GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → poidag → vpc-peering-operator

poidag / vpc-peering-operator

Licence: MIT license
A Kubernetes Operator to manage the lifecycle of AWS VPC Peering Connections

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects
Dockerfile
14818 projects
Makefile
30231 projects

Labels

kubernetesawsec2amazoncontrollerroutingvpcoperatork8speeringvpc-peeringvirtual-private-cloud

Projects that are alternatives of or similar to vpc-peering-operator

Bank Vaults
A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.
Stars: ✭ 1,316 (+5621.74%)
Mutual labels:  amazon, operator
installtomcataws
Install tomcat 8.x in AWS (Amazon Linux AMI)
Stars: ✭ 13 (-43.48%)
Mutual labels:  ec2, amazon
aws-map
Make a network graph of an AWS region
Stars: ✭ 79 (+243.48%)
Mutual labels:  ec2, vpc
Eventrouter
A simple introspective kubernetes service that forwards events to a specified sink.
Stars: ✭ 671 (+2817.39%)
Mutual labels:  controller, operator
Aws Workflows On Github
Workflows for automation of AWS services setup from Github CI/CD
Stars: ✭ 95 (+313.04%)
Mutual labels:  ec2, amazon
Gontroller
Go library to create resilient feedback loop/control controllers.
Stars: ✭ 121 (+426.09%)
Mutual labels:  controller, operator
aws-solutions-architect-associate-certificate
Note to pass the AWS Solutions Architect Associate Exam
Stars: ✭ 58 (+152.17%)
Mutual labels:  ec2, vpc
bilrost
Kubernetes controller/operator to set up OAUTH2/OIDC security on any ingress based service
Stars: ✭ 17 (-26.09%)
Mutual labels:  controller, operator
amazon-ec2-image-builder-samples
Samples for Amazon EC2 Image Builder
Stars: ✭ 103 (+347.83%)
Mutual labels:  ec2, amazon
Aws
A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.
Stars: ✭ 493 (+2043.48%)
Mutual labels:  ec2, amazon
Kooper
Kooper is a simple Go library to create Kubernetes operators and controllers.
Stars: ✭ 388 (+1586.96%)
Mutual labels:  controller, operator
Laravel Aws Eb
Ready-to-deploy configuration to run Laravel on AWS Elastic Beanstalk.
Stars: ✭ 247 (+973.91%)
Mutual labels:  ec2, amazon
Service Level Operator
Manage application's SLI and SLO's easily with the application lifecycle inside a Kubernetes cluster
Stars: ✭ 260 (+1030.43%)
Mutual labels:  controller, operator
Nats Streaming Operator
NATS Streaming Operator
Stars: ✭ 167 (+626.09%)
Mutual labels:  controller, operator
terraform-operator
A Kubernetes CRD to handle terraform operations
Stars: ✭ 204 (+786.96%)
Mutual labels:  controller, operator
serverless-vpc-discovery
Serverless plugin for discovering VPC / Subnet / Security Group configuration by name.
Stars: ✭ 35 (+52.17%)
Mutual labels:  ec2, vpc
carvel-secretgen-controller
secretgen-controller provides CRDs to specify what secrets need to be on Kubernetes cluster (to be generated or not)
Stars: ✭ 54 (+134.78%)
Mutual labels:  controller, operator
kube-code-generator
Kubernetes code generator docker image
Stars: ✭ 60 (+160.87%)
Mutual labels:  controller, operator
Ec2instances.info
Amazon EC2 instance comparison site
Stars: ✭ 3,619 (+15634.78%)
Mutual labels:  ec2, amazon
Aws Sdk Perl
A community AWS SDK for Perl Programmers
Stars: ✭ 153 (+565.22%)
Mutual labels:  ec2, amazon
View All Similar Projects ➔

VPC Peering Operator

Build Status Go Report Card

Manage VPC Peerings in Kubernetes

The VPC Peering operator for Kubernetes provides a way to natively define a vpc peering as a Kubernetes object and handles the lifecycle around the Peering and Routing for a VPC.

The premise of this operator is to serve as a self service tool to allow users running in a multi tenant cluster to manage peerings to other AWS VPC's for consumption of their resources.

CustomResourceDefinitions

The Operator acts on the following custom resource definitions (CRDs):

  • VpcPeering, which defines a desired VPC Peering. The Operator Creates a VPC Peering request upon creation of a VpcPeering CRD. A configurable wait timeout is defined to wait for an accept from the peered account, when the peering becomes active the source VPCs route tables can then be managed automatically.
Parameter Description Default
Spec.PeerOwnerId The account ID owning the VPC to be peered to nil
Spec.PeerVpcId The VPC ID of the VPC to peer to nil
Spec.PeerCIDR The CIDR of the VPC to peer to nil
Spec.PeerRegion The region the peer vpc exists within nil
Spec.AllowDNSResolution The region the peer vpc exists within true
Spec.SourceVpcId The VPC ID the operator is running within nil
Status.PeeringId The Peering connection ID once created nil

An example is shown in example/cr.yaml

Installation

The Nodes running the Operator require an IAM Instance profile to be associated with the following policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "ec2:CreateRoute",
        "ec2:DeleteVpcPeeringConnection",
        "ec2:DeleteRoute",
        "ec2:CreateVpcPeeringConnection"
      ],
      "Resource": [
        "arn:aws:ec2:*:*:vpc-peering-connection/*",
        "arn:aws:ec2:*:*:route-table/*",
        "arn:aws:ec2:*:*:vpc/*"
      ]
    },
    {
      "Sid": "VisualEditor1",
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeVpcPeeringConnections",
        "ec2:DescribeRouteTables"
      ],
      "Resource": "*"
    }
  ]
}

Install the Operator inside a cluster by running the following command:

kubectl apply -f deploy/

Note: make sure to adapt the namespace in the ClusterRoleBinding if deploying in another namespace than the default namespace.

Create an instance of a VPC Peering CRD

Note: make sure to adapt the values of the CR defined in example/cr.yaml.

kubectl apply -f example/cr.yaml

Removal

To remove the operator, first delete any custom resources you created in each namespace (please note this will remove routes in routetables associated with the VPC and delete peering connections).

for n in $(kubectl get namespaces -o jsonpath={..metadata.name}); do
  kubectl delete --all --namespace=$n vpcpeering
done

After a couple of minutes you can go ahead and remove the operator itself.

kubectl delete -f bundle.yaml

Configuration

Configuration is built through environment variables currently defined in deploy/operator.yaml Below are the available configuration options

Environment Variable Description Default
MANAGE_ROUTES Maintain routes in VPC route tables for the peering true
OPERATOR_NAME The name of the operator vpc-peering-operator
WATCH_ALL_NAMESPACES Override the SDK and listen to events in all namespaces false
POLLER_RETRIES The amount of retries for waiting for a peering to become active 5
POLLER_WAIT_SECONDS The number of seconds to wait between retries 60
WATCH_NAMESPACE The namespace to watch for CRD events metadata.namespace
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].