Kubernetes ingress to a Zerotier network

I am building a self-hosted setup using Kubernetes and exploring some possibilities in my homelab.

I already have a DNS server managed with NixOS, dnsmasq, and zerotier so I can use my customized hosts on my phone. Here is the relevant dotfile.

Now the challenge is to expose the ports of my Kubernetes cluster in the Zerotier network. It seems that the Kubernetes ingress controller is looking to reach itself by using the external IP but where I live I don’t have many options about CGNATs and Zerotier works really fine for ssh stuff. And all this stuff is basically just for me.

I do not want to access the services by using the real IP, or the local net IP, only the zerotier network, so I can theoretically leave it all unauthenticated and just use my zerotier network to log in to the services. I already use zerotier as a trusted network interface, so the firewall is disabled on that specific interface that represents my internal network.

I really don’t know if Kubernetes allows exposing a service port to a specific interface instead of the Internet or if I will have to port forward stuff to use the hosted applications.

I am running everything on NixOS btw.

So far here is what I have

systemd-run -E KUBECONFIG=/etc/kubernetes/cluster-admin.kubeconfig -u kubernetes-http-forward kubectl port-forward service/ingress-nginx-ingress 80:80 --address 

Working nicely, I just need to know how to limit it to listen only on the Zerotier interface as a second layer after the firewall then write a persistent systemd unit to finish this piece of art xD.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.