OpenVPN¶
Overview¶
To ensure secure, encrypted access to Kubernetes clusters, KubeDNA integrates OpenVPN as a standard component in every deployed environment. This ensures secure communication between users and the Kubernetes control plane, especially for private and on-premise deployments.
β Architecture¶
In KubeDNA, OpenVPN is not automatically deployed as part of the base cluster installation.
- Every KubeDNA cluster includes its own isolated OpenVPN server instance.
- This instance runs within the cluster and is preconfigured to only allow access to that specific cluster.
- VPN is integrated at the networking layer to restrict API access to authenticated VPN users only, enhancing security.
π€ Per-User Configuration Access¶
Each user that has access to a KubeDNA cluster can download their own personalized OpenVPN configuration file via the UI:
Path:
Selected Cluster > Access & Security > Download VPN Config
- Configuration files are pre-generated with unique client certificates and keys.
- Users can connect securely to the cluster using standard OpenVPN clients (Windows, macOS, Linux).
- Easy integration with team management and identity providers for scalable access control.
π Security & Compliance¶
- TLS encryption between client and server.
- Certificate-based authentication ensures strong identity enforcement.
- VPN logs and connection records are available for auditing purposes.
- IP whitelisting and usage control via KubeDNAβs access policies.