Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to create resource. Not enough available space in the vpc #80

Closed
pierreozoux opened this issue Dec 10, 2018 · 5 comments
Closed

Failed to create resource. Not enough available space in the vpc #80

pierreozoux opened this issue Dec 10, 2018 · 5 comments

Comments

@pierreozoux
Copy link

Describe the bug
Trying to create a RDS production instance, I get the following error:

Failed to create resource. Not enough available space in the vpc

Currently investigating. Created the issue to help other people.
@pierreozoux
Copy link
Author

@jaymccon could you provide more details about this line?

https://github.com/awslabs/aws-servicebroker/blob/master/templates/rdsmariadb/template.yaml#L1060

Danke!

@pierreozoux
Copy link
Author

pierreozoux commented Dec 10, 2018
edited
Loading

Ok, understood the issue:

  • I can provision dev as it requests /28 Cidr
  • I can't provision production as it requests /27 Cidr

My VPC has /22 size.

It looks like this function is making some math, and tells me, I can't create a /27 Cidr.

@pierreozoux
Copy link
Author

Why is it needed to have 1 subnet per RDS instance?
At the end, all the pods run in the same subnet.

I mean, this is the defaukt behaviour, of course, some specific customer will have various subnets for various node types. But the default currently is to have one subnet for nodes and all the RDS instance. What do you think? Does it make sense to remove this feature?

@jaymccon
Copy link
Contributor

@pierreozoux appreciate the thorough investigation (as usual 😄). The idea is to try and bake in as many best practices as possible as well as to ensure that the parameters required to provision a service require no direct access to the aws account being provisioned to. The exception here is the VPCID, which we are recommending that cluster administrators prescribe the value of.

To achieve this with RDS the following played a role in the template we have:

  • dedicated subnets, so that there is no chance of pod scaling causing IP exhaustion, and so that (although not implemented) it is possible to attach network acls, further controlling access to the DBInstances. Finally, if we do not create them we will require subnet id's to be provided as input parameters.
  • automate the discovery of usable IP space so that the user issuing the provision command doesn't need to know what space is available (https://github.com/awslabs/aws-servicebroker/blob/master/templates/rdsmariadb/template.yaml#L1060)

That said I'd like to hear others opinions on this, if everyone is deploying their AWS services into the same subnets as their pods, then it may make sense to rather deploy into existing subnets which can be overriden in the same way as the VPCID.

@pierreozoux pierreozoux mentioned this issue Dec 12, 2018
Open
@jaymccon
Copy link
Contributor

jaymccon commented Dec 19, 2018
edited
Loading

It's also worth noting that service broker supports users providing a custom catalog of templates that are tailored to their needs. Docs are here: https://github.com/awslabs/aws-servicebroker/tree/master/docs#custom-catalog

@jaymccon jaymccon closed this as completed Mar 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pierreozoux @jaymccon