We are implementing a CI infrastructure as Docker stacks.
Some of the containers in the stacks now need to access external services, only available through an OpenVPN connection, let's say on the 192.168.2.0/24 subnet.
In order to keep containers as "single-purpose" as possible, we would ideally like to add a Docker container acting as a VPN gateway, through which other containers could talk to the 192.168.2.0/24 subnet.
This first raises a complication: a VPN client containers needs the cap-add of NET_ADMIN, which is not available in the swarm mode we are using to deploy stack. Is there a work around, appart from starting the VPN client container as standalone through docker run?
And more importantly, once we have the vpnclient container running and connected, how can we configure other containers in the swarm to actually use it as a gateway to reach all IPs on the 192.168.2.0/24 subnet?