feature/private networking #1
Conversation
| for etcdIndex := 0; etcdIndex < config.EtcdCount; etcdIndex++ { | ||
|
|
||
| //Round-robbin etcd instances across all available subnets | ||
| subnetIndex := etcdIndex % len(config.Subnets) | ||
| subnet := config.Subnets[subnetIndex] | ||
| if config.EtcdPrivateSubnet { | ||
| subnet = config.EtcdSubnets[subnetIndex] | ||
| if config.Etcd.TopologyPrivate() { |
There was a problem hiding this comment.
I like this way of automatically recognizing which topology an user meant to use 👍
| //This means this Internet Gateway already exists, and we can reference it directly by ID | ||
| config.InternetGatewayRef = fmt.Sprintf("%q", config.InternetGatewayID) | ||
| } | ||
|
|
There was a problem hiding this comment.
nit: I'd like this even more if this is achieved by a function like the below so that we can eliminate the mutable field/state InternetGatewayRef:
func (s DeploymentSettings) InternetGatewayRef() string {
if config.InternetGatewayId != "" {
return fmt.Sprintf("%q", config.InternetGatewayID);
} else {
return fmt.Sprintf(`{ "Ref" : %q }`, config.InternetGatewayLogicalName)
}
}
neoandroid
force-pushed
the
masters-private-subnet
branch
from
62887e9
to
a9cc9cf
Compare
| `, | ||
| expectedErrorMessage: "The experimental feature `waitSignal` assumes a node pool is managed by an ASG rather than a Spot Fleet.", | ||
| }, | ||
| { |
There was a problem hiding this comment.
FYI, this is how I tend to add minimum set of tests for error cases for each new feature.
- All the entries in the
parseErrorCasesslice are sorted in alphabetically ascending order ofcontext. configYamlis a completecluster.yamlwhich is expected to fail loading
|
|
||
| import "strings" | ||
|
|
||
| type Subnet struct { |
There was a problem hiding this comment.
nit: Naming this PrivateSubnet would better differentiate this and the existing Subnet(which is meant to be "public subnet").
| # # # Pre-allocated NAT Gateway. Used with private subnets. | ||
| # # id: "ngw-abcdef12" | ||
| # # # Pre-allocated EIP for NAT Gateways. Used with private subnets. | ||
| # # eipAllocationIDs: "eipalloc-abcdef12" |
There was a problem hiding this comment.
nit: Intended eipAllocationId rather than eipAllocationIDs? For historical reason(😝), it is Id rather than ID. You'd assign only one EIP to a NAT gateway hence singular Id instead of plural IDs.
There was a problem hiding this comment.
Oh, I've noticed that the corresponding model is already made so 👍 https://github.com/neoandroid/kube-aws/pull/1/files#diff-c76375ae6854b059e3f028487955882dR14
|
@mumoshu, I realized I might have gone a bit far w/ expected backwards compatibility when changing resource names in order to avoid redeploy issues (based on list index order). Is this something you see as a concern? interested in keeping this change? or would you prefer to stick with the more list order naming approach e.g. |
|
@icereval Thanks for thinking about that! Assuming you're mentioning on https://github.com/neoandroid/kube-aws/pull/1/files#diff-c76375ae6854b059e3f028487955882dR18, I like the change! You don't need to stick to the Backward compatibility should be kept as much as possible. However, IMHO, doing so while implementing this would unnecessary complicate things for you. I can revisit you and @neoandroid's change after merging to consider adding backward compatibility of that level or doing a big version bump if necessary, as myself being a maintainer. A bit more context; that's true I don't like unnecessarily breaking compatibility but we had not yet guaranteed So, please keep your great improvement on resource naming 👍 |
neoandroid
force-pushed
the
masters-private-subnet
branch
2 times, most recently
from
0942161
to
f654e6d
Compare
neoandroid
force-pushed
the
masters-private-subnet
branch
from
f654e6d
to
3b0562a
Compare
|
I finally merged the work from @icereval , I liked the approach and made a couple of modifications to have the same capabilities that I had with the previous PoC.
The rest of the changes I've added are small fixes: a typo in cluster.yml and a wrong reference for the Internet Gateway on the cfn template. |
Hey! hope this doesn't step on any toes as I know you had stated you were working on this, but I had some free time and was very interested in getting the private networking working for (and learning) kube-aws.
Code is brought up to speed w/ master and based on your PR #169 and the direction from @mumoshu #152 (comment).
Probably the biggest change to existing spec is it breaks away from the index based resource logical naming to a more predictable naming convention (e.g.
Subnet0->SubnetUsEast1a). Doing so allows for one to allocate a NAT GW per AZ avoiding a single point of failure while downstream referencing the name by Region/AZ from the node pool workers by Stack/LogicalName (e.g.cluster1-SubnetUsEast1aNatGateway).cluster.yamlsubnet/privateSubnetlist item order will not cause resources to be destroyed/created/reattached unnecessarily.I'd be happy to collaborate more directly to see this make it in.
TODO: