Skip to content

AWS VPC Endpoint Support #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 23, 2021
Merged

AWS VPC Endpoint Support #54

merged 2 commits into from
Nov 23, 2021

Conversation

@cmperro
Copy link
Contributor

@cmperro cmperro commented Sep 30, 2021

cloudera.exe changes ONLY - No impact on cloudera.cloud and cdpy

This PR will:

  • Create VPC Endpoints (and prereqs, like a Security Group) for the endpoints that CDP will use
  • Runtime level doesn't need to "know" about these endpoints - It will just use them
  • This will default to use the value of "tunnel". It can be overridden in your definition file
  • Includes setup/teardown as well as abstracting the endpoints into a defaults file

Chaffelson
Chaffelson approved these changes Oct 20, 2021
View reviewed changes
Copy link
Contributor

@Chaffelson Chaffelson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested with L1 deployment against a normal teardown and a purge teardown, all green.

Chaffelson
Chaffelson reviewed Oct 20, 2021
View reviewed changes
wmudge
wmudge requested changes Oct 29, 2021
View reviewed changes
roles/infrastructure/defaults/main.yml Outdated
infra__aws_nat_gateway_name: "{{ infra.aws.vpc.nat_gateway.name | default([infra__namespace, infra__aws_nat_gateway_suffix] | join('-')) }}"
infra__aws_nat_gateway_suffix: "{{ infra.aws.vpc.nat_gateway.suffix | default(common__ngw_suffix) }}"

infra__aws_private_endpoints: "{{ infra.aws_private_endpoints | default(common__tunnel) }}"
Copy link
Member

@wmudge wmudge Oct 29, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be added to the docs/configuration.yml file

Copy link
Contributor Author

@cmperro cmperro Nov 18, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added. Also changed param to infra.aws.vpc.private_endpoints for better nesting.

roles/infrastructure/tasks/setup_aws_network.yml Outdated
state: present
region: "{{ infra__region }}"
vpc_id: "{{ infra__aws_vpc_id }}"
tags: "{{ infra__tags | combine({ 'Name': 'vpce_sg' }, recursive=True) }}"
Copy link
Member

@wmudge wmudge Oct 29, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All SG's will have the same name? This should be linked to the NS at minimum

@cmperro
Add ability to create VPC Endpoints for services that CDP uses. Defau…
2ba39fb 
…lts to tunnel value - can be overridden.

Signed-off-by: Chris Perro <cmperro@gmail.com>
@cmperro
Updates per PR review. Update param nesting for AWS private endpoints…
7c4f94b 
…. Fix name tag for VPCE security group. Add items to config.yml

Signed-off-by: Chris Perro <cmperro@gmail.com>
@wmudge wmudge merged commit 7d149ae into cloudera-labs:devel Nov 23, 2021
@wmudge wmudge added the enhancement MINOR - New feature or enhancement in the CHANGELOG label Jul 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wmudge wmudge wmudge approved these changes

+1 more reviewer

@Chaffelson Chaffelson Chaffelson approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement MINOR - New feature or enhancement in the CHANGELOG

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cmperro @wmudge @Chaffelson