Hi Norman,

What you're looking for is a VPC peering connection 
which will allow you to flow traffic between two VPCs (ideally 
non-overlapping CIDRs).

After you set up the peering connection between two VPCs, you'll have a 
"pcx-XXXX" network interface in each VPC.

To flow traffic between peered subnets, you'll need to set up a route table 
in each VPC which utilizes the pcx-XXX interface. The "standard" way to 
structure this is (in each VPC!) set up a route table entry for each 
destination subnet in the other VPC, and attach all participating subnets 
to that route table. Don't forget route table entries *are not* duplex- you 
need to set explicitly set up routes for packets to return to the source as 

How you want to set up the security group rules on top of that is up to 
you. The simplest way is to simply list out the CIDRs of the peered subnets 
that you want to have access to your service.

On Monday, October 17, 2016 at 6:11:32 AM UTC-7, Norman Khine wrote:
> Hello,
> I am running k8s cluster on AWS and am trying to setup the security groups 
> on AWS to only allow traffic from the vpc created for my application.
> When I add a new rule based on my k8s-worker security group I get this 
> error ` You have specified two resources that belong to different 
> networks.`
> I am able to specify the IP address of the ELB but these may change - so I 
> am unsure how best to fix this?
> Any advice much appreciated

You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to