vpc

Cannot connect to Mongo Atlas using VPC peering from GCP cluster

天大地大妈咪最大 提交于 2021-02-15 05:32:11
问题 I am trying to connect a Java app running on a GCP Kubernetes engine cluster, with a Mongo Atlas cluster (M20). Before, it worked fine, when I didn't have VPC Peering turned on and I was using the regular connection string. But I am trying to use VPC Peering now, with the default VPC network in my GCP project. I followed the steps in https://docs.atlas.mongodb.com/security-vpc-peering/. I chose Atlas CIDR of 192.168.0.0/18 (b/c "The Atlas CIDR block must be at least a /18"), and after linking

How to properly configure VPC firewall for App Engine instances?

我们两清 提交于 2021-02-08 05:01:41
问题 We are trying to deploy a micro-service based application using google app engine (mainly flexible instances), having a gateway on the default service and a few Microservices providing the business logic. You might think of it as : foo.appspot.com service1.foo.appspot.com service2.foo.appspot.com as it is done here I would like the services to be accessible only from the gateway (and maybe few other machines), and not from the outside, but I couldn't get it to work. I've been able to set all

AWS security group that allows instances within VPC to connect doesn't work over public IP

﹥>﹥吖頭↗ 提交于 2021-01-29 07:43:50
问题 I have a VPC set up in AWS and have a security group that allows inbound connections from the VPC's CIDR block and have assigned it to my instances. SSH and TCP work fine while using the private IP addresses. However when using public ip addresses on an instance, connection fails. Why is that so? Why doesn't the security group know the connection is coming from within VPC even if it's addressed to the public IP? 回答1: When you use the public IP the traffic exits the VPC and enters back into

AWS Lambda Function with VPC only works when in Private Subnet

久未见 提交于 2020-12-15 06:02:31
问题 I have been working on integrating an Amazon Lambda function with connection to a RDS for the mySQL DB and an external API. To access the API, there needed to be an internet gateway and then security groups that allowed connection from 0.0.0.0/0 . I have a a public subnet and private subnet. The public subnet routes to the internet gateway but the private subnet routes to a NAT. This lead me to think that if I ran the Lambda function with the Public subnet, it would connect to the internet.

How to connect multiple cloud with overlapping VPC?

强颜欢笑 提交于 2020-12-08 06:25:09
问题 We are creating a Console to administer, view logs and metrics, create resources on Kubernetes in a multicloud environment. The Console ( a web app ) is deployed on GKE in GCP, but we can't figure out how we can connect and reach K8S Api-Servers in multiple VPC with overlapping IPs, without exposing them on public IP. I draw a little diagram to expose the problem. Are there some products or best practice to perform this securely? Product vendors for example Mongo Atlas or Confluent Cloud

Is there a way to assign a Static IP to a AWS Lambda without VPC?

怎甘沉沦 提交于 2020-07-17 11:55:52
问题 I am looking to assign a static IP to my Lambda which is being invoked via the API gateway. This is required because, the downstream system that i invoke from this lambda accepts web requests only from a Whitelisted IP. I am successful in achieving this via the VPC that i associate with my lambda. But VPC introduces a bad cold-start time which sometime ranges 12-16seconds. So i am looking for a way to prevent this cold start from the VPC, but at the same time assign a static IP to the lambda.

阿里云网络团队实习招聘

落爺英雄遲暮 提交于 2020-03-21 08:26:03
云从龙,凤从虎! 天下英雄出我辈! 阿里云网络产品作为阿里云核心技术团队,自研洛神云网络平台,提供连接全球、超大规 模、弹性开放的一站式虚拟化网络服务,虚拟专有网络(VPC)、软件定义网络(SDN) 控制器、服务器负载均衡(SLB)等多项网络产品及技术,久经打磨,稳如磐石,卓尔不 群,为用户提供如丝般顺滑的网络体验。 详情:参看附件海报 面向人群:2021届海内外院校应届毕业生 投入入口:tom.tl@alibaba-inc.com(注明申请岗位) 或者,扫描附件海报二维码投递 来源: https://www.cnblogs.com/tla001/p/12536433.html

我们为什么会删除不了集群的 Namespace?

梦想的初衷 提交于 2020-02-27 12:38:13
作者 | 声东 阿里云售后技术专家 导读 :阿里云售后技术团队的同学,每天都在处理各式各样千奇百怪的线上问题。常见的有网络连接失败、服务器宕机、性能不达标及请求响应慢等。但如果要评选的话,什么问题看起来微不足道事实上却让人绞尽脑汁,我相信肯定是“删不掉”的问题,比如文件删不掉、进程结束不掉、驱动卸载不了等。这样的问题就像冰山,隐藏在它们背后的复杂逻辑,往往超过我们的预想。 背景 今天我们讨论的这个问题,跟 K8s 集群的 Namespace 有关。Namespace 是 K8s 集群资源的“收纳”机制。我们可以把相关的资源“收纳”到同一个 Namespace 里,以避免不相关资源之间不必要的影响。 Namespace 本身也是一种资源。通过集群 API Server 入口,我们可以新建 Namespace,而对于不再使用的 Namespace,我们需要清理掉。Namespace 的 Controller 会通过 API Server,监视集群中 Namespace 的变化,然后根据变化来执行预先定义的动作。 有时候,我们会遇到下图中的问题,即 Namespace 的状态被标记成了 "Terminating",但却没有办法被完全删除。 从集群入口开始 因为删除操作是通过集群 API Server 来执行的,所以我们要分析 API Server 的行为。跟大多数集群组件类似,API

在AWS上配置基本的VPC

核能气质少年 提交于 2020-02-26 03:03:47
AWS上VPC基本配置 首先打开WEB控制页面,我们点击-- 服务 -- VPC 进入VPC控制面板,点击-- 启动VPC向导 可以看到有两个选择一个是 带单个公有子网的VPC ,另一个是 带有公有和私有子网的VPC 如果选择 带有单个子网的VPC ,则在VPC内只创建一个子网,并且这个子网是公有子网,可以和Internet直接互访,所有放在公有子网上的资源都可以直接访问互联网。 如果选择 带有公网和私有子网的VPC ,则实际中创建了两个子网,一个公有子网一个私有子网,公有子网可以和Internet直接互联,原则上私有子网不可以和Internet互访,(如果需要互访需要在公有子网上 部署NAT ),通过NAT和互联网通信。 我在这里选择带 带有公网和私有子网的VPC 点击-- 选择 NAT实例选择默认 配置完成后点击-- 创建VPC 创建好后查看私有子网路由表--路由是创建好VPC 后自动添加的!(使VPC内部的所有EC2实例之间互相通信)---需要更改点击路由表的 超链接 公有子网和私有子网都会自动添加路由 点击私有子网的路由表 超链接 可以进入该页面 可以点击添加新的路由(默认的第一条路由不可以修改) 子网关联选项(当前的子网和当前的路由表进行关联) 新创建路由表 设置主路由表,PVC内的所有实例都会通过主路由表互通(一般会把私有子网所在的路由表,设置成主路由表!)

AWS Networking 总览

廉价感情. 提交于 2020-02-11 22:39:31
Youtube连结: https://www.youtube.com/watch?v=TRV3JV4-UiQ&list=PLVVMQF8vWNCKBr5gBbj_zDwH85YaRPQyv 这系列主题能大家透过Solution Architect的角度,来了解在AWS上我们可考虑使用的network方案。 主题影片: AWS network - Internet Route Solutions (Internet, VPN, Direct Connect) AWS network - Internal Route and Inter VPC Route (VPC endpoints, PrivateLink, VPC peering) AWS network - across-region and across-account route AWS network - Transit Gateway, Direct Connect Gateway 来源: https://www.cnblogs.com/samtsai/p/12296950.html
订阅 vpc