poor-man's vpn in k8s

Kubernetes option with port-forwarding is pretty handy to get into the internal network, but this access is scope limited to a single pod. How can we expand our access scope to get the same “view” as a pod ie. having access to database instance outside of kubernetes cluster ? This capability is presented by VPN connection, but sometimes with unnecessary complexity especially when you want to have one-time action. Now into the play comes an option called poor man’s VPN, maybe not so poor because Kubernetes itself deliver authentication and authorization capability to create that kind of connection. I’ve met three options:

• use port-forward capability to pod that contains socat, which can establish a selected connection for you. This approach is being described here, a wrapper around socat resides here. The pretty handy solution, but limited to a single connection, can be further tweaked by using socks connection from socat.
• kuttle smart wrapper around popular sshuttle, because it doesn’t require ssh connection instead using custom ssh-cmd to get into the selected pod with python to establish a tunnel. More powerful than the previous one, because of the capability of sshuttle like DNS resolving and passing traffic to selected network not single endpoint.
• telepresence is the most powerful one, but it’s not intended to use as VPN connection. More or less it puts your local machine into Kubernetes cluster and you can intercept traffic coming to the selected service for debugging purpose. To achieve that goal your local machine gets all the required network routes with the option of adding a custom ones, so you will get the same “view” as pod.