CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use a route table with separate (rather than inline) routes 

* Allow users to extend the route table using a data reference
and adding route resources (e.g. unusual peering setups)
* Note: Internally connecting AWS clusters can reduce cross-cloud
flexibility and inhibits blue-green cluster patterns. It is not
recommended
This commit is contained in:
Dalton Hubble 2020-02-25 23:12:19 -08:00
parent f4d260645c
commit 3250994c95
4 changed files with 42 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGES.md
View File

@ -9,6 +9,7 @@ Notable changes between versions.
#### AWS #### AWS
* Fix `worker_node_labels` for setting initial worker node labels on Fedora CoreOS ([#651](https://github.com/poseidon/typhoon/pull/651)) * Fix `worker_node_labels` for setting initial worker node labels on Fedora CoreOS ([#651](https://github.com/poseidon/typhoon/pull/651))
* Allow VPC route table extension via reference ([#654](https://github.com/poseidon/typhoon/pull/654))
#### Google Cloud #### Google Cloud

22
aws/container-linux/kubernetes/network.tf
View File

@ -25,21 +25,23 @@ resource "aws_internet_gateway" "gateway" {
resource "aws_route_table" "default" { resource "aws_route_table" "default" {
vpc_id = aws_vpc.network.id vpc_id = aws_vpc.network.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gateway.id
}
route {
ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gateway.id
}
tags = { tags = {
"Name" = var.cluster_name "Name" = var.cluster_name
} }
} }
resource "aws_route" "egress-ipv4" {
route_table_id = aws_route_table.default.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gateway.id
}
resource "aws_route" "egress-ipv6" {
route_table_id = aws_route_table.default.id
destination_ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gateway.id
}
# Subnets (one per availability zone) # Subnets (one per availability zone)
resource "aws_subnet" "public" { resource "aws_subnet" "public" {

22
aws/fedora-coreos/kubernetes/network.tf
View File

@ -25,21 +25,23 @@ resource "aws_internet_gateway" "gateway" {
resource "aws_route_table" "default" { resource "aws_route_table" "default" {
vpc_id = aws_vpc.network.id vpc_id = aws_vpc.network.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gateway.id
}
route {
ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gateway.id
}
tags = { tags = {
"Name" = var.cluster_name "Name" = var.cluster_name
} }
} }
resource "aws_route" "egress-ipv4" {
route_table_id = aws_route_table.default.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gateway.id
}
resource "aws_route" "egress-ipv6" {
route_table_id = aws_route_table.default.id
destination_ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gateway.id
}
# Subnets (one per availability zone) # Subnets (one per availability zone)
resource "aws_subnet" "public" { resource "aws_subnet" "public" {

17
docs/architecture/aws.md
View File

@ -79,6 +79,23 @@ resource "aws_security_group_rule" "some-app" {
} }
``` ```
## Routes
Add a custom [route](https://www.terraform.io/docs/providers/aws/r/route.html) to the VPC route table.
```tf
data "aws_route_table" "default" {
vpc_id = module.temptest.vpc_id
subnet_id = module.tempest.subnet_ids[0]
}
resource "aws_route" "peering" {
route_table_id = data.aws_route_table.default.id
destination_cidr_block = "192.168.4.0/24"
...
}
```
## IPv6 ## IPv6
AWS Network Load Balancers do not support `dualstack`. AWS Network Load Balancers do not support `dualstack`.