From 8fbdddbc4aaa0c1e6b4089387d61fc08dbf39bf3 Mon Sep 17 00:00:00 2001 From: Aurel Canciu Date: Sat, 12 May 2018 23:17:45 +0300 Subject: [PATCH] Update docs regarding shared NAT Instances setup --- docs/run_in_existing_vpc.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/run_in_existing_vpc.md b/docs/run_in_existing_vpc.md index 34d2fb1552..86a1ba6b9d 100644 --- a/docs/run_in_existing_vpc.md +++ b/docs/run_in_existing_vpc.md @@ -167,10 +167,12 @@ spec: ``` -### Shared NAT Gateways +### Shared NAT Egress On AWS in private [topology](topology.md), `kops` creates one NAT Gateway (NGW) per AZ. If your shared VPC is already set up with an NGW in the subnet that `kops` deploys private resources to, it is possible to specify the ID and have `kops`/`kubernetes` use it. +If you don't want to use NAT Gateways but have setup [EC2 NAT Instances](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html) in your VPC that you can share, it's possible to specify the IDs of said instances and have `kops`/`kubernetes` use them. + After creating a basic cluster spec, edit your cluster to specify NGW: `kops edit cluster ${CLUSTER_NAME}` @@ -183,6 +185,11 @@ spec: egress: nat-987654321 type: Private zone: us-east-1a + - cidr: 10.20.96.0/21 + name: us-east-1b + egress: i-987654321 + type: Private + zone: us-east-1a - cidr: 10.20.32.0/21 name: utility-us-east-1a type: Utility @@ -197,6 +204,8 @@ Please note: in their route table. Private subnets should not have public IPs, and will typically have a NAT gateway configured as their default route. * kops won't create a route-table at all if we're not creating subnets. +* In the example above the first subnet is using a shared NAT Gateway while the + second one is using a shared NAT Instance ### Proxy VPC Egress