search

gardener / gardener-extension-provider-aws

Gardener extension controller for the AWS cloud provider (https://aws.amazon.com).
https://gardener.cloud
Apache License 2.0
19 stars 97 forks source link

Specify additional security groups for nodes. #1

Open mvladev opened 6 years ago

mvladev commented 6 years ago

It should be possible to deploy 2 or more Shoots in the same network (in AWS - VPC) and configure the secure groups on the nodes, so the pods / nodes from the different clusters are routeable to each other.

This is a requirement for Istio multicluster:

The usage of an RFC1918 network, VPN, or alternative more advanced network techniques to meet the following requirements:
- Individual cluster Pod CIDR ranges and service CIDR ranges must be unique across the multicluster environment and may not overlap.
- All pod CIDRs in every cluster must be routable to each other.
- All Kubernetes control plane API servers must be routable to each other.
marwinski commented 6 years ago

This is also a requirement from another stakeholder of ours. As they currently need to re-enable communication between the clusters manually they need IaaS access which is something that we would like to avoid. I would therefore bump up the priority slightly.

vasu1124 commented 4 years ago

Connected also with https://github.com/gardener/gardener-extensions/issues/313

ghost commented 2 years ago

Hi, our team also need this feature to enforce security rules for specific nodes.