Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EKS] [request]: Definable Service ClusterIP CIDR range #216

Open
dewjam opened this issue Mar 20, 2019 · 6 comments

Comments

@dewjam
Copy link

@dewjam dewjam commented Mar 20, 2019

Tell us about your request
What do you want us to build?
Expose the "--service-cluster-ip-range" kube-apiserver flag so it can be defined by customers at EKS cluster creation time.

Which service(s) is this request for?
EKS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
Currently, the Service ClusterIP CIDR range is statically defined as 10.100.x.x/16 or 172.20.x.x/16 depending on the subnet range assigned to the VPC you're deploying workers to. Being unable to define the Service ClusterIP CIDR range can result in IP overlaps if the same range is in use elsewhere in the infrastructure. The issue would manifest as pods being unable to talk to a specific external service/resource if a ClusterIP service happens to be assigned the same IP and port as the external service/resource.

Are you currently working around this issue?
EKS is not being used in favor of a more flexible option. Someone could work around this issue by designating a specific port to be used by all ClusterIP services that is not used by any on-premise services. This could be difficult to enforce for large organizations with many applications.

Additional context
A more generic solution to allow "kube-apiserver" or "kube-controller" flags to be defined by the customer would also be a good approach. This could be an "advanced" configuration option that a customer can opt into, but otherwise sane defaults are provided.

Attachments
N/A

@dewjam dewjam added the Proposed label Mar 20, 2019
@dewjam dewjam changed the title [EKS] [request]: Definable ClusterIP Service CIDR range [EKS] [request]: Definable Service ClusterIP CIDR range Mar 20, 2019
@dawidmalina

This comment has been minimized.

Copy link

@dawidmalina dawidmalina commented Mar 22, 2019

It's very good idea! 👍

@tabern tabern added the EKS label Mar 26, 2019
@pawelprazak

This comment has been minimized.

Copy link

@pawelprazak pawelprazak commented Apr 18, 2019

this feature would be necessary for cross-cluster service discovery and connectivity, wouldn't it?

@BeneStem

This comment has been minimized.

Copy link

@BeneStem BeneStem commented May 6, 2019

And if you are using VPN connection and having an already blocked network range...

@chrw

This comment has been minimized.

Copy link

@chrw chrw commented May 6, 2019

I would love to see this feature because the assigned CIDR range 10.100.0.0/16 is colliding with a network of our VPN connections!

@msvechla

This comment has been minimized.

Copy link

@msvechla msvechla commented May 17, 2019

How is this not configurable? This behaviour is completely intransparent for the enduser. Currently this is also colliding with a private network for us.

@pfremm

This comment has been minimized.

Copy link

@pfremm pfremm commented Aug 7, 2019

Any updates if this has made it to the EKS roadmap?

@mikestef9 mikestef9 added this to Researching in containers-roadmap Aug 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
8 participants
You can’t perform that action at this time.