Extensible Networking

[plombardi89]

Loom is too much of a black box with regards to its networking setup. Based on user feedback it's become clear we need to open up the networking components laid down by Loom so that, for example, users can peer the VPC's with existing VPC's or assign security groups to the underlying Kubernetes nodes.

The uses cases which have come up:

• User wants to control the CIDR blocks for a network rather than be forced to use 10.0.0.0/16 because the user already has a 10.0.0.0/16 network and they need to establish a VPC peer relationship with that other network.

• User wants to be able to have the Kubernetes cluster network peered with other existing networks.

• User wants to be able to assign a security group to all the Kubernetes masters and nodes that will be used for Ingress control to other networks.

This issue supersedes:

• CIDR block for VPC needs to be configurable #12
• Ability to assign custom security groups to cluster #10

[plombardi89]

Preliminary work on this is now completed and living in plombardi/experimental branch. The Kubernetes cluster lives in its own network and is peered with an additional VPC that is creating for containing backing services.

Additional work may be undertaken to support the following use case:

1. Uni-directional peering from Kubernetes into an existing VPC that Loom does not control. The reverse (existing VPC -> Kubernetes) will not be undertaken so as to avoid touching or configuring non-Loom managed infrastructure.