https://pulumi.com logo
Join Slack
Powered by
is it normal when deploying an eks cluster that th...
# kubernetes
m
is it normal when deploying an eks cluster that the cluster ip is always 
10.100.0.0/16
even if the vpc is different?
h
that doesn’t sound right. maybe your cluster picked up your default vpc instead of the one you intended? can you show me how you’re creating your cluster and passing the vpc info to it? are you using pulumi/aws or pulumi/eks?
m
Hi Bryce, i am using Pulumi/eks, sure let me show you my config
Copy code
name: Micro_Services
runtime: yaml
description: A Pulumi YAML program to deploy an EKS cluster on AWS using only private subnets
config:
  desiredClusterSize:
    type: integer
    default: 3
  eksNodeInstanceType:
    type: string
    default: t3.medium
  maxClusterSize:
    type: integer
    default: 6
  minClusterSize:
    type: integer
    default: 3
  vpcId:
    type: string
  privateSubnetIds:
    type: array
outputs:
  # Output the Kubeconfig for the cluster
  kubeconfig: ${eks-cluster.kubeconfig}
resources:
  eks-cluster:
    type: eks:Cluster
    properties:
      desiredCapacity: ${desiredClusterSize}
      # Use private subnets only
      endpointPrivateAccess: true
      endpointPublicAccess: true
      instanceType: ${eksNodeInstanceType}
      maxSize: ${maxClusterSize}
      minSize: ${minClusterSize}
      nodeAssociatePublicIpAddress: false
      privateSubnetIds: ${privateSubnetIds}
      vpcId: ${vpcId}
Copy code
config:
  Micro_Services:desiredClusterSize: "3"
  Micro_Services:eksNodeInstanceType: t3.medium
  Micro_Services:maxClusterSize: "6"
  Micro_Services:minClusterSize: "3"
  Micro_Services:privateSubnetIds:
    - subnet-0030afccf2147ee3c
    - subnet-0429ed98e84b15994
  Micro_Services:vpcId: vpc-0934f132b76c3cae6
  Micro_Services:vpcNetworkCidr: 172.30.0.0/16
  aws:region: eu-west-2
  pulumi:template: kubernetes-aws-yaml
~
h
note that vpcNetworkCidr doesn’t seem to be used in your program, but i’m guessing that’s the cidr you’re expecting? if you pull up vpc-0934f132b76c3cae6 in the AWS console what CIDR does it have?
m
image.png
h
can you confirm subnet-0030afccf2147ee3c and subnet-0429ed98e84b15994 belong to vpc-0934f132b76c3cae6 and not a different vpc?
m
yes confirmed
h
actually where are you seeing the cluster’s CIDR as 10.100.0.0/16? i suspect you might be looking at the service IP block, which is used internally by the cluster.
m
aah yes its the service ip block
h
aha there ya go, nothing to worry about then!
m
when you said earlier 
note that vpcNetworkCidr doesn't seem to be used in your program, but i'm guessing that's the cidr you're expecting?
what do i need to add to fix this
h
the service CIDR needs to not overlap with your VPC’s. are you trying to expose the service externally? you’ll probably want a load balancer for that.
m
aah so that should be 10.0.0.0/16 type of thing
so then if i want to add a service to my cluster i persume it will get an ip on my vpc not the 10.x ip
h
a service is internal to your cluster, so it will get the internal 10.x ip. to expose things externally you’ll need a load balancer with an ingress or gateway. the alb-controller works well for this.
m
thanks
Open in Slack
PreviousNext
Powered by