Thanks for the great work on this project! KOPS is a life saver!
When creating a private topology, I noticed that a utility subnet is created with an internet gateway, while the main subnet is created with a nat gateway. We also have the api-elb set to internal when creating the cluster. My understanding is that the private subnet is where the api-elb, master, and nodes would live, but that the utility network was set up for things like ingress load balancers.
In our situation, we have an internal development environment that must be accessed via a VPN. We do not want any public facing subnets, load balancers, ingresses, etc. In this situation I see to options:
Do we even need a "utility" subnet in this situation? Is the intent of the utility subnet simply to provide an internet facing spot for ingress / services, or is there some other use? Could it just be removed?
If it is needed, could we have an option to mark it as private as well. In this case could the utility network just have a route to the same nat gateway as the main subnet?
Either way I don't believe that we need an internet gateway at all. At this point, I am thinking about just creating the subnets in AWS manually and then configuring KOPS to use them. I am eagerly awaiting the --subnets and --utility-subnets options in the create cluster to streamline this, but I believe for now I can create the cluster and then edit it with subnet ids before updating it.
mmacfadden
All 10 comments
I am interested in this as well
ms4720
on 25 Dec 2017
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 25 Mar 2018
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale
fejta-bot
on 24 Apr 2018
/remove-lifecycle rotten
levpaul
on 27 Apr 2018
I would like to be able to specify --no-utility-subnets or pass in an empty string to --utility-subnets to avoid these subnets altogether.
levpaul
on 27 Apr 2018
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 26 Jul 2018
/remove-lifecycle stale
ms4720
on 17 Aug 2018
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
fejta-bot
on 16 Sep 2018
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
fejta-bot
on 16 Oct 2018
@fejta-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue with/reopen.
Mark the issue as fresh with/remove-lifecycle rotten.Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
k8s-ci-robot
on 16 Oct 2018
Related issues
drewfisher314
路
4Comments
rot26
路
5Comments
Caskia
路
3Comments
georgebuckerfield
路
4Comments
justinsb
路
4Comments
Most helpful comment
I would like to be able to specify
--no-utility-subnetsor pass in an empty string to--utility-subnetsto avoid these subnets altogether.