Add more CIDR ranges for AWS backing services #2290
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
We are starting to run out of IPv4 addresses in production (London) because we only have 3 * /24 which is max 768 (not including reserved)
This PR adds 6 new /24 blocks across AZs
This takes our theoretical per region capacity from 768 single instances to 2304 single instances
Before we could use a CIDR in the security group definition (although it was a bit too big) because
10.0.52.0/22
encapsulated10.0.{52,53,54}.0/24
However now there are more, there is no one CIDR range which neatly contains all new services, instead we can use the start and the end of the CIDR ranges, as long as they are ordered numerically and we update the correct key in the output variable
Along the way, we can remove
zone_index
andzone_labels
variables which are no longer usedHow to review
Code review
Deploy this to your development environment
Ensure that
cf security-group elasticache_broker_instances
andcf security-group rds_broker_instances
are correctDo something like this
for i in $(seq 1 9); do cf create-service postgres tiny-unencrypted-11 test-subnets-$i; sleep 3; done
and check that databases can be created in subnets other than10.0.5{2,3,4}.0/24
Do the same but for Elasticache
Who can review
Not @tlwr