Private/public subnet association with VPC routing tables

[Bulat-Gumerov]

eksctl should explicitly associate private/publiс routing tables with same subnets that it creates. Current version 0.1.22 works only if you need single isolated VPC for k8s. But if you need to connect to another VPC you need to do network routing manually because there is no subnet association with eksctlcreated routing tables.

[mumoshu]

@Bulat-Gumerov Hey!

I'm still trying to understand, but perhaps you're talking about the case that eksctl creates a VPC for you?

And you want eksctl to automatically set up VPC peering between your existing VPC and the eksctl-created new VPC, that involves the said route table configuration. Am I following you correctly?

[Bulat-Gumerov]

Hey @mumoshu
Yes, this VPC was created by eksctl
No, I can do it manually after deploying EKS cluster. If you want to represent this issue, create VPC peering connection between EKS cluster and other VPC. The routing will fail since it will won't know how to route traffic into internet and kubectl get nodes will say that all nodes are in NOT READY status. More screenshots, logs are in weaveworks Slack channel eksctl

[errordeveloper]

@Bulat-Gumerov how exactly did you fix this? Would you mind to share AWS CLI command, if that's what you used, just the exact steps you took to solve it.

[errordeveloper]

Ok, per our discussion on Slack, this is actually about the default route table, one that VPC gets automatically. We currently don't modify if in any way. I'll look into how we can fix this.

[errordeveloper]

also see https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-route-table-vpc/ for a potential work around to this