Twingate tryout to access private IP from K8s cluster

Subscribe to my newsletter and never miss my upcoming articles

Twingate is Secure access to private data for your distributed workforce. It provides a simple, modern approach to securing online work Twingate enables organisations to rapidly implement a modern zero-trust network that is more secure and maintainable than VPNs. Delivered as a cloud-based service, Twingate empowers IT teams to easily configure a software-defined perimeter without changing infrastructure, and centrally manage user access to internal apps, whether they are on-prem or in the cloud.

In this guide we will see:

  • How to deploy Twingate connector on Civo Kubernetes via Marketplace

  • How to setup twingate account

  • How to install Twingate client application and access private IP's from the cluster

Deploy Twingate Connector on Civo Kubernetes via marketplace

We'll use Civo Kubernetes, which is based on K3s, to experiment with this quickly. If you don’t yet have an account, sign up here. You could also use any other Kubernetes cluster you have access to.

Create a new cluster from the UI (you can also use Civo CLI) and select Twingate app from the marketplace Your Alt Text

Once ready you should see the cluster with ready nodes. Your Alt Text

Make sure you have kubectl installed, and the kubeconfig file for your cluster downloaded so that you can run kubectl get nodes and get details of the cluster you just created:

kubectl get nodes
NAME                                STATUS   ROLES                  AGE   VERSION
k3s-twingate-fc341107-node-4c50     Ready    <none>                 68s   v1.20.2+k3s1
k3s-twingate-fc341107-master-eeb3   Ready    control-plane,master   78s   v1.20.2+k3s1
k3s-twingate-fc341107-node-3fa2     Ready    <none>                 67s   v1.20.2+k3s1

Check the Twingate connector installation

kubectl get pods     
NAME                                  READY   STATUS                       RESTARTS   AGE
twingate-connector-7d77f45b9b-g5g5r   0/1     CreateContainerConfigError   0          117s

It will be in CreateContainerConfigError as we need to create a configmap and secret that will be done in the next step.

Twingate setup walkthrough

In this we will setup Twin gate account and get the tokens for creating configmap and secret

Go to twingate.com to create a trial account and get Started Your Alt Text

Signup with your preferred method and enter the team Your Alt Text

Select the private resources that you want to access Your Alt Text

Add Team members Your Alt Text

Select a plan to try out Your Alt Text For this demo we just choose Twingate teams

Setup the connector Your Alt Text

Add a connector Your Alt Text

Generate the tokens Your Alt Text

Create following secret with the tokens from above

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: connector
stringData:
  accessToken: "Access Token"
  refreshToken: "Refresh Token"

Also create a config map as below Here th eurl will be the once you chose during setup.

apiVersion: v1
kind: ConfigMap
metadata:
  name: connector
data:
  url: https://civo.twingate.com

After creating the configmap and secret you should see the status as connected

Your Alt Text

Create a deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo
  template:
    metadata:
      labels:
        app: demo
    spec:
      containers:
        - name: demo
          image: nginxdemos/hello:latest

Go to the Network and add resource Your Alt Text

Add resource with the IP of the pod

kubectl get pods -owide
NAME                                  READY   STATUS        RESTARTS   AGE   IP           NODE                               NOMINATED NODE   READINESS GATES
demo-58f4cb989b-jzm68                 1/1     Running       0          14s   10.42.1.7    k3s-linkerd-60ab3687-node-dcfa     <none>           <none>

Your Alt Text

Twingate client application and connecting to the resource created

In this section we will install the Twingate client application on MacOS and then connect to the resource created in above step via the browser.

Now install twingate locally on Mac -> docs.twingate.com/docs/macos

Your Alt Text

Configure the client app Your Alt Text Your Alt Text

You will be able to see the network connected and open the deployed application in browser Your Alt Text Your Alt Text

Wrapping up

In this way you can connect the resources within the network from anywhere. These are the private ip's assigned to the pods that you are able to access directly from the browser even without exposing the services!! Let me know on Twitter @SaiyamPathak if you try Twingate out on Civo Kubernetes!

No Comments Yet