From 7cbfd4fa5cf3cb631297f8a36f8d55ade248d77f Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Mon, 16 Jan 2023 17:58:21 -0300 Subject: [PATCH 01/14] Add K8S Network Section & Fix some typos --- docs/how-it-works/features/compute/k8s-eks.md | 74 ++++++++++++++++++- .../features/compute/k8s-service-mesh.md | 2 +- .../features/network/vpc-addressing.md | 18 +---- 3 files changed, 77 insertions(+), 17 deletions(-) diff --git a/docs/how-it-works/features/compute/k8s-eks.md b/docs/how-it-works/features/compute/k8s-eks.md index 328505382..0cc90870b 100644 --- a/docs/how-it-works/features/compute/k8s-eks.md +++ b/docs/how-it-works/features/compute/k8s-eks.md @@ -31,4 +31,76 @@ and [IaC Library EKS module](https://github.com/binbashar/terraform-aws-eks) We think this is a good balance between management overhead and an acceptable level of supported versions (at best effort). If your project have and older legacy version we could work along -your CloudOps team to safely migrate it to a Leverage supported EKS version. \ No newline at end of file +your CloudOps team to safely migrate it to a Leverage supported EKS version. + +# Network Layer: EKS Network Requirements + +## Considerations +!!! attention "Design considerations" + * :ledger: **AWS EKS:** Docker runs in the 172.17.0.0/16 CIDR range in Amazon EKS clusters. + We recommend that your cluster's VPC subnets do not overlap this range. Otherwise, you will + receive the following error: + ``` + Error: : error upgrading connection: error dialing backend: dial tcp 172.17.nn.nn:10250: + getsockopt: no route to host + ``` + Read more: [AWS EKS network requirements](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) + * :ledger: **Reserved IP Addresses** + The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, + and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP + addresses are reserved. For more [AWS VPC Subnets IP addressing](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#vpc-sizing-ipv4) + +--- + +## VPCs IP Addressing Plan (CIDR blocks sizing) + +``` +* Apps-DevStg + * us-east-1 + * Main 172.18.32.0/20 + * EKS-v1.17 10.0.0.0/16 => subnets /19 + * EKS DemoApps 10.1.0.0/16 => subnets /19 + * EKS 10.2.0.0/16 => subnets /19 + * us-east-2 + * Main N/A + * EKS 10.10.0.0/16 => subnets /19 +* Apps-Prd + * us-east-1 + * Main 172.18.64.0/20 + * EKS 10.20.0/16 => subnets /19 +* Network + * us-east-1 + * Main 172.20.0.0/20 + * NFW 172.20.16.0/20 +* Shared + * us-east-1 + * Main 172.18.0.0/20 +```` + +### EKS Clusters VPC CIDR Table + +* VPC CIDR: 10.0.0.0/16 (starts at /16 due to AWS VPC limits) +* Subnetting to /19 + +Which leaves us with this: +* Number of subnets: 8 +* Number of available hosts: 8190 +* Number of available IPs (AWS): 8187 + + +| Subnet address | Netmask | Range of addresses | Hosts | Assignment | +| -------------- | ------------- | --------------------------- | ----- | ---------- | +| 10.0.0.0/19 | 255.255.224.0 | 10.0.0.0 - 10.0.31.255 | 8190 | | +| 10.0.32.0/19 | 255.255.224.0 | 10.0.32.0 - 10.0.63.255 | 8190 | | +| 10.0.64.0/19 | 255.255.224.0 | 10.0.64.0 - 10.0.95.255 | 8190 | | +| 10.0.96.0/19 | 255.255.224.0 | 10.0.96.0 - 10.0.127.255 | 8190 | | +| 10.0.128.0/19 | 255.255.224.0 | 10.0.128.0 - 10.0.159.255 | 8190 | | +| 10.0.160.0/19 | 255.255.224.0 | 10.0.160.0 - 10.0.191.0/255 | 8190 | | +| 10.0.192.0/19 | 255.255.224.0 | 10.0.192.0 - 10.0.223.255 | 8190 | | +| 10.0.224.0/19 | 255.255.224.0 | 10.0.224.0 - 10.0.224.255 | 8190 | | + + +**Note:** Additional clusters can use their own available VPC space under 10.x.0.0/16. + +#### Ref 1: https://www.davidc.net/sites/default/subnets/subnets.html?network=10.0.0.0&mask=16&division=15.7231 +#### Ref 2: http://jodies.de/ipcalc?host=10.0.0.0&mask1=16&mask2=19 diff --git a/docs/how-it-works/features/compute/k8s-service-mesh.md b/docs/how-it-works/features/compute/k8s-service-mesh.md index fdf1a902e..75b5e748a 100644 --- a/docs/how-it-works/features/compute/k8s-service-mesh.md +++ b/docs/how-it-works/features/compute/k8s-service-mesh.md @@ -37,5 +37,5 @@ Linkerd Doc, accessed June 14th 2021). ## Read more !!! info "Related resources" - * :ledger: [Linkerd vs Istio benchamrks](hhttps://linkerd.io/2021/05/27/linkerd-vs-istio-benchmarks/) + * :ledger: [Linkerd vs Istio benchamrks](https://linkerd.io/2021/05/27/linkerd-vs-istio-benchmarks/) diff --git a/docs/how-it-works/features/network/vpc-addressing.md b/docs/how-it-works/features/network/vpc-addressing.md index 8caa0b045..bd754333b 100644 --- a/docs/how-it-works/features/network/vpc-addressing.md +++ b/docs/how-it-works/features/network/vpc-addressing.md @@ -31,8 +31,8 @@ ## Networking - IP Addressing !!! example "Starting CIDR Segment (AWS Org)" - * [x] AWS Org IP Addressing calculation is presented below based on segment `172.16.0.0.0/12` - * [x] We started from `172.16.0.0.0/12` and subnetted to `/20` + * [x] AWS Org IP Addressing calculation is presented below based on segment `172.16.0.0/12` + * [x] We started from `172.16.0.0/12` and subnetted to `/20` * [x] Resulting in **Total Subnets: 256** * 2 x AWS Account with Hosts/SubNet: 4094 * 1ry VPC + 2ry VPC @@ -88,16 +88,4 @@ subnets in each of these VPCs defining Private and Public subnets split among di ### Considerations -!!! attention "Design considerations" - * :ledger: **AWS EKS:** Docker runs in the 172.17.0.0/16 CIDR range in Amazon EKS clusters. - We recommend that your cluster's VPC subnets do not overlap this range. Otherwise, you will - receive the following error: - ``` - Error: : error upgrading connection: error dialing backend: dial tcp 172.17.nn.nn:10250: - getsockopt: no route to host - ``` - Read more: [AWS EKS network requirements](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) - * :ledger: **Reserved IP Addresses** - The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, - and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP - addresses are reserved. For more [AWS VPC Subnets IP addressing](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#vpc-sizing-ipv4) +- Kubernetes on EKS General Requirements for Network Layer: [**K8s EKS Networking**](./compute/k8s-eks.md) \ No newline at end of file From 05854b6bbc014917c35bc4e03ca2bd7f5ee43a10 Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Mon, 16 Jan 2023 18:00:15 -0300 Subject: [PATCH 02/14] Fix typo --- docs/how-it-works/features/compute/k8s-service-mesh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/how-it-works/features/compute/k8s-service-mesh.md b/docs/how-it-works/features/compute/k8s-service-mesh.md index 75b5e748a..853ee130a 100644 --- a/docs/how-it-works/features/compute/k8s-service-mesh.md +++ b/docs/how-it-works/features/compute/k8s-service-mesh.md @@ -37,5 +37,5 @@ Linkerd Doc, accessed June 14th 2021). ## Read more !!! info "Related resources" - * :ledger: [Linkerd vs Istio benchamrks](https://linkerd.io/2021/05/27/linkerd-vs-istio-benchmarks/) + * :ledger: [Linkerd vs Istio benchmarks](https://linkerd.io/2021/05/27/linkerd-vs-istio-benchmarks/) From 43f13dea73cbbdb91d8b102767e3fa27559f12a3 Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Mon, 16 Jan 2023 18:03:19 -0300 Subject: [PATCH 03/14] Add cross-referente into VPC Addresing to EKS Network considerations/requirements file --- docs/how-it-works/features/network/vpc-addressing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/how-it-works/features/network/vpc-addressing.md b/docs/how-it-works/features/network/vpc-addressing.md index bd754333b..ac96a654e 100644 --- a/docs/how-it-works/features/network/vpc-addressing.md +++ b/docs/how-it-works/features/network/vpc-addressing.md @@ -88,4 +88,4 @@ subnets in each of these VPCs defining Private and Public subnets split among di ### Considerations -- Kubernetes on EKS General Requirements for Network Layer: [**K8s EKS Networking**](./compute/k8s-eks.md) \ No newline at end of file +- Kubernetes on EKS General Requirements for Network Layer: [**K8s EKS Networking**](../compute/k8s-eks.md#network-layer-eks-network-requirements) \ No newline at end of file From 881b60106965a8f4fcf894c2cd03ad7ad5f92b76 Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Tue, 17 Jan 2023 22:59:00 -0300 Subject: [PATCH 04/14] Add K8S-EKS folder with overview & networking (vpc adressing) documentation (WIP) --- .../features/compute/k8s-eks/overview.md | 34 +++++++++++++++++++ .../{k8s-eks.md => k8s-eks/vpc-adressing.md} | 33 ------------------ .../features/features-overview.md | 3 +- .../features/network/vpc-addressing.md | 2 +- mkdocs.yml | 4 ++- 5 files changed, 40 insertions(+), 36 deletions(-) create mode 100644 docs/how-it-works/features/compute/k8s-eks/overview.md rename docs/how-it-works/features/compute/{k8s-eks.md => k8s-eks/vpc-adressing.md} (58%) diff --git a/docs/how-it-works/features/compute/k8s-eks/overview.md b/docs/how-it-works/features/compute/k8s-eks/overview.md new file mode 100644 index 000000000..1a631d650 --- /dev/null +++ b/docs/how-it-works/features/compute/k8s-eks/overview.md @@ -0,0 +1,34 @@ +# Kubernetes AWS EKS + +[**Amazon Elastic Kubernetes Services** (EKS)](https://aws.amazon.com/eks/) is a managed service that makes it easy for you +to run **Kubernetes** on AWS without needing to install and operate your own Kubernetes control plane or worker nodes. + +!!! check "Core Features" + - [x] Highly Secure: EKS automatically applies the latest security patches to your cluster control plane. + - [x] Multiple Availability Zones: EKS auto-detects and replaces unhealthy control plane nodes and provides on-demand, + zero downtime upgrades and patching. + - [x] Serverless Compute: EKS supports AWS Fargate to remove the need to provision and manage servers, improving + security through application isolation by design. + - [x] Built with the Community: AWS actively works with the Kubernetes community, including making contributions to the + Kubernetes code base helping you take advantage of AWS services. + +![leverage-aws-eks](../../../../assets/images/diagrams/aws-k8s-eks.png "Leverage"){: style="width:950px"} + +
+Figure: AWS K8s EKS architecture diagram (just as reference). +(Source: Jay McConnell, + +"A tale from the trenches: The CloudBees Core on AWS Quick Start", +AWS Infrastructure & Automation Blog post, accessed November 18th 2020). +
+ +## Version support convention +At Leverage we support the last 3 latest stable +[Kubernetes version](https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html) releases (at best effort) +within our +[Reference Architecture EKS layer](https://github.com/binbashar/le-tf-infra-aws/tree/master/apps-devstg/us-east-1/k8s-eks) +and [IaC Library EKS module](https://github.com/binbashar/terraform-aws-eks) + +We think this is a good balance between management overhead and an acceptable level of +supported versions (at best effort). If your project have and older legacy version we could work along +your CloudOps team to safely migrate it to a Leverage supported EKS version. diff --git a/docs/how-it-works/features/compute/k8s-eks.md b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md similarity index 58% rename from docs/how-it-works/features/compute/k8s-eks.md rename to docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md index 0cc90870b..1eedecb3c 100644 --- a/docs/how-it-works/features/compute/k8s-eks.md +++ b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md @@ -1,38 +1,5 @@ # Kubernetes AWS EKS -[**Amazon Elastic Kubernetes Services** (EKS)](https://aws.amazon.com/eks/) is a managed service that makes it easy for you -to run **Kubernetes** on AWS without needing to install and operate your own Kubernetes control plane or worker nodes. - -!!! check "Core Features" - - [x] Highly Secure: EKS automatically applies the latest security patches to your cluster control plane. - - [x] Multiple Availability Zones: EKS auto-detects and replaces unhealthy control plane nodes and provides on-demand, - zero downtime upgrades and patching. - - [x] Serverless Compute: EKS supports AWS Fargate to remove the need to provision and manage servers, improving - security through application isolation by design. - - [x] Built with the Community: AWS actively works with the Kubernetes community, including making contributions to the - Kubernetes code base helping you take advantage of AWS services. - -![leverage-aws-eks](../../../assets/images/diagrams/aws-k8s-eks.png "Leverage"){: style="width:950px"} - -
-Figure: AWS K8s EKS architecture diagram (just as reference). -(Source: Jay McConnell, - -"A tale from the trenches: The CloudBees Core on AWS Quick Start", -AWS Infrastructure & Automation Blog post, accessed November 18th 2020). -
- -## Version support convention -At Leverage we support the last 3 latest stable -[Kubernetes version](https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html) releases (at best effort) -within our -[Reference Architecture EKS layer](https://github.com/binbashar/le-tf-infra-aws/tree/master/apps-devstg/us-east-1/k8s-eks) -and [IaC Library EKS module](https://github.com/binbashar/terraform-aws-eks) - -We think this is a good balance between management overhead and an acceptable level of -supported versions (at best effort). If your project have and older legacy version we could work along -your CloudOps team to safely migrate it to a Leverage supported EKS version. - # Network Layer: EKS Network Requirements ## Considerations diff --git a/docs/how-it-works/features/features-overview.md b/docs/how-it-works/features/features-overview.md index bf7248a2c..b2584dde3 100644 --- a/docs/how-it-works/features/features-overview.md +++ b/docs/how-it-works/features/features-overview.md @@ -37,7 +37,8 @@ ??? check "Compute" - [x] [**Compute**](./compute/overview.md) - - [x] [**K8s EKS**](./compute/k8s-eks.md) + - [x] [**K8s EKS Overview**](./compute/k8s-eks/overview.md) + - [x] [**K8s EKS VPC Adressing**](./compute/k8s-eks/vpc-adressing.md) - [x] [**K8s Kops**](./compute/k8s-kops.md) - [x] [**K8s Service Mesh**](./compute/k8s-service-mesh.md) - [x] [**Serverless**](./compute/serverless.md) diff --git a/docs/how-it-works/features/network/vpc-addressing.md b/docs/how-it-works/features/network/vpc-addressing.md index ac96a654e..c2f727b3c 100644 --- a/docs/how-it-works/features/network/vpc-addressing.md +++ b/docs/how-it-works/features/network/vpc-addressing.md @@ -88,4 +88,4 @@ subnets in each of these VPCs defining Private and Public subnets split among di ### Considerations -- Kubernetes on EKS General Requirements for Network Layer: [**K8s EKS Networking**](../compute/k8s-eks.md#network-layer-eks-network-requirements) \ No newline at end of file + \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 6d5bc59b7..364d1cbd0 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -204,7 +204,9 @@ nav: - Compute: - Overview: "how-it-works/features/compute/overview.md" - K8s Kops: "how-it-works/features/compute/k8s-kops.md" - - K8s EKS: "how-it-works/features/compute/k8s-eks.md" + - K8s EKS: + - Overview: "how-it-works/features/compute/k8s-eks/overview.md" + - VPC Adressing: "how-it-works/features/compute/k8s-eks/vpc-adressing.md" - K8s Service Mesh: "how-it-works/features/compute/k8s-service-mesh.md" - Serverless: "how-it-works/features/compute/serverless.md" - Tools: "how-it-works/features/compute/tools.md" From b25a4b51cbb3e1f3ff489f3c126ba99842436740 Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Tue, 17 Jan 2023 23:30:44 -0300 Subject: [PATCH 05/14] Fix ref link --- docs/how-it-works/features/network/vpc-addressing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/how-it-works/features/network/vpc-addressing.md b/docs/how-it-works/features/network/vpc-addressing.md index c2f727b3c..543bd16be 100644 --- a/docs/how-it-works/features/network/vpc-addressing.md +++ b/docs/how-it-works/features/network/vpc-addressing.md @@ -88,4 +88,4 @@ subnets in each of these VPCs defining Private and Public subnets split among di ### Considerations - \ No newline at end of file +- Kubernetes on EKS General Requirements for Network Layer: [**K8s EKS Networking | VPC Adressing**](../compute/k8s-eks/vpc-adressing.md) \ No newline at end of file From ee6d5ffe5dc3cc744fb6cd1e075f31e606ffb602 Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Tue, 17 Jan 2023 23:31:04 -0300 Subject: [PATCH 06/14] Update CIDRs / VPC / Subnets values & prune doc --- .../features/compute/k8s-eks/vpc-adressing.md | 104 +++++++++++------- 1 file changed, 67 insertions(+), 37 deletions(-) diff --git a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md index 1eedecb3c..8c42b0b11 100644 --- a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md +++ b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md @@ -19,41 +19,72 @@ --- -## VPCs IP Addressing Plan (CIDR blocks sizing) - -``` -* Apps-DevStg - * us-east-1 - * Main 172.18.32.0/20 - * EKS-v1.17 10.0.0.0/16 => subnets /19 - * EKS DemoApps 10.1.0.0/16 => subnets /19 - * EKS 10.2.0.0/16 => subnets /19 - * us-east-2 - * Main N/A - * EKS 10.10.0.0/16 => subnets /19 -* Apps-Prd - * us-east-1 - * Main 172.18.64.0/20 - * EKS 10.20.0/16 => subnets /19 -* Network - * us-east-1 - * Main 172.20.0.0/20 - * NFW 172.20.16.0/20 -* Shared - * us-east-1 - * Main 172.18.0.0/20 -```` - -### EKS Clusters VPC CIDR Table - -* VPC CIDR: 10.0.0.0/16 (starts at /16 due to AWS VPC limits) -* Subnetting to /19 - -Which leaves us with this: -* Number of subnets: 8 -* Number of available hosts: 8190 -* Number of available IPs (AWS): 8187 +# Network Layer +!!! info "In this section we detail all the network design related specifications" + * [x] VPCs CIDR blocks + * [x] VPC Gateways: Internet, NAT, VPN. + * [x] VPC Peerings + * [x] VPC DNS Private Hosted Zones Associations. + * [x] Network ACLS (NACLs) + +### VPCs IP Addressing Plan (CIDR blocks sizing) + +!!! summary "Introduction" + VPCs can vary in size from 16 addresses (/28 netmask) to 65,536 addresses (/16 netmask). + In order to size a VPC correctly, it is important to understand the number, types, and sizes of workloads + expected to run in it, as well as workload elasticity and load balancing requirements. + + Keep in mind that there is no charge for using Amazon VPC (aside from EC2 charges), therefore cost + should not be a factor when determining the appropriate size for your VPC, so make sure you size your + VPC for growth. + + Moving workloads or AWS resources between networks is not a trivial task, so be generous in your + IP address estimates to give yourself plenty of room to grow, deploy new workloads, or change your + VPC design configuration from one to another. The majority of AWS customers use VPCs with a /16 + netmask and subnets with /24 netmasks. The primary reason AWS customers select smaller VPC and + subnet sizes is to avoid overlapping network addresses with existing networks. + + So having [AWS single VPC Design](https://aws.amazon.com/answers/networking/aws-single-vpc-design/) we've chosen + a Medium/Small VPC/Subnet addressing plan which would probably fit a broad range variety of + use cases + +## Networking - IP Addressing + +!!! example "Starting CIDR Segment (AWS Org)" + * [x] AWS Org IP Addressing calculation is presented below based on segment `10.0.0.0/16` (starts at /16 due to AWS VPC limits) + * [x] We started from `10.0.0.0/16` and subnetted to `/19` + * [x] Resulting in **Total Subnets: 8** + * Number of available hosts for each subnet: 8190 + * Number of available IPs (AWS) for each subnet: 8187 + + + +!!! example "Individual CIDR Segments (VPCs)" + :fast_forward: Then each of these are /16 to /19 + + * [x] Considering the whole Starting CIDR Segment (AWS Org) before declared, we'll start at `10.0.0.0/16` + * **apps-devstg** + * 1ry VPC CIDR: `10.0.0.0/16` + * 1ry VPC DR CIDR: `10.20.0.0/16` + * **apps-prd** + * 1ry VPC CIDR: `10.10.0.0/16` + * 1ry VPC DR CIDR: `10.30.0.0/16` + + * [x] Resulting in **Subnets: 4 x VPC** + * VPC Subnets with Hosts/Net: 16. + * Eg: apps-devstg account → us-east-1 w/ 3 AZs → 3 x Private Subnets /az + 3 x Public Subnets /az + * 1ry VPC CIDR: `10.0.0.0/16 `Subnets: + * Private `10.0.0.0/19, 10.0.32.0/19 and 10.0.64.0/19` + * Public `10.0.96.0/19, 10.0.128.0/19 and 10.0.160.0/19` + +## Planned VPCs + +Having defined the initial VPC that will be created in the different accounts that were defined, we are going to create +subnets in each of these VPCs defining Private and Public subnets split among different availability zones: + | Subnet address | Netmask | Range of addresses | Hosts | Assignment | | -------------- | ------------- | --------------------------- | ----- | ---------- | @@ -66,8 +97,7 @@ Which leaves us with this: | 10.0.192.0/19 | 255.255.224.0 | 10.0.192.0 - 10.0.223.255 | 8190 | | | 10.0.224.0/19 | 255.255.224.0 | 10.0.224.0 - 10.0.224.255 | 8190 | | - **Note:** Additional clusters can use their own available VPC space under 10.x.0.0/16. -#### Ref 1: https://www.davidc.net/sites/default/subnets/subnets.html?network=10.0.0.0&mask=16&division=15.7231 -#### Ref 2: http://jodies.de/ipcalc?host=10.0.0.0&mask1=16&mask2=19 +- Ref 1: https://www.davidc.net/sites/default/subnets/subnets.html?network=10.0.0.0&mask=16&division=15.7231 +- Ref 2: http://jodies.de/ipcalc?host=10.0.0.0&mask1=16&mask2=19 From 866058fc10d4583e9ebaf4246cff1f953c55880e Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Thu, 19 Jan 2023 16:16:01 -0300 Subject: [PATCH 07/14] Remove reference links --- docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md index 8c42b0b11..79ed7d06a 100644 --- a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md +++ b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md @@ -98,6 +98,3 @@ subnets in each of these VPCs defining Private and Public subnets split among di | 10.0.224.0/19 | 255.255.224.0 | 10.0.224.0 - 10.0.224.255 | 8190 | | **Note:** Additional clusters can use their own available VPC space under 10.x.0.0/16. - -- Ref 1: https://www.davidc.net/sites/default/subnets/subnets.html?network=10.0.0.0&mask=16&division=15.7231 -- Ref 2: http://jodies.de/ipcalc?host=10.0.0.0&mask1=16&mask2=19 From da736d70636685f98cf9decbad9911f2291720ed Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Thu, 19 Jan 2023 16:23:49 -0300 Subject: [PATCH 08/14] Prune/clean tabs fmt --- .../features/compute/k8s-eks/vpc-adressing.md | 17 +++++++---------- .../features/network/vpc-addressing.md | 2 +- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md index 79ed7d06a..bc0a03c5c 100644 --- a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md +++ b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md @@ -4,17 +4,17 @@ ## Considerations !!! attention "Design considerations" - * :ledger: **AWS EKS:** Docker runs in the 172.17.0.0/16 CIDR range in Amazon EKS clusters. - We recommend that your cluster's VPC subnets do not overlap this range. Otherwise, you will + * :ledger: **AWS EKS:** Docker runs in the 172.17.0.0/16 CIDR range in Amazon EKS clusters. + We recommend that your cluster's VPC subnets do not overlap this range. Otherwise, you will receive the following error: ``` - Error: : error upgrading connection: error dialing backend: dial tcp 172.17.nn.nn:10250: + Error: : error upgrading connection: error dialing backend: dial tcp 172.17.nn.nn:10250: getsockopt: no route to host ``` - Read more: [AWS EKS network requirements](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) + Read more: [AWS EKS network requirements](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) * :ledger: **Reserved IP Addresses** - The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, - and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP + The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, + and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved. For more [AWS VPC Subnets IP addressing](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#vpc-sizing-ipv4) --- @@ -23,10 +23,7 @@ !!! info "In this section we detail all the network design related specifications" * [x] VPCs CIDR blocks - * [x] VPC Gateways: Internet, NAT, VPN. - * [x] VPC Peerings - * [x] VPC DNS Private Hosted Zones Associations. - * [x] Network ACLS (NACLs) + * [x] Private & Public Subnets IP Ranges ### VPCs IP Addressing Plan (CIDR blocks sizing) diff --git a/docs/how-it-works/features/network/vpc-addressing.md b/docs/how-it-works/features/network/vpc-addressing.md index 543bd16be..384186397 100644 --- a/docs/how-it-works/features/network/vpc-addressing.md +++ b/docs/how-it-works/features/network/vpc-addressing.md @@ -88,4 +88,4 @@ subnets in each of these VPCs defining Private and Public subnets split among di ### Considerations -- Kubernetes on EKS General Requirements for Network Layer: [**K8s EKS Networking | VPC Adressing**](../compute/k8s-eks/vpc-adressing.md) \ No newline at end of file +- Kubernetes on EKS General Requirements for Network Layer: [**K8s EKS Networking | VPC Adressing**](../compute/k8s-eks/vpc-adressing.md) From a77f2ec5cb6173af7d1d571be3868b416e28d964 Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Thu, 19 Jan 2023 16:29:57 -0300 Subject: [PATCH 09/14] Update Planned VPCs info --- .../features/compute/k8s-eks/vpc-adressing.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md index bc0a03c5c..fa40e86d9 100644 --- a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md +++ b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md @@ -83,15 +83,15 @@ Having defined the initial VPC that will be created in the different accounts th subnets in each of these VPCs defining Private and Public subnets split among different availability zones: -| Subnet address | Netmask | Range of addresses | Hosts | Assignment | -| -------------- | ------------- | --------------------------- | ----- | ---------- | -| 10.0.0.0/19 | 255.255.224.0 | 10.0.0.0 - 10.0.31.255 | 8190 | | -| 10.0.32.0/19 | 255.255.224.0 | 10.0.32.0 - 10.0.63.255 | 8190 | | -| 10.0.64.0/19 | 255.255.224.0 | 10.0.64.0 - 10.0.95.255 | 8190 | | -| 10.0.96.0/19 | 255.255.224.0 | 10.0.96.0 - 10.0.127.255 | 8190 | | -| 10.0.128.0/19 | 255.255.224.0 | 10.0.128.0 - 10.0.159.255 | 8190 | | -| 10.0.160.0/19 | 255.255.224.0 | 10.0.160.0 - 10.0.191.0/255 | 8190 | | -| 10.0.192.0/19 | 255.255.224.0 | 10.0.192.0 - 10.0.223.255 | 8190 | | -| 10.0.224.0/19 | 255.255.224.0 | 10.0.224.0 - 10.0.224.255 | 8190 | | +| Subnet address | Netmask | Range of addresses | Hosts | Assignment | +| -------------- | ------------- | --------------------------- | ----- | ---------------------------------- | +| 10.0.0.0/19 | 255.255.224.0 | 10.0.0.0 - 10.0.31.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1a | +| 10.0.32.0/19 | 255.255.224.0 | 10.0.32.0 - 10.0.63.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1b | +| 10.0.64.0/19 | 255.255.224.0 | 10.0.64.0 - 10.0.95.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1c | +| 10.0.96.0/19 | 255.255.224.0 | 10.0.96.0 - 10.0.127.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1a | +| 10.0.128.0/19 | 255.255.224.0 | 10.0.128.0 - 10.0.159.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1b | +| 10.0.160.0/19 | 255.255.224.0 | 10.0.160.0 - 10.0.191.0/255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1c | +| 10.0.192.0/19 | 255.255.224.0 | 10.0.192.0 - 10.0.223.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1 | +| 10.0.224.0/19 | 255.255.224.0 | 10.0.224.0 - 10.0.224.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1 | **Note:** Additional clusters can use their own available VPC space under 10.x.0.0/16. From 91ad8d257cceb705b3dff2ae4a9e059ba44603cc Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Thu, 19 Jan 2023 16:56:45 -0300 Subject: [PATCH 10/14] Fmt table & center content --- .../features/compute/k8s-eks/vpc-adressing.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md index fa40e86d9..1729c359b 100644 --- a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md +++ b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md @@ -83,15 +83,15 @@ Having defined the initial VPC that will be created in the different accounts th subnets in each of these VPCs defining Private and Public subnets split among different availability zones: -| Subnet address | Netmask | Range of addresses | Hosts | Assignment | -| -------------- | ------------- | --------------------------- | ----- | ---------------------------------- | -| 10.0.0.0/19 | 255.255.224.0 | 10.0.0.0 - 10.0.31.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1a | -| 10.0.32.0/19 | 255.255.224.0 | 10.0.32.0 - 10.0.63.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1b | -| 10.0.64.0/19 | 255.255.224.0 | 10.0.64.0 - 10.0.95.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1c | -| 10.0.96.0/19 | 255.255.224.0 | 10.0.96.0 - 10.0.127.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1a | -| 10.0.128.0/19 | 255.255.224.0 | 10.0.128.0 - 10.0.159.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1b | -| 10.0.160.0/19 | 255.255.224.0 | 10.0.160.0 - 10.0.191.0/255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1c | -| 10.0.192.0/19 | 255.255.224.0 | 10.0.192.0 - 10.0.223.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1 | -| 10.0.224.0/19 | 255.255.224.0 | 10.0.224.0 - 10.0.224.255 | 8190 | 1ry VPC: apps-devstg: us-east-1-1 | +| Subnet address | Netmask | Range of addresses | Hosts | Assignment | +| -------------- | ------------- | :-------------------------: | :---: | :--------------------------------------: | +| 10.0.0.0/19 | 255.255.224.0 | 10.0.0.0 - 10.0.31.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1a | +| 10.0.32.0/19 | 255.255.224.0 | 10.0.32.0 - 10.0.63.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1b | +| 10.0.64.0/19 | 255.255.224.0 | 10.0.64.0 - 10.0.95.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1c | +| 10.0.96.0/19 | 255.255.224.0 | 10.0.96.0 - 10.0.127.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1a | +| 10.0.128.0/19 | 255.255.224.0 | 10.0.128.0 - 10.0.159.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1b | +| 10.0.160.0/19 | 255.255.224.0 | 10.0.160.0 - 10.0.191.0/255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1c | +| 10.0.192.0/19 | 255.255.224.0 | 10.0.192.0 - 10.0.223.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1 | +| 10.0.224.0/19 | 255.255.224.0 | 10.0.224.0 - 10.0.224.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1 | **Note:** Additional clusters can use their own available VPC space under 10.x.0.0/16. From e2bd6dc8b794e17bf35824fe614c01df0cfe4b62 Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Thu, 19 Jan 2023 16:56:55 -0300 Subject: [PATCH 11/14] Fmt table & center content (Network) --- .../features/network/vpc-addressing.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/how-it-works/features/network/vpc-addressing.md b/docs/how-it-works/features/network/vpc-addressing.md index 384186397..ff722ae8a 100644 --- a/docs/how-it-works/features/network/vpc-addressing.md +++ b/docs/how-it-works/features/network/vpc-addressing.md @@ -71,20 +71,20 @@ Having defined the initial VPC that will be created in the different accounts that were defined, we are going to create subnets in each of these VPCs defining Private and Public subnets split among different availability zones: -| Subnet address | Netmask | Range of addresses | Hosts | Assignment | -|------------------|---------------|--------------------------------|-------|------------------------| -| 172.18.0.0/20 | 255.255.240.0 | 172.18.0.0 - 172.18.15.255 | 4094 | 1ry VPC: shared | -| 172.18.16.0/20 | 255.255.240.0 | 172.18.16.0 - 172.18.31.255 | 4094 | 2ry VPC: shared | -| 172.18.32.0/20 | 255.255.240.0 | 172.18.32.0 - 172.18.47.255 | 4094 | 1ry VPC DR: shared | -| 172.18.48.0/20 | 255.255.240.0 | 172.18.48.0 - 172.18.63.255 | 4094 | 2ry VPC DR: shared | -| 172.18.64.0/20 | 255.255.240.0 | 172.18.64.0 - 172.18.79.255 | 4094 | 1ry VPC: apps-devstg | -| 172.18.80.0/20 | 255.255.240.0 | 172.18.80.0 - 172.18.95.255 | 4094 | 2ry VPC: apps-devstg | -| 172.18.96.0/20 | 255.255.240.0 | 172.18.96.0 - 172.18.111.255 | 4094 | 1ry VPC DR: apps-devstg| -| 172.18.112.0/20 | 255.255.240.0 | 172.18.112.0 - 172.18.127.255 | 4094 | 2ry VPC DR: apps-devstg| -| 172.18.128.0/20 | 255.255.240.0 | 172.18.128.0 - 172.18.143.255 | 4094 | 1ry VPC: apps-prd | -| 172.18.144.0/20 | 255.255.240.0 | 172.18.144.0 - 172.18.159.255 | 4094 | 2ry VPC: apps-prd | -| 172.18.160.0/20 | 255.255.240.0 | 172.18.160.0 - 172.18.175.255 | 4094 | 1ry VPC DR: apps-prd | -| 172.18.176.0/20 | 255.255.240.0 | 172.18.176.0 - 172.18.191.255 | 4094 | 2ry VPC DR: apps-prd | +| Subnet address | Netmask | Range of addresses | Hosts | Assignment | +| --------------- | ------------- | :---------------------------: | :---: | :---------------------: | +| 172.18.0.0/20 | 255.255.240.0 | 172.18.0.0 - 172.18.15.255 | 4094 | 1ry VPC: shared | +| 172.18.16.0/20 | 255.255.240.0 | 172.18.16.0 - 172.18.31.255 | 4094 | 2ry VPC: shared | +| 172.18.32.0/20 | 255.255.240.0 | 172.18.32.0 - 172.18.47.255 | 4094 | 1ry VPC DR: shared | +| 172.18.48.0/20 | 255.255.240.0 | 172.18.48.0 - 172.18.63.255 | 4094 | 2ry VPC DR: shared | +| 172.18.64.0/20 | 255.255.240.0 | 172.18.64.0 - 172.18.79.255 | 4094 | 1ry VPC: apps-devstg | +| 172.18.80.0/20 | 255.255.240.0 | 172.18.80.0 - 172.18.95.255 | 4094 | 2ry VPC: apps-devstg | +| 172.18.96.0/20 | 255.255.240.0 | 172.18.96.0 - 172.18.111.255 | 4094 | 1ry VPC DR: apps-devstg | +| 172.18.112.0/20 | 255.255.240.0 | 172.18.112.0 - 172.18.127.255 | 4094 | 2ry VPC DR: apps-devstg | +| 172.18.128.0/20 | 255.255.240.0 | 172.18.128.0 - 172.18.143.255 | 4094 | 1ry VPC: apps-prd | +| 172.18.144.0/20 | 255.255.240.0 | 172.18.144.0 - 172.18.159.255 | 4094 | 2ry VPC: apps-prd | +| 172.18.160.0/20 | 255.255.240.0 | 172.18.160.0 - 172.18.175.255 | 4094 | 1ry VPC DR: apps-prd | +| 172.18.176.0/20 | 255.255.240.0 | 172.18.176.0 - 172.18.191.255 | 4094 | 2ry VPC DR: apps-prd | ### Considerations From c93da4fb3403d652d1f337b69b02241e0e53e196 Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Tue, 24 Jan 2023 20:29:12 -0300 Subject: [PATCH 12/14] Delete mask columnd & update eks networking page content --- .../features/compute/k8s-eks/vpc-adressing.md | 47 +++++++++---------- .../features/network/vpc-addressing.md | 30 ++++++------ 2 files changed, 37 insertions(+), 40 deletions(-) diff --git a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md index 1729c359b..4a1475442 100644 --- a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md +++ b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md @@ -2,6 +2,10 @@ # Network Layer: EKS Network Requirements +!!! info "In this section we detail all the network design related specifications" + * [x] VPCs CIDR blocks + * [x] Private & Public Subnets IP Ranges + ## Considerations !!! attention "Design considerations" * :ledger: **AWS EKS:** Docker runs in the 172.17.0.0/16 CIDR range in Amazon EKS clusters. @@ -16,15 +20,8 @@ The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved. For more [AWS VPC Subnets IP addressing](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#vpc-sizing-ipv4) - --- -# Network Layer - -!!! info "In this section we detail all the network design related specifications" - * [x] VPCs CIDR blocks - * [x] Private & Public Subnets IP Ranges - ### VPCs IP Addressing Plan (CIDR blocks sizing) !!! summary "Introduction" @@ -52,13 +49,9 @@ * [x] AWS Org IP Addressing calculation is presented below based on segment `10.0.0.0/16` (starts at /16 due to AWS VPC limits) * [x] We started from `10.0.0.0/16` and subnetted to `/19` * [x] Resulting in **Total Subnets: 8** - * Number of available hosts for each subnet: 8190 - * Number of available IPs (AWS) for each subnet: 8187 - - - + * Number of available hosts for each subnet: 8190 + * Number of available IPs (AWS) for each subnet: 8187 + !!! example "Individual CIDR Segments (VPCs)" :fast_forward: Then each of these are /16 to /19 @@ -77,21 +70,25 @@ * Private `10.0.0.0/19, 10.0.32.0/19 and 10.0.64.0/19` * Public `10.0.96.0/19, 10.0.128.0/19 and 10.0.160.0/19` -## Planned VPCs +## Planned Subnets per VPC Having defined the initial VPC that will be created in the different accounts that were defined, we are going to create subnets in each of these VPCs defining Private and Public subnets split among different availability zones: -| Subnet address | Netmask | Range of addresses | Hosts | Assignment | -| -------------- | ------------- | :-------------------------: | :---: | :--------------------------------------: | -| 10.0.0.0/19 | 255.255.224.0 | 10.0.0.0 - 10.0.31.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1a | -| 10.0.32.0/19 | 255.255.224.0 | 10.0.32.0 - 10.0.63.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1b | -| 10.0.64.0/19 | 255.255.224.0 | 10.0.64.0 - 10.0.95.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1c | -| 10.0.96.0/19 | 255.255.224.0 | 10.0.96.0 - 10.0.127.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1a | -| 10.0.128.0/19 | 255.255.224.0 | 10.0.128.0 - 10.0.159.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1b | -| 10.0.160.0/19 | 255.255.224.0 | 10.0.160.0 - 10.0.191.0/255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1c | -| 10.0.192.0/19 | 255.255.224.0 | 10.0.192.0 - 10.0.223.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1 | -| 10.0.224.0/19 | 255.255.224.0 | 10.0.224.0 - 10.0.224.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1 | +| Subnet address | Range of addresses | Hosts | Assignment | +| :------------: | :-------------------------: | :---: | :--------------------------------------: | +| 10.0.0.0/19 | 10.0.0.0 - 10.0.31.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1a | +| 10.0.32.0/19 | 10.0.32.0 - 10.0.63.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1b | +| 10.0.64.0/19 | 10.0.64.0 - 10.0.95.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1c | +| 10.0.96.0/19 | 10.0.96.0 - 10.0.127.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1a | +| 10.0.128.0/19 | 10.0.128.0 - 10.0.159.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1b | +| 10.0.160.0/19 | 10.0.160.0 - 10.0.191.0/255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1c | +| 10.0.192.0/19 | 10.0.192.0 - 10.0.223.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1 | +| 10.0.224.0/19 | 10.0.224.0 - 10.0.224.255 | 8190 | 1ry VPC: apps-devstg
AZ: us-east-1 | **Note:** Additional clusters can use their own available VPC space under 10.x.0.0/16. + +- [Subnetting reference #1 | Visual Subnet Calculator (https://www.davidc.net/)](https://www.davidc.net/sites/default/subnets/subnets.html?network=10.0.0.0&mask=16&division=15.7231) + +- [Subnetting reference #2 | IP Calculator / IP Subnetting (https://jodies.de/)](http://jodies.de/ipcalc?host=10.0.0.0&mask1=16&mask2=19) \ No newline at end of file diff --git a/docs/how-it-works/features/network/vpc-addressing.md b/docs/how-it-works/features/network/vpc-addressing.md index ff722ae8a..b8b85a2a2 100644 --- a/docs/how-it-works/features/network/vpc-addressing.md +++ b/docs/how-it-works/features/network/vpc-addressing.md @@ -66,25 +66,25 @@ * Private `172.18.64.0/24, 172.18.66.0/24 and 172.18.68.0/24` * Public `172.18.65.0/24, 172.18.67.0/24 and 172.18.69.0/24` -## Planned VPCs +## Planned Subnets per VPC Having defined the initial VPC that will be created in the different accounts that were defined, we are going to create subnets in each of these VPCs defining Private and Public subnets split among different availability zones: -| Subnet address | Netmask | Range of addresses | Hosts | Assignment | -| --------------- | ------------- | :---------------------------: | :---: | :---------------------: | -| 172.18.0.0/20 | 255.255.240.0 | 172.18.0.0 - 172.18.15.255 | 4094 | 1ry VPC: shared | -| 172.18.16.0/20 | 255.255.240.0 | 172.18.16.0 - 172.18.31.255 | 4094 | 2ry VPC: shared | -| 172.18.32.0/20 | 255.255.240.0 | 172.18.32.0 - 172.18.47.255 | 4094 | 1ry VPC DR: shared | -| 172.18.48.0/20 | 255.255.240.0 | 172.18.48.0 - 172.18.63.255 | 4094 | 2ry VPC DR: shared | -| 172.18.64.0/20 | 255.255.240.0 | 172.18.64.0 - 172.18.79.255 | 4094 | 1ry VPC: apps-devstg | -| 172.18.80.0/20 | 255.255.240.0 | 172.18.80.0 - 172.18.95.255 | 4094 | 2ry VPC: apps-devstg | -| 172.18.96.0/20 | 255.255.240.0 | 172.18.96.0 - 172.18.111.255 | 4094 | 1ry VPC DR: apps-devstg | -| 172.18.112.0/20 | 255.255.240.0 | 172.18.112.0 - 172.18.127.255 | 4094 | 2ry VPC DR: apps-devstg | -| 172.18.128.0/20 | 255.255.240.0 | 172.18.128.0 - 172.18.143.255 | 4094 | 1ry VPC: apps-prd | -| 172.18.144.0/20 | 255.255.240.0 | 172.18.144.0 - 172.18.159.255 | 4094 | 2ry VPC: apps-prd | -| 172.18.160.0/20 | 255.255.240.0 | 172.18.160.0 - 172.18.175.255 | 4094 | 1ry VPC DR: apps-prd | -| 172.18.176.0/20 | 255.255.240.0 | 172.18.176.0 - 172.18.191.255 | 4094 | 2ry VPC DR: apps-prd | +| Subnet address | Range of addresses | Hosts | Assignment | +| :-------------: | :---------------------------: | :---: | :---------------------: | +| 172.18.0.0/20 | 172.18.0.0 - 172.18.15.255 | 4094 | 1ry VPC: shared | +| 172.18.16.0/20 | 172.18.16.0 - 172.18.31.255 | 4094 | 2ry VPC: shared | +| 172.18.32.0/20 | 172.18.32.0 - 172.18.47.255 | 4094 | 1ry VPC DR: shared | +| 172.18.48.0/20 | 172.18.48.0 - 172.18.63.255 | 4094 | 2ry VPC DR: shared | +| 172.18.64.0/20 | 172.18.64.0 - 172.18.79.255 | 4094 | 1ry VPC: apps-devstg | +| 172.18.80.0/20 | 172.18.80.0 - 172.18.95.255 | 4094 | 2ry VPC: apps-devstg | +| 172.18.96.0/20 | 172.18.96.0 - 172.18.111.255 | 4094 | 1ry VPC DR: apps-devstg | +| 172.18.112.0/20 | 172.18.112.0 - 172.18.127.255 | 4094 | 2ry VPC DR: apps-devstg | +| 172.18.128.0/20 | 172.18.128.0 - 172.18.143.255 | 4094 | 1ry VPC: apps-prd | +| 172.18.144.0/20 | 172.18.144.0 - 172.18.159.255 | 4094 | 2ry VPC: apps-prd | +| 172.18.160.0/20 | 172.18.160.0 - 172.18.175.255 | 4094 | 1ry VPC DR: apps-prd | +| 172.18.176.0/20 | 172.18.176.0 - 172.18.191.255 | 4094 | 2ry VPC DR: apps-prd | ### Considerations From e48e7c4acb20dd88c8337188103d22e9ca1ab155 Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Tue, 7 Feb 2023 23:47:18 -0300 Subject: [PATCH 13/14] Change AWS Org to EKS reference --- docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md index 4a1475442..074cffd34 100644 --- a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md +++ b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md @@ -45,8 +45,8 @@ ## Networking - IP Addressing -!!! example "Starting CIDR Segment (AWS Org)" - * [x] AWS Org IP Addressing calculation is presented below based on segment `10.0.0.0/16` (starts at /16 due to AWS VPC limits) +!!! example "Starting CIDR Segment (AWS EKS clusters)" + * [x] AWS EKS clusters IP Addressing calculation is presented below based on segment `10.0.0.0/16` (starts at /16 due to AWS VPC limits) * [x] We started from `10.0.0.0/16` and subnetted to `/19` * [x] Resulting in **Total Subnets: 8** * Number of available hosts for each subnet: 8190 @@ -55,7 +55,7 @@ !!! example "Individual CIDR Segments (VPCs)" :fast_forward: Then each of these are /16 to /19 - * [x] Considering the whole Starting CIDR Segment (AWS Org) before declared, we'll start at `10.0.0.0/16` + * [x] Considering the whole Starting CIDR Segment (AWS EKS clusters) before declared, we'll start at `10.0.0.0/16` * **apps-devstg** * 1ry VPC CIDR: `10.0.0.0/16` * 1ry VPC DR CIDR: `10.20.0.0/16` From 6884a37452b52de9cd92f8757b8da152093a79aa Mon Sep 17 00:00:00 2001 From: Mariano Di Modugno Date: Wed, 8 Feb 2023 00:07:00 -0300 Subject: [PATCH 14/14] Add Read More EKS Ref --- docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md index 074cffd34..b4d1c3b65 100644 --- a/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md +++ b/docs/how-it-works/features/compute/k8s-eks/vpc-adressing.md @@ -91,4 +91,8 @@ subnets in each of these VPCs defining Private and Public subnets split among di - [Subnetting reference #1 | Visual Subnet Calculator (https://www.davidc.net/)](https://www.davidc.net/sites/default/subnets/subnets.html?network=10.0.0.0&mask=16&division=15.7231) -- [Subnetting reference #2 | IP Calculator / IP Subnetting (https://jodies.de/)](http://jodies.de/ipcalc?host=10.0.0.0&mask1=16&mask2=19) \ No newline at end of file +- [Subnetting reference #2 | IP Calculator / IP Subnetting (https://jodies.de/)](http://jodies.de/ipcalc?host=10.0.0.0&mask1=16&mask2=19) + +## Read More +!!! info "EKS Reference Architecture Specs" + In case you would like to further understand the different tech specs and configs for this Ref Arch you could find some details like at the [Features/Compute/K8s EKS](./overview.md) \ No newline at end of file