Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable VPC peering for Kyma clusters #18197

Open
4 tasks
varbanv opened this issue Sep 20, 2023 · 12 comments
Open
4 tasks

Enable VPC peering for Kyma clusters #18197

varbanv opened this issue Sep 20, 2023 · 12 comments
Assignees
Labels

Comments

@varbanv
Copy link
Contributor

varbanv commented Sep 20, 2023

Description

Provide a way for end users to establish secure internal connectivity to other networks on the same hyperscaler via VPC peering.

Context

Problem

Currently, Kyma is a layer on top of Kubernetes and as such provides a very limited set of infrastructure configuration options at provisioning time.
However, customers looking to adopt Kyma that already use existing hyperscaler offerings already take advantage of more advanced networking capabilities in order to establish secure internal connectivity to other workloads.
Without such connectivity in Kyma, customers would require a much higher effort and increased risk tolerance in order to migrate or extend their existing workloads on Kyma.

Benefits

For customers:

  • greater flexibility around infrastructure requirements
  • ability to meet requirements in order to move workloads to Kyma
  • reduced time to market for new development that requires secure and fast connectivity to existing workloads

For us:

  • increase adoption
  • mitigate the abandoned BYOC approach

Potential problems

  • centralized network configuration management could complicate the implementation

Acceptance criteria

  • Users can enable/disable VPC peering via Kyma Dashboard and command line
  • Kyma will provide a mechanism for end users to access relevant information related to the VPC peering configuration
  • The use of VPC peering will not require users to have direct access to the Kyma managed hyperscaler accounts
  • Kyma will provide a reasonable solution for end users to monitor the state of the VPC peering setup
@kyma-bot
Copy link
Contributor

This issue or PR has been automatically marked as stale due to the lack of recent activity.
Thank you for your contributions.

This bot triages issues and PRs according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 7d of inactivity since lifecycle/stale was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Close this issue or PR with /close

If you think that I work incorrectly, kindly raise an issue with the problem.

/lifecycle stale

@kyma-bot kyma-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 19, 2023
@varbanv varbanv removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 24, 2023
@pbochynski
Copy link
Contributor

The prototype has been started. Two repositories are created in kyma-project:

@ngrkajac
Copy link

For the sake of simplicity, we have moved all code to one repo. You can find all the code in the cloud-resources-manager repo now.

https://github.com/kyma-project/cloud-resources-manager - control plane, runtime operator

Copy link

This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs.
Thank you for your contributions.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 16, 2024
@varbanv varbanv removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 18, 2024
Copy link

This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs.
Thank you for your contributions.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 18, 2024
@varbanv varbanv removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 21, 2024
@ngrkajac
Copy link

ngrkajac commented Jun 3, 2024

Status update

VPC Peering is under development.

We have a working MVP for VPC Peering on GCP. It's a happy path, but the "create" VPC Peering flow is working. We will finish VPC Peering creation for Azure soon, with AWS right after.

More info will arrive soon.

Copy link

github-actions bot commented Aug 3, 2024

This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs.
Thank you for your contributions.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 3, 2024
@varbanv varbanv removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 5, 2024
@ngrkajac
Copy link

Status update: Development is done (mostly); we are in communication with the SRE team to add proper principals for every Cloud Provider.

@ngrkajac
Copy link

ngrkajac commented Sep 9, 2024

Dev is done, currently, this is being tested, and in a few days will be pushed to the stage.

@zhoujing2022
Copy link
Collaborator

Hello @ngrkajac The planned Due-day was end of September. Is there any new update. Thx a lot.

@ngrkajac
Copy link

ngrkajac commented Nov 4, 2024

VPC Peering features are already developed, deployed, and enabled for some customers.

The feature will soon be enabled on the Prod landscape within the official release.

@ngrkajac
Copy link

VPC Peering should be enabled globally (GA) on Monday, December 2nd.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

6 participants