Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AwsVpcPeering prevent CIDR overlapping of the remote and pods network #1066

Open
ijovovic opened this issue Mar 6, 2025 · 0 comments
Open

AwsVpcPeering prevent CIDR overlapping of the remote and pods network #1066

ijovovic opened this issue Mar 6, 2025 · 0 comments
Assignees
@vandjelk

Comments

@ijovovic
Copy link
Contributor

ijovovic commented Mar 6, 2025

Problem
If the peered remote VPC CIDR overlaps with the Kymas Kubernetes pods network, Kyma workloads want be able to hit services in remote network.

For example lets have the folllowing Kyma network configuration

networking:
pods: 10.96.0.0/13
nodes: 10.250.0.0/22
services: 100.104.0.0/13
And remote network CIDR 10.100.0.0/17 that overlaps with pods CIDR 10.96.0.0/13.

After applying the AwsVpcPeering resources Cloud Manager will establish VPC peering connection since the CIDRs of the physical networks beeing peered does not collide.

AWS VPC peering API is not aware of the configured pods and services container networks therefore it does not take them into account.

Proposed solution
We must document this limitation so that users does not run into an issue while configuring their networking.

Check whether remote VPC CIDR overlaps with the Kymas Kubernetes pods network before VPC peering connection is established and show a Warning to the user.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vandjelk vandjelk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vandjelk @ijovovic