[docs] How to interconnect tenant with external systems via VXLAN

[kvaps]

There are three systems:

• VPS hosting based on OpenNebula
• Bare Metal servers
• Cozystack for Kubernetes and managed services

Users can have isolated VPC network between OpenNebula and Bare Metal servers delivered using VXLAN technology.
We need to describe how to deliver such VLXANs on Cozystack.

User stories

• I have Kubernetes cluster in Cozystack and database that runs in VPS on OpenNebula, I want to connect my database from Kubernetes cluster over the private network.
• I want to access my Kubernetes services from my VPS over the private network

[qdrddr]

Consider utilizing Cilium Mesh with Isovalent Transit Gateway.
To make this work, install Transit Gateway next to the DB that attracts network traffic and redirects it into your k8s with Cilium.

Note: it's part of Isovalent Cilium Enterprise

https://isovalent.com/blog/post/introducing-cilium-mesh/

Alternatively, there is Cilium VXLAN Tunnel Endpoint
https://docs.cilium.io/en/stable/network/vtep

[qdrddr]

If the k8s and the DB are located in two different DCs not connected via VXLAN, you may consider using two routers connected via VPN, one next to the DB and the other in the same network with k8s.

[Uburro]

Alternatively, there is Cilium VXLAN Tunnel Endpoint

I think it good point. I will only expand the your idea - you can select the nodes like "router" which would work for interconnect amd entry point for other clusters and environments

[kvaps]

Decided that providing services without encryption on public addresses is not secure. Therefore, it is assumed that the user will access their services from their own Kubernetes cluster or virtual machines. If they need to access their services from outside, they can still use their own VPN server, set up in their namespace.