Cluster Network Plans
As a Wayfinder administrator, you have the ability to create cluster network plans that provision networks for clusters based on the specified network configuration within the plan. When creating a cluster plan, you will choose a cluster network plan.
From a workspace member's perspective, when developers self-serve their environments, each environment's underlying cluster configuration is determined by a cluster plan (presented to them as an environment plan). Wayfinder will provision the cluster's underlying network based on the network details specified in the cluster network plan.
Wayfinder includes a predefined set of default cluster network plans for each cloud provider. If Wayfinder's default plans do not meet your networking requirements, you have the option to create your own cluster network plans.
CLI Quick Reference
| Instruction | CLI Command |
|---|---|
| View a list of cluster network plans | wf get clusternetworkplans |
| View cluster network plan's manifest | wf get clusternetworkplans PLAN-NAME -o yaml |
| Output cluster network plan's manifest to file | wf get clusternetworkplans PLAN-NAME -o yaml > MYPLAN.yaml |
| Apply a cluster network plan's manifest from file | wf apply -f MYPLAN.yaml |
| View a list of available IP Ranges for all workspaces (see auto-allocation) | wf get assignablenetworks --all-workspaces |
| View a list of available IP Ranges for a specific workspace | wf get assignablenetworks -w [WORKSPACE] |
| View a list of cluster networks | wf get clusternetworks --all-workspaces |
| View the details of a specific cluster network | wf get clusternetworks NAME |
View Cluster Network Plans
For each cloud provider, Wayfinder includes a single default ClusterNetworkPlan that is used by all the default cluster plans included for that provider.
Use the wf get clusternetworkplans command to view a list of cluster network plans.
wf get clusternetworkplans
NAME SUMMARY CLOUD AGE
aks-standard General purpose AKS cluster network. azure 63d
eks-standard General purpose EKS cluster network. aws 63d
gke-standard General purpose GKE cluster network. gcp 63d
You can view a list of cluster network plans using Wayfinder's web interface:
-
Select Admin, then navigate to Kubrnetes > Cluster Networking.
-
Click the cloud provider that you want to see plans for e.g., Microsoft Azure.
The plans are displayed.
Create Cluster Network Plans
You cannot edit Wayfinder's default cluster network plans for each cloud provider, but you can disable them if they are not needed (see wf disable).
Additionally, you have the option to create your own cluster network plans. A convenient approach is to duplicate an existing plan and then customise it to your needs.
Alternatively, you can start from scratch. Once you've added a cluster network plan for a cloud provider, you can select it within cluster plans from that same provider.
The network configuration for existing clusters is not affected when you update the cluster network plan that was used to provision those clusters. Updates to cluster network plans will only affect new clusters that are created from that plan.
Add a cluster network plan in Wayfinder's web interface
To add a cluster network plan:
- Select Admin, then navigate to Kubernetes > Cluster Network Plans
- Click the tab for the cloud provider that you want to add a plan for, and then click the labeled cluster network plan button. Depending on your cloud provider, the label is either AKS, EKS or GKE.
- Set or change options as needed
- If you want to copy an existing plan, then select the plan and then click the Copy button.
- Enter the details as outlined in the table below.
- Click Save.
When specifying a fixed IPv4 CIDR block range in a cluster network plan, then every network created using that plan will use the same fixed network range. This means that no traffic can be routed between those fixed ranges.
Below is an example of a fixed network allocation range:
Below is an example of an auto-allocated range:
Properties
This section describes the properties you need to specify when creating a new cluster network plan.
Properties common to all providers
| Field | Description |
|---|---|
| Name | Provide a meaningful name for your cluster network plan. It will help others to understand what your plan entails. |
| Description | Provide a meaningful description for your plan. |
| IPv4 CIDR range | Fixed signifies that you are using a fixed range of IP addresses. You will have a fixed number of IP addresses available across all clusters that use this plan. Therefore, clusters using this plan can't be peered together or join a corporate network. Allocated signifies that you have one or more IP address ranges available to clusters using this plan. You specify the CIDR ranges and Wayfinder will use different chunks from those ranges you specified. |
| IPv4 CIDR range > Fixed | AKS: Specify the fixed CIDR IP address range that the Node and Service should use EKS: Select the number of availability zones for the cluster. Specify the fixed CIDR IP address range that the Node should use. GKE: Specify the fixed CIDR IP address range that the Node, Service and Pod should use |
| IPv4 CIDR range > Auto-allocated | AKS: Specify the auto-allocated range size for the Node and Service. Select the CIDR range to allocate from. EKS: Select the number of availability zones for the cluster. Specify the auto-allocated range size for the Node. Select the CIDR range to allocate from. GKE: Specify the auto-allocated range size for the Node, Service and Pod. Select the CIDR range to allocate from. Note regarding the auto-allocated range table: If the table is empty, or you do not see the range you want, then you need to define a range. |
| Summary | A summary of the network ranges that Wayfinder will create and consume from. |
Azure specific properties
| Field | Description |
|---|---|
| Custom DNS Resolvers | IP addresses of custom DNS resolvers to use in the created vNet. Leave blank to use Azure's default DNS resolution |
| Routes | Specifies how traffic should be routed out of this vNet, including to other vNets, on-premises, and to the Internet. |
| - Name | The name of this route. |
| - CIDR Block | The address prefix (CIDR Block). When traffic leaves a subnet and is directed towards an IP address within the address prefix of a route, Azure uses the route containing the prefix. |
| - Next hop type | Represents how Azure routes traffic that are destined for the address prefix. Option(s): - Virtual Appliance (A virtual machine that typically runs a network application such as a firewall.) - Virtual Network Gateway (Specify when you want traffic destined for specific address prefixes routed to a virtual network gateway.) |
| - Next hop IP | When you create a route with the virtual appliance hop type, you also specify a next hop IP address. The IP address can be: - a private IP address of a network interface attached to a virtual machine - a private IP address of an Azure internal load balancer. For more information see Azure's Virtual network traffic routing. |
| Service Endpoints | The Azure Virtual Network Service Endpoints to make available in the cluster's subnet. You can specify multiple service endpoints. Option(s): - See Azure's service endpoint documentation for available options. |
AWS specific properties
| Field | Description |
|---|---|
| Availability Zones | The number of availability zones for the cluster. Option(s): - 2 - 3 |
Add a cluster network plan using the CLI
You can also create your own cluster network plan by writing a .yaml file specifying the plan parameters, and then applying it to Wayfinder using the CLI.
We recommend you start with an out-of-the-box plan and edit it to suit your needs.
To create a new cluster network plan from an existing one:
- Get the yaml from an existing plan:
wf get clusternetworkplan eks-standard -o yaml > MYPLAN.yaml
This copies the the eks-standard cluster network plan and places it in a file MYPLAN.yaml.
- Edit the file as needed, being sure to change the metadata name to a new name to indicate that you wish to make a new plan. Thereafter, apply the file:
wf apply -f MYPLAN.yaml
Below is an example of a cluster network plan.
apiVersion: networking.appvia.io/v2beta1
kind: ClusterNetworkPlan
metadata:
name: aks-standard-v2 <--- remember to change the name
spec:
planProviderDetails: {}
summary: General purpose AKS cluster network v2
template:
ipv4:
cidrBlocks:
- cidr: ""
size: 21
type: node
- cidr: ""
size: 21
type: service
layout: {}
location: ""
plan: aks-standard-v2 <--- remember to change the name
provider: azure
stage: ""
If you have set a fixed IPv4 CIDR block, then the cidrBlocks parameter will look similar to below:
template:
ipv4:
cidrBlocks:
- cidr: 10.0.0.0/16 <--- This value is only an example
type: node
- cidr: 10.8.0.0/16 <--- This value is only an example
type: service
Network capacity and availability
Wayfinder inlcudes the clusterNetwork and networkCapacity details under status.
clusterNetwork > exampleNetworkdemonstrates the next network range that Wayfinder will create from this plan, when a Cluster Network is created.networkCapacityindicates that the network ranges have capacity and can be used for at least one more network.
status:
capacity:
- hasCapacity: true
stage: nonprod
- hasCapacity: true
stage: prod
exampleNetwork:
azureVirtualNetwork:
cidr: 10.0.32.0/21
subnets:
- cidr: 10.0.32.0/22
type: SubnetNode
- cidr: 10.8.32.0/21
type: AKSInternalService
Associate a cluster network plan with a cluster plan
When you create a cluster plan, you must select cluster network plan.
The network configuration for existing clusters is not affected when you update the cluster network plan that was used to provision those clusters. Updates to cluster network plans will only affect new clusters that are created from that plan.
IP Ranges
For each cloud provider, you can view the available IP ranges for auto-allocation.
Use the wf get assignablenetworks --all-workspaces command to view a list of available IP ranges across all workspaces.
wf get assignablenetworks --all-workspaces
NAME CLOUD AGE
aws-nonprod aws 138d
aws-prod aws 138d
azure-nonprod azure 138d
azure-prod azure 138d
gcp-nonprod gcp 138d
gcp-prod gcp 138d
Use the wf get assignablenetworks -w [WORKSPACE] command to view a list of available IP ranges in the specified workspace.
wf get assignablenetworks -w sand
NAME CLOUD ACCESS STATUS AGE
aks-a0pcu azure-nonprod Success 3h19m
In Wayfinder's web interface:
- Select Admin, then navigate to Kubernetes > Cluster Network Plans
- Select the applicable cloud provider
- Select the IP ranges tab
- A list of IP ranges are displayed
The list of IP network ranges you see on the IP ranges tab is identical to the list presented to users on the Cluster Network Plan > Auto-allocated tab.
Cluster Networks
For each cloud provider, you have the ability to view the cluster networks that have been created.
Use the wf get clusternetworks --all-workspaces command to view a list of cluster networks.
wf get clusternetworks --all-workspaces
NAME CLOUD ACCESS STATUS AGE WORKSPACE
aks-g8evs azure-nonprod Success 41d app
aks-a0pcu azure-nonprod Success 3h47m sand
ci-envs-2 azure-prod Success 41d wfci
demo-envs azure-nonprod Success 32d wfci
dev-envs azure-nonprod Success 41d wfci
Use the wf get clusternetworks -w [WORKSPACE] command to view a list of clusters networks in a specific workpsace.
wf get clusternetworks -w sand
NAME CLOUD ACCESS STATUS AGE
aks-a0pcu azure-nonprod Success 3h44m
Use the wf get clusternetworks NAME command to view the details of a specific cluster network.
wf get clusternetworks aks-a0pcu -o yaml
apiVersion: networking.appvia.io/v2beta1
kind: ClusterNetwork
metadata:
labels:
appvia.io/allocatablerangenode: azure-nonprod
appvia.io/allocatablerangeservice: azure-nonprod
appvia.io/channel: default
appvia.io/clusterid: cjhjqaeddkdqi1ol7pd0
appvia.io/ingresspublic: "true"
appvia.io/name: aks-a0pcu
appvia.io/provider: azure
appvia.io/region: uksouth
appvia.io/stage: nonprod
appvia.io/wayfinderid: cfv6pokr7uc17lvgc8ig
appvia.io/workspace: sand
appvia.io/workspaceid: cfvhvouddkdmk5jj5200
name: aks-a0pcu
name: aks-a0pcu
namespace: ws-sand
spec:
cloudAccessConfigRef:
name: azure-nonprod
namespace: ws-sand
cloudResourceName: ws-sand-aks-a0pcu
ipv4:
cidrBlocks:
- cidr: 10.0.8.0/21
size: 21
type: node
- cidr: 10.8.8.0/21
size: 21
type: service
layout:
mode: auto
privateSubnets: 1
location: uksouth
plan: aks-standard
provider: azure
providerDetails:
azure:
resourceGroup: wf-ws-sand-aks-a0pcu-uksouth
type: azure
stage: nonprod
tags:
wayfinder-cluster: cjhjqaeddkdqi1ol7pd0
wayfinder-instance: cfv6pokr7uc17lvgc8ig
wayfinder-workspace: cfvhvouddkdmk5jj5200