Peering between workload cluster and management cluster if workload clusters are private

[teemow]

Question: can we really get rid of peering for CAPI

Our initial plans were to get rid of peering from management clusters and only let the management cluster talk to the k8s api of the workload cluster. This would allow us to create workload clusters with the same ip ranges used for the nodes.

If workload clusters are private - how can we access the api?

[teemow]

For AWS we will use VPC endpoints. GCP offers something similar. @giantswarm/phoenix-capi knows more about the details.

[alex-dabija]

Network traffic is routed through the transit gateway for CAPA. CAPZ has the equivalent of VPC endpoints implemented. CAPG only has public clusters support (all communication between MC and WC is done over the Internet).

I'm closing this because for CAPA we have a follow-up issue to implement VPC Endpoints. Also, CAPG is on-hold.