When deploying in Amazon Web Services, external hosts (like hosting control panels or billing systems) may be set up in a Virtual Private Cloud other than that where KuberDock cluster has been installed. To enable KuberDock and the host interaction in such cases, a VPC peering connection is required.
The VPC peering connection can be established between VPCs of the same AWS account as well as between ones belonging to different accounts.
Both cases are similar to great extent. Brief description of the connection setup within a common AWS account is given below. For the detailed explanations please refer the Working with VPC Peering Connections section of the AWS documentation.
A VPC peering connection can be created via Amazon VPC console:
Select a desired VPC and initiate a request to peer it with another VPC:
Accept the request:
At this point you will be proposed to modify your route tables (it may be done later as well).
Go to the route tables page and add a route to the route table associated with the subnet where the instance resides:
The connection needs proper configuration of KuberDock and the host subnets:
Route Tables should be updated for both ends of the VPC Peering Connection:
Then it is necessary to enable DNS for the connection:
Finally, the inbound and outbound rules for both VPC security groups should be properly updated to reference security groups in the peered VPC:
Note that to be able to perform the actions above, users need to be granted by means of an appropriate IAM policy with permission to create or modify VPC peering connections.