Skip to content

Private Networking Only #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cdenneen opened this issue Mar 9, 2022 · 5 comments
Open

Private Networking Only #17

cdenneen opened this issue Mar 9, 2022 · 5 comments
Labels
enhancement New feature or request jira

Comments

@cdenneen
Copy link

cdenneen commented Mar 9, 2022

Use Case

I do not see the reason why infrastructure stood up requires public_dns.

Describe the Solution You Would Like

Would like the ability for load balancers and instances to not require public dns.
@cdenneen cdenneen added the enhancement New feature or request label Mar 9, 2022
@timidri
Copy link
Contributor

timidri commented Mar 16, 2022

Hi @cdenneen - do you mean just not requiring public DNS or also not requiring public IPs? What is the reason you would like the infrastructure not require public DNS?

@cdenneen
Copy link
Author

@timidri our infra is 100% private. It sits on private subnets and we use Direct Connect to connect to the VPC's. So we do not need any public IPs to be associated with any of our instances. Only time we ever use public IPs is when we need to add one to an "externally" facing load balancer but for the purposes of puppet agents would never be connecting publically to the server, they would be using a private IP (dns) to connect to master.

@timidri
Copy link
Contributor

timidri commented Mar 16, 2022
edited
Loading

@cdenneen Ah I see, this makes total sense.

At the moment, public IPs are mapped automatically because the created subnet is configured to do so.
Would it be a valid assumption that:

  • if we provision a VPC + subnets, it's fine to have public IPs / DNS by default
  • if we use existing VPCs and subnets (support for this configuration doesn't exist yet), instances will receive public IPs only if the subnets are configured to do so, and public DNS will not be managed at all

Or am I oversimplifying things?

@cdenneen
Copy link
Author

@timidri That does seem logical. Also is it true that LB is only used if compile masters are used? (not sure if that logic was in this template or the azure one) curious if LB will be used if replica is enabled for easy failover. (check your slack, didn't want to bombard this issue)

@ody
Copy link
Member

ody commented Apr 26, 2022

This was partially completed with the merging of pull request #19. It is now possible is choose between an internal or external NLB by setting the lb_ip_mode parameter to either private or public. Right now though, if the the VPC/subnet you deploy to provisions public IPs by default than instances will still get them. If the VPC/subnet doesn't allow public IPs, everything still functions properly with instances lacking public IPs.

The last item which is missing is the ability to disable public IP assignment when instances are deployed to VPC/subnets which allow them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request jira
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ody @cdenneen @timidri @davidsandilands