I have created main.tf which has the code for following resources and are created using for_each with variables.tf having the map for subnets
1 vpc
2 public subnets
2 private subnets
With in the same main.tf,I want to dynamically associate the route table to the created subnets but unable to understand how to reference the subnet ids using output or any other process.
Related
I'm looking to use custom VPC and not the default ones while making a cluster setup of Ant Media Server on AWS using the cloudformation.
Could you please let me know how can I create custom VPC or if there's something critical that should be kept in mind while creating custom VPC to go with cloudformation!
Thanks.
One thing to keep in mind is that let's say you created a vpc with 10.0.0.0/16 IP addresses, you need to create two subnets for example 10.0.0.0/24 and 10.0.1.0/24 ,then you should create a internet gateway for those subnets to make them available: ( https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html )
You should also check the routing table if the subnet has internet gateway:
Also in the subnets, you should double check if Auto-assign public IP addresses is enabled. It is not going to work if there is no auto-assigned public IP on the instances.
Then it should be fine with these adjustments.
Cheers
I have a compute engine instance with persistent file storage that I need outside of my GKE cluster.
I would like to open a specific TCP port on the Compute Engine instance so that only nodes within the GKE cluster can access it.
The Compute Engine instance and GKE cluster are in the same GCP project, network, and subnet.
The GKE cluster is not private and I have an ingress exposing the only service I want exposed to the internet.
I've tried creating firewall rules of three different types that do not work:
By shared service account on both Compute Engine instance and K8s nodes.
By network tags - (yes I am using the network tags as explicitly specified on the VM instance page).
By IP address, where I use network tag for target and private IANA IP ranges 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 for source.
The only thing that works is the last option but using 0.0.0.0/0 for source IP range.
I've looked at a few related questions such as:
Google App Engine communicate with Compute Engine over internal network
Can I launch Google Container Engine (GKE) in Private GCP network Subnet?
But I'm not looking to make my GKE cluster private and I have tried to create the firewall rules using network tags to no avail.
What am I missing or is this not possible?
Not sure how I missed this, fairly certain I tried something similar a couple months back but must have had something else misconfigured.
On the GKE cluster Details page, there is a pod address range. Setting the firewall source range to GKE pod address range gave me the the desired outcome.
I have a Kubernetes cluster setup with on bare-metal local nodes(all nodes are accessible through the public network and private network ).
I want to add an EC2 node to this cluster.
I have four nodes as MASTER, WORKER-1, WORKER-2, EC2-NODE.
MASTER, WORKER-1, WORKER-2 has full connectivity through the public and private networks.
But EC2-NODE is only accessible on public networks from any node.
I have tried joining the EC2 node to the cluster and give --node-ip=$public_ip_of_ec2_node,
EC2 node joined successfully and mark as ready but services are not reachable from other nodes to the EC2 node. It joins on the private network interface (eth0) and exposes the private IP of the EC2 node to the cluster.
In the Kubernetes, there is a requirement that all nodes have full internet connectivity between them either private or public. What does it mean?
Is it required to have a single network interface among nodes?
Any help would be nice.
Thank you in advance.
System Info:
Kuberenetes version: 1.16.2
Pod network: Flannel
Let's start with understanding how to implement the Kubernetes networking model:
There are a number of ways that this network model can be implemented.
This document is not an exhaustive study of the various methods, but
hopefully serves as an introduction to various technologies and serves
as a jumping-off point.
There you can find a list of networking options. Among them there is Flannel:
Flannel is a very simple overlay network that satisfies the Kubernetes
requirements. Many people have reported success with Flannel and
Kubernetes.
Flannel is responsible for providing a layer 3 IPv4 network between
multiple nodes in a cluster. Flannel does not control how containers
are networked to the host, only how the traffic is transported between
hosts. However, flannel does provide a CNI plugin for Kubernetes and a
guidance on integrating with Docker.
You are already using Flannel as a CNI plugin.
Please let me know if you find the info above helpful.
I am running kubernetes(v1.7) and flannel(v0.9.0) which was installed using kubeadm.
I want to know that-
How does a node get a subnet?
Where are all allocated subnets stored and how I can see them?
How does flannel interact with kubernetes?
Thanks,
flannel gives the POD IP address. network range is defined in subnet.env file
# cat /var/run/flannel/subnet.env
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.0.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
Allocated IPs are stored in etcd database in the Master Node. you can query API server to view them
Flannel is a virtual network that gives a subnet to PODs. when Kubernetes start the pod it gets the IP address from flannel and assign to PODs
you can look at the network info like this from etcd database.
export ETCDCTL_API=3; etcdctl get "/registry/configmaps/kube-system/kubeadm-config" --prefix=true
I am trying to setup a Kaa cluster with 3 kaa-node servers. I would like to know whether each node (bootstrap service & operations_service) must have its own public IP address? Otherwise the endpoint will not be able to access them?
But I have only one Public IP address & one Domain Name. Each node has it's own local ip address. How can I setup this kaa-cluster?
on each node:
open kaa-node.properties file at /etc/kaa-node/conf directory.
change thrift_host and transport_public_interface properties onto the local IP address.
Then you need to integrate kaa-node with the following services:
Zookeeper, SQL and NoSQL databases.
For more information, refer to the following documentation page.
As alternative, you are able to setup kaa cluster using docker environment. Also, look to the documentation page.
Please, take into account that docker extension is supported from kaa 0.10 version.