gardener-extension-provider-aws icon indicating copy to clipboard operation
gardener-extension-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon gardener

Specify additional security groups for nodes.

Open mvladev opened this issue 6 years ago • 3 comments

It should be possible to deploy 2 or more Shoots in the same network (in AWS - VPC) and configure the secure groups on the nodes, so the pods / nodes from the different clusters are routeable to each other.

This is a requirement for Istio multicluster:

The usage of an RFC1918 network, VPN, or alternative more advanced network techniques to meet the following requirements:
- Individual cluster Pod CIDR ranges and service CIDR ranges must be unique across the multicluster environment and may not overlap.
- All pod CIDRs in every cluster must be routable to each other.
- All Kubernetes control plane API servers must be routable to each other.

mvladev avatar Jun 14 '18 21:06 mvladev

This is also a requirement from another stakeholder of ours. As they currently need to re-enable communication between the clusters manually they need IaaS access which is something that we would like to avoid. I would therefore bump up the priority slightly.

marwinski avatar Jul 12 '18 11:07 marwinski

Connected also with https://github.com/gardener/gardener-extensions/issues/313

vasu1124 avatar Dec 17 '19 12:12 vasu1124

Hi, our team also need this feature to enforce security rules for specific nodes.

ghost avatar Apr 05 '22 08:04 ghost