You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to understand what an "associated network" in a private gateway means or what it allows you to do.
I assumed it would allow you to link an isolated network with a VPC, without needing to specify a vlan/vxlan, but it has checks to make sure the ip address isn't in the cidr of the associated network. Also an isolated network doesn't appear to allow adding of static routes, so is this magically automated somehow?
My end goal is I really want to segment my k8s cluster(s) into separate isolated networks or vpcs not directly inside the same vpc as my other services, but then to interconnect them with strict network ACLs. The motivation behind this is I'm not comfortable with the automated ACL rules and port forwards that k8s performs. Also, VPNs won't work as it doesn't appear that VPNs allow ACLs to be attached.
I'll likely just assign a vxlan for this purpose, but thought it might be convenient if I could get it to auto-assign one.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I'm trying to understand what an "associated network" in a private gateway means or what it allows you to do.
I assumed it would allow you to link an isolated network with a VPC, without needing to specify a vlan/vxlan, but it has checks to make sure the ip address isn't in the cidr of the associated network. Also an isolated network doesn't appear to allow adding of static routes, so is this magically automated somehow?
My end goal is I really want to segment my k8s cluster(s) into separate isolated networks or vpcs not directly inside the same vpc as my other services, but then to interconnect them with strict network ACLs. The motivation behind this is I'm not comfortable with the automated ACL rules and port forwards that k8s performs. Also, VPNs won't work as it doesn't appear that VPNs allow ACLs to be attached.
I'll likely just assign a vxlan for this purpose, but thought it might be convenient if I could get it to auto-assign one.
Beta Was this translation helpful? Give feedback.
All reactions