search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.61k stars 8.99k forks source link

[Enhancement]: EKS should support 100.64.0.0/10 and 198.19.0.0/16 #37396

Open taliesins opened 1 month ago

taliesins commented 1 month ago

Description

EKS supports 100.64.0.0/10 and 198.19.0.0/16 CIDR blocks as per: https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-eks-now-supports-additional-vpc-cidr-blocks/

If you try to use these CIDR blocks you will receive an error

╷
│ Error: invalid value for kubernetes_network_config.0.service_ipv4_cidr (must be within 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16)
│ 
│   with module.eks-cluster.module.eks_blueprints.aws_eks_cluster.this[0],
│   on .terraform/modules/eks-cluster.eks_blueprints/main.tf line 27, in resource "aws_eks_cluster" "this":
│   27: resource "aws_eks_cluster" "this" {
│ 
╵

The validation expression to fix is: https://github.com/hashicorp/terraform-provider-aws/blob/fbad5d3b00f58789b2b70fc6188ea240f1191e49/internal/service/eks/cluster.go#L191C8-L191C168

In big organizations that have grown through aquisitions, they tend to have a very fragmented ip spaces. So it would be great if we could make use of this extra ip space.

Affected Resource(s) and/or Data Source(s)

aws_eks_cluster

Potential Terraform Configuration

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 1 month ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

acwwat commented 1 month ago

I could be wrong, but It seems that EKS services still need to run within the RFC 1918 private IP range (as required by the CreateCluster API), but worker nodes can leverage the extended range using CNI custom networking. This blog post provides a Terraform example for such a setup.