amazon-vpc-cni-k8s Include SNAT CIDR

What would you like to be added: We would like a new parameter for SNAT configuration : 'AWS_VPC_K8S_CNI_INCLUDE_SNAT_CIDRS'.

Why is this needed: We are currently trying to avoid natting : with clusters greater than 100 nodes and a few thousand pods, our NAT tables are full. We want to use an overlapping subnet dedicated to pods to avoid beeing limited in IPs with AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG feature. This overlapping subnet isn't routed in our VPN, and natting is necessary for that. All traffic to internet goes throught a NAT Gateway.

So, if we want to nat only vpn traffic, we have to list all "internet" cidrs and exclude them with 'AWS_VPC_K8S_CNI_EXCLUDE_SNAT_CIDRS' which is really bad. A parameter 'AWS_VPC_K8S_CNI_INCLUDE_SNAT_CIDRS' would be much easier and cleaner.

Sep 21 '20 09:09 tanguyfalconnet

I'm trying to do it by myself : https://github.com/aws/amazon-vpc-cni-k8s/compare/master...tanguyfalconnet:feat/include_snat_cidrs

Sep 21 '20 10:09 tanguyfalconnet

#1229 is pending review. Once it is reviewed will close this issue.

Jan 21 '21 21:01 jayanthvn

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

Apr 13 '22 00:04 github-actions[bot]

Issue closed due to inactivity.

Apr 27 '22 00:04 github-actions[bot]

/reopen

Apr 27 '22 01:04 jayanthvn

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

Jun 28 '22 00:06 github-actions[bot]

/notstale

Jun 28 '22 04:06 jayanthvn

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

Sep 21 '22 17:09 github-actions[bot]

Issue closed due to inactivity.

Oct 06 '22 00:10 github-actions[bot]

amazon-vpc-cni-k8s amazon-vpc-cni-k8s copied to clipboard

Include SNAT CIDR

amazon-vpc-cni-k8s
amazon-vpc-cni-k8s copied to clipboard