-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request for controller to acknowledge service networks and services managed by other accounts #317
Comments
To add to this: we also want to support the other direction, where account B shares a service to be associated with account A's service network. |
Adding to this. If Account A is running eks on a shared vpc, then the annotation The solution to this is to allow services shared to account b to be associated with the service network in account b. |
One possibly way to implement solution1:
|
Is there a recommended configuration for the k8s controller when lattice services are expected to be shared across accounts?
In an example scenario:
I have account A and account B
aws-application-networking-k8s/pkg/deploy/lattice/service_manager.go
Lines 271 to 283 in 3927a6e
I know there is the annotation that makes kubernetes ignore vpc associations to a gateway[0]. However even with this, the gateway/service network is still created in account A. In this scenario, account B wants to manage its own infrastructure as much as possible. With the current limitations it seems that all lattice resources must be created in 1 account and then shared out to other accounts.
Some possible solutions I can think of
I am definitely open to other ideas I am not considering and would be happy to add more context
[0] https://github.com/aws/aws-application-networking-k8s/blob/main/docs/multi-sn.md
Note: after discussion with @liwenwu-amazon on slack is sounds like prefer solution 1
In her words: "lattice controller not to disassociate lattice service from a lattice service network , if that lattice service network owned by a different account"
The text was updated successfully, but these errors were encountered: