mknod: /dev/net/tun Operation not permited on kubernetes cluster using openvpn/stable

Question

I am setting a openvpn service inside my kubernetes cluster, the issue is that i've done this before and saved the chart configuration, but now i can't really pin the problem of this issue:

i've tried everything i could think of but can't really figure out what is causing this, tiller and everything already has permissions in the cluster.

mknod: /dev/net/tun: Operation not permitted
Mon Oct 21 11:24:12 2019 OpenVPN 2.3.14 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 18 2016
Mon Oct 21 11:24:12 2019 library versions: LibreSSL 2.4.4, LZO 2.09
Mon Oct 21 11:24:12 2019 Diffie-Hellman initialized with 2048 bit key
Mon Oct 21 11:24:12 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Oct 21 11:24:12 2019 ROUTE_GATEWAY 172.31.248.0/255.255.0.0 IFACE=eth0 HWADDR=22:15:8b:7a:8d:53
Mon Oct 21 11:24:12 2019 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)

LE: works on containerd and docker, looks like it's an issue with crio

Answer 1

Right now I can only guess that the issue is because you are missing NET_ADMIN capabilities.

You can try fixing this by adding the capabilities, your pod might look like this:

apiVersion: v1
kind: Pod
metadata:
  name: context-demo
spec:
  containers:
  - name: ctx
    image: gcr.io/google-samples/node-hello:1.0
    securityContext:
      capabilities:
        add: ["NET_ADMIN"]

Just copy the securityContext part to your pod or deployment and test it.

Unfortunately there isn't enough information posted by you so I can provide a better answer. Please edit the question and provide more details like which image are you using and how are you deploying the openvpn.