[EKS Control Plane] DISCOVERY: Figure out our IP space

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:

https://depo-platform-documentation.scrollhelp.site/index.html

281 stars 202 forks source link

[EKS Control Plane] DISCOVERY: Figure out our IP space #57612

Closed npeterson54 closed 1 year ago

npeterson54 commented 1 year ago

Description

The team would like to understand if we can create VPCs per cluster and/or additional private subnets to existing VPCs

Resources

https://github.com/department-of-veterans-affairs/platform-security/issues/251

Acceptance Criteria

[ ] Discuss the CSOC decision as a team

Refinement Guidance - Check the following before working on this issue:

[x] Team label assigned ("platform-tech-team-2")
[x] Epic assigned (if needed)
[x] Estimated (points assigned)
[ ] Sprint assigned (once planned)
[ ] Team member(s) assigned

ph-One commented 1 year ago

Currently needing to use existing IP space. There's a ticket in for CSOC to review using a separate VPC and/or private subnets for each cluster

jhouse-solvd commented 1 year ago

@ph-One & @hgbarreto - Please feel free to go ahead w/ the worker node IP address change. Per Gary's comment here

PSEC will continue to seek feedback from CSOC, but that isn't a blocker. A route (ie, NAT + ACL) may be needed to allow CSOC/BigFix scan access in the near future, but PSEC can create an issue for that once we've received additional info.

Thanks for bringing it to our attention! We'll look at how to streamline communication around changes like this moving forward. In the meantime, let me know if there's any additional info we can provide.

ph-One commented 1 year ago

Thank you @jhouse-solvd and @gary-fallon