additional charge for using the Strongswan IPSec VPN service.

The Strongswan IPSec VPN service consists of a Kubernetes service, a deployment, a daemon set, and multiple config maps. All of these resources and bundled together and delivered as a single Kubernetes Helm chart:

  • Configuration of the VPN service is provided by setting a handful of fields in a config yaml file. If unique VPN settings are required, a complete IPSec configuration file can be specified.

  • A single Helm install command deploys the Strongswan IPSec VPN configuration and automatically creates all the required Kubernetes resources.

  • Once VPN connectivity is established with the on-premises data center, a Kubernetes daemon setconfigures routing on each of the worker nodes.

  • Helm provides additional commands that allow: statusupgrade , rollback , and deletion of the VPN service after it has been deployed.

For more information on how you can use the Strongswan IPsec VPN service to securely connect your worker nodes to your on-premises data center, see Setting up VPN connectivity with the Strongswan IPSec VPN service in the IBM Cloud Container Service documentation.

jason-mcalpin

More from Announcements
July 2, 2024

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

May 15, 2024

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

April 11, 2024

Reflecting on IBM’s legacy of environmental innovation and leadership

4 min read - Upholding a legacy of more than 50 years of environmental responsibility through our company’s actions and commitments, IBM continues to be a leader in driving sustainability for our business, our communities and our clients—including a 34-year history of annual, public environmental reporting, which we continue today. As a hybrid cloud and artificial intelligence (AI) company, we believe that leveraging technology is key to unlocking impact, and it will play a substantial role in how society addresses, adapts to, and overcomes…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters