search

kubernetes-sigs / cluster-api-provider-aws

Kubernetes Cluster API Provider AWS provides consistent deployment and day 2 operations of "self-managed" and EKS Kubernetes clusters on AWS.
http://cluster-api-aws.sigs.k8s.io/
Apache License 2.0
644 stars 570 forks source link

API Evolution for VPC and Networking Topologies #1484

Open randomvariable opened 4 years ago

randomvariable commented 4 years ago

/kind feature

Describe the solution you'd like There are differing options on how to run Kubernetes clusters in AWS, these include:

How does a user figure out what one to use, and how best can we enable them?

Related issues include:

931, #1208 , #1158 , #1062 , #1727

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]

A proposal for this should include a evolutionary roadmap as far as the API goes. What are the most immediate concerns that can be addressed as additions to the v1alpha3 API, and what should be best considered as a breaking API changes.

randomvariable commented 4 years ago

@fabriziopandini if you have any thoughts on this, would be appreciated.

fabriziopandini commented 4 years ago

@randomvariable I have something similar in the radar, but I dubt we can workout details during this iteration rif https://github.com/kubernetes-sigs/cluster-api/issues/1729

  • [ ] Prototype interactive mode for allowing users to set "on-the-fly" the variables to be injected in the yaml for providers components or providers templates
  • [ ] Prototype a pluggable template system (vs supporting only variables substitution)

In order to ^^^, it should be defined a way for clusterctl to interact with each provider while creating the cluster template, because the providers are the owner of the knowledge of what can be configured or not, and considering this should be accepted by each provider, I assume this requires a CAEP

fejta-bot commented 4 years ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

detiber commented 4 years ago

/lifecycle frozen

richardcase commented 4 years ago

Also relates to #1643 and #1323

randomvariable commented 4 years ago

@richardcase Would be useful to get the requirements for EKS down. I would have thought we can make EKS work with the existing topology.

richardcase commented 4 years ago

@randomvariable - i'll start documenting the requirments. The current default topology doesn't work as the 2 subnets it creates (1 public & 1 private) are in a single az and EKS requires subnets in at least 2 azs.

richardcase commented 4 years ago

https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html

It would include stuff from there and other requirements.

moensch commented 4 years ago

I've been asked to document our specific topology in here (ref: https://kubernetes.slack.com/archives/CD6U2V71N/p1588804729193200)

Our starting point in the account is that a Direct Connect Gateway (DXG) exists. What we would need CAPA be able to do is:

  1. Accept DXG ID as input (probably as part of the AWSCluster NetworkSpec?)
  2. Ability to create a Virtual Private Gateway/VPN Gateway/VGW (it has many names)
  3. Attach the VGW to the VPC once it's created
  4. Attach the VGW to the DXG (that's a very slow process, several minutes to reconcile)
  5. Accept an array of CIDRs to add route table entries for with a target of the VGW (or a flag to enable route propagation)
randomvariable commented 4 years ago

/assign

randomvariable commented 4 years ago

/assign @voor

k8s-ci-robot commented 4 years ago

@randomvariable: GitHub didn't allow me to assign the following users: voor.

Note that only kubernetes-sigs members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. For more information please see the contributor guide

In response to [this](https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/1484#issuecomment-632061695): >/assign @voor Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
randomvariable commented 4 years ago

/lifecycle active (only from a gathering thoughts perspective)

Will be sharing a Google Doc with initial ideas in a little while. Will definitely be towards v1alpha4 though.

HerrmannHinz commented 4 years ago

another use/corner(?) case maybe: transit gateway peerings

we spin up clusters per default with internal loadbalancers only:

to make them available to the corp intranet/vpn users etc. we are doing some transit gateway peering afterwards to make it:

fejta-bot commented 3 years ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

richardcase commented 3 years ago

/remove-lifecycle stale

fejta-bot commented 3 years ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale

fejta-bot commented 3 years ago

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten

voor commented 3 years ago

/remove-lifecycle rotten

k8s-triage-robot commented 3 years ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

voor commented 3 years ago

/remove-lifecycle stale

richardcase commented 3 years ago

/lifecycle frozen

sedefsavas commented 3 years ago

/triage accepted

sedefsavas commented 2 years ago

Another use case is using only public subnets: https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/2997

enxebre commented 2 years ago

kinda related https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/3035

richardcase commented 2 years ago

/remove-lifecycle frozen

richardcase commented 2 years ago

/milestone v2.x

k8s-triage-robot commented 2 years ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 1 year ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

AverageMarcus commented 1 year ago

/remove-lifecycle rotten

Still relevant and related to https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/3711

AverageMarcus commented 1 year ago

Also relevant: https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/4026

enxebre commented 1 year ago

There are differing options on how to run Kubernetes clusters in AWS, these include:

Some thoughts: We'd probably want to also reason in terms of Control Plane vs Data Plane networking and how konnectivity enables that. We could also categorise topologies as public, private, PublicAndPrivate depending on how we expose the control plane components, e.g. in a private setup kas endpoint would only be accessible via privateLink.

k8s-triage-robot commented 4 months ago

This issue has not been updated in over 1 year, and should be re-triaged.

You can:

For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/

/remove-triage accepted

richardcase commented 4 months ago

/triage accepted

k8s-triage-robot commented 1 month ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

richardcase commented 1 month ago

/remove-lifecycle stale