search

giantswarm / roadmap

Giant Swarm Product Roadmap
https://github.com/orgs/giantswarm/projects/273
Apache License 2.0
3 stars 0 forks source link

Network architecture for CAPA/CAPV hybrid MC #3587

Closed anvddriesch closed 1 month ago

anvddriesch commented 1 month ago

some resources: https://rutgerblom.com/2020/01/07/site-to-site-vpn-between-nsx-t-tier-1-and-aws-vpc/ https://intranet.giantswarm.io/docs/product/providers/capz/multi-provider/

Our MC is on CAPA. It is capable of provisioning CAPV and CAPA workload clusters.| CAPA MC is private with proxy CAPA MC is able to access the vSphere API. CAPA MC is able to access all CAPV WCs. CAPV WCs are able to access endpoints (k8s API and ingresses) of the MC.

### Tasks
- [x] IONOS - GS VPN
- [x] IONOS - AWS
- [x] AWS - GS VPN
- [x] AWS - IONOS
- [x] extend noproxy
anvddriesch commented 1 month ago

We set up the VPNs on IONOS and AWS sides modeled based on our Azure environment. Thanks to Simon and Xavier we finally got it working and Vsphere nodes are now reachable from goat mc nodes.

anvddriesch commented 1 month ago

CAPA MC is private with proxy ✅ CAPA MC is able to access all CAPV WCs. ✅ CAPV WCs are able to access endpoints (k8s API and ingresses) of the MC. ✅ CAPA MC is able to access the vSphere API. ⛔

For some odd reason we can not make the connection from AWS through GS VPN to the vcenter work. We tried on a different installation and had the same problem so it does not seem to be specific to the private environment but related to aws.

glitchcrab commented 1 month ago

i don't want to lose this - we need to add vcenter-rhr3c72bx1.ionoscloud.tools to goat's NO_PROXY vars