Hi Norman, What you're looking for is a VPC peering connection <http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html>, which will allow you to flow traffic between two VPCs (ideally non-overlapping CIDRs).
After you set up the peering connection between two VPCs, you'll have a "pcx-XXXX" network interface in each VPC. To flow traffic between peered subnets, you'll need to set up a route table in each VPC which utilizes the pcx-XXX interface. The "standard" way to structure this is (in each VPC!) set up a route table entry for each destination subnet in the other VPC, and attach all participating subnets to that route table. Don't forget route table entries *are not* duplex- you need to set explicitly set up routes for packets to return to the source as well. How you want to set up the security group rules on top of that is up to you. The simplest way is to simply list out the CIDRs of the peered subnets that you want to have access to your service. On Monday, October 17, 2016 at 6:11:32 AM UTC-7, Norman Khine wrote: > > Hello, > I am running k8s cluster on AWS and am trying to setup the security groups > on AWS to only allow traffic from the vpc created for my application. > > When I add a new rule based on my k8s-worker security group I get this > error ` You have specified two resources that belong to different > networks.` > > I am able to specify the IP address of the ELB but these may change - so I > am unsure how best to fix this? > > Any advice much appreciated > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.