-
Notifications
You must be signed in to change notification settings - Fork 314
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[EKS] [request]: Definable Service ClusterIP CIDR range #216
Comments
It's very good idea! 👍 |
this feature would be necessary for cross-cluster service discovery and connectivity, wouldn't it? |
And if you are using VPN connection and having an already blocked network range... |
I would love to see this feature because the assigned CIDR range 10.100.0.0/16 is colliding with a network of our VPN connections! |
How is this not configurable? This behaviour is completely intransparent for the enduser. Currently this is also colliding with a private network for us. |
Any updates if this has made it to the EKS roadmap? |
Any news on this one. I got asked by our AWS account manager what's blocking us from using EKS and this is exactly it! 😉 |
This would be very useful to be able to configure! |
Would love to see this built out. My current network configuration makes use of both 10.100 and 172.20 ip spaces, thus, making it hard for me to use EKS and reliably communicate with private services that reside outside of EKS. |
Curious if there is any work going on with this feature request? :-) |
Hmmm .... IIRC is this already resolved. At least in Terraform / API I used subnet IDs from the VPC in EKS. Or did I misunderstand the issue?
|
Update: I didn't read the issue fully, Yes, the services are still on that fixed IPs even with Kubernetes 1.14, Platform version eks.2 on AWS. |
We need this so we can define static IP for our services. |
Hey all, You can configure the Kubernetes Service IP Range on newly created EKS clusters. |
Does EKS use configured service IP range to generate proper in-cluster DNS service address? I use a custom service IP range |
Tell us about your request
What do you want us to build?
Expose the "--service-cluster-ip-range" kube-apiserver flag so it can be defined by customers at EKS cluster creation time.
Which service(s) is this request for?
EKS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
Currently, the Service ClusterIP CIDR range is statically defined as 10.100.x.x/16 or 172.20.x.x/16 depending on the subnet range assigned to the VPC you're deploying workers to. Being unable to define the Service ClusterIP CIDR range can result in IP overlaps if the same range is in use elsewhere in the infrastructure. The issue would manifest as pods being unable to talk to a specific external service/resource if a ClusterIP service happens to be assigned the same IP and port as the external service/resource.
Are you currently working around this issue?
EKS is not being used in favor of a more flexible option. Someone could work around this issue by designating a specific port to be used by all ClusterIP services that is not used by any on-premise services. This could be difficult to enforce for large organizations with many applications.
Additional context
A more generic solution to allow "kube-apiserver" or "kube-controller" flags to be defined by the customer would also be a good approach. This could be an "advanced" configuration option that a customer can opt into, but otherwise sane defaults are provided.
Attachments
N/A
The text was updated successfully, but these errors were encountered: