Skip to main content
LEAP Docs
Gitlab Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Welcome to the LEAP documentation!
  2. /
  3. Overview
  4. /
  5. Overview of Podlily
Edit page

Overview of Podlily

Overview

Kubernetes has become a common standard to run applications on but it is not (yet) a general practice to run a VPN system on Kubernetes. With podlily we are exploring this deployment method. Naturally there are still hardening issues that we will address in the future, e.g. rootless containers.
This overview shows the current podlily setup, which helm charts install which pods, which pods run on which nodes on which cluster.

Helm Charts

Currently podlily relies on 4 helm-charts: helm-backend, helm-gateway, kube-prometheus-stack and Grafana Alloy. You can install these helm-charts on k3s clusters. K3s is a lightweight kubernetes distribution.

graph
  subgraph "grafana-alloy"
      alloy(alloy)
  end
  subgraph "kube-prometheus-stack"
      alertmanager(alertmanager)
      node-exporter(node Exporter)
      operator(prometheus Operator)
      state-metrics(kube state metrics)
      grafana(grafana)
  end
  subgraph "helm-gateway"
      gw-openvpn(openvpn)
      gw-menshen-agent(openvpn menshen-agent)
      gw-obfsvpn(obfsvpn)
      gw-ovpn-addons[kresd, openvpn prometheus exporter]
  end
  subgraph "helm-backend"
      traefik(traefik)
      menshen(menshen)
  end

Clusters, Nodes and Pods

In order to provide best global scalability, podlily’s default architecture requires at least 2 different clusters. The first one contains the backend components such as the provider’s configuration API menshen, system monitoring and alerting. The second cluster is a single-node cluster serving as a gateway. The following diagram shows the nodes in each cluster.

graph TD
  subgraph "gateway-cluster 1 location B"
    gatewayB1((gateway-B-1))
  end

  subgraph "gateway-cluster 1 location A"
    gatewayA1((gateway-A-1))
  end

  subgraph "backend-cluster"
    monitoring((Monitoring))
    controller((Controller))
    backend((Menshen))
  end

Pods running on the Backend cluster

Node Pod Role Link
Monitoring Alertmanager Manages alerts and notifications repository
Grafana Visualization tool for metrics Grafana
Kube State Metrics Exposes metrics about the state of the Kubernetes objects repository
Prometheus Operator Manages lifecycle and configuration of Prometheus components repository
Node Exporter Exposes hardware and OS metrics from nodes repository
Prometheus Collects and stores metrics Prometheus Docs
Controller Core DNS Provides DNS service for the Kubernetes cluster CoreDNS
Node Exporter Exposes hardware and OS metrics from nodes repository
Traefik Ingress controller managing external access to services Traefik Docs
Backend Node Exporter Exposes hardware and OS metrics from nodes repository
Menshen distributes gateways and bridges for LEAP VPN repository

Pods running on a Gateway cluster

Node Pod / Deamon Set Role Link
Gateway 1 Location A Menshen Agent Sends Gateway configuration and availability to Menshen repository
OpenVPN TCP OpenVPN service accepting TCP connections OpenVPN
OpenVPN UDP OpenVPN service accepting UDP connections OpenVPN
obfsvpn Bridge / traffic obfuscation proxy repository
Grafana Alloy Metrics collector Grafana
kresd DNS resolver for gateway Kresd Docs
Openvpn Metrics exporter exports openvpn metrics for Prometheus repository