Skip to content

Add aws_network flavor - VPC module #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
unni-facets merged 6 commits into from
Jan 8, 2026
Merged

Add aws_network flavor - VPC module #63

unni-facets merged 6 commits into from
Jan 8, 2026

Conversation

@bhat-akshay
Copy link
Contributor

@bhat-akshay bhat-akshay commented Dec 15, 2025

Overview

This PR adds a new aws_vpc_k8s flavor for the network/aws_vpc module to provide a Kubernetes-optimized VPC configuration as an alternative to the existing system aws_vpc module.

Why a New Flavor?

The existing aws_vpc is a system module. This new flavor allows teams to:

  • Use a Kubernetes-optimized VPC configuration in custom project types
  • Benefit from EKS-specific optimizations and tagging
  • Have control over module updates and customizations

Module Features

The aws_vpc_k8s module is explicitly optimized for Kubernetes workloads:

Kubernetes-Specific Optimizations

  • Private subnets: /19 per AZ (8,192 IPs) - sized for pod scaling in EKS
  • EKS subnet tags:
    • kubernetes.io/role/elb on public subnets (external load balancers)
    • kubernetes.io/role/internal-elb on private subnets (internal load balancers)
  • Auto-calculated subnets: Prevents IP exhaustion common in K8s clusters
  • VPC endpoints: Support for EKS, ECR, S3, SSM for private communication

Architecture

  • 3-tier design: Private (8K IPs/AZ), Public (256 IPs/AZ), Database (256 IPs/AZ)
  • Fixed /16 requirement: Automatic subdivision across 2-5 availability zones
  • Flexible NAT: Single or per-AZ NAT gateway strategies
  • Comprehensive VPC endpoints: ECR, EKS, S3, DynamoDB, SSM, and more

Naming Rationale

Why aws_vpc_k8s?

Accurate: Module has explicit Kubernetes optimizations (EKS tags, pod-scale IP ranges)
Concise: Short (10 characters) and memorable
Clear differentiation: Distinguishes from generic aws_vpc system module
Not workload-specific: Works for any K8s workload (ML, web apps, batch jobs, data processing)
Generic enough: Not tied to specific Kubernetes distribution (works with EKS, self-managed K8s)

Alternative Names Considered

Name Pros Cons Verdict
aws_vpc_ml Domain-specific Too narrow; module isn't ML-exclusive ❌ Rejected
aws_vpc_optimized Generic Vague; doesn't indicate what's optimized ❌ Rejected
aws_vpc_auto Emphasizes auto-calculation Doesn't convey K8s optimization ❌ Rejected
aws_vpc_eks Accurate for AWS Ties to AWS implementation; K8s is more generic ⚠️ Acceptable
aws_vpc_v2 Version-based Doesn't convey purpose ❌ Rejected
aws_vpc_k8s Accurate, concise, clear None Recommended

Technical Details

Subnet Allocation (for /16 VPC)

  • Private: 8,192 IPs per AZ (3 AZs = 24,576 IPs total)
  • Public: 256 IPs per AZ (3 AZs = 768 IPs total)
  • Database: 256 IPs per AZ (3 AZs = 768 IPs total)
  • Reserved: ~39,424 IPs for future expansion

Key Configuration Options

  • vpc_cidr: /16 CIDR block (required)
  • auto_select_azs: Automatically select 3 AZs (default: true)
  • nat_gateway.strategy: single or per_az (default: single)
  • vpc_endpoints: Granular control over AWS service endpoints

EKS Integration

  • Subnets automatically tagged for AWS Load Balancer Controller
  • Private subnets support EKS worker nodes and pods
  • Public subnets support external-facing load balancers
  • Database subnets for RDS/Aurora (isolated, no internet access)

Testing Recommendation

  1. Upload module to Control Plane in PREVIEW stage
  2. Test in ml-experiments project (or similar K8s project)
  3. Validate:
    • VPC creation with correct CIDR subdivision
    • EKS cluster can use the subnets
    • Load Balancer Controller discovers tagged subnets
    • VPC endpoints function correctly
  4. Publish to PUBLISHED stage when validated

Files Changed

  • aws/network/aws_vpc_k8s/1.0/facets.yaml - Module metadata with aws_vpc_k8s flavor
  • aws/network/aws_vpc_k8s/1.0/main.tf - VPC resources with K8s tags
  • aws/network/aws_vpc_k8s/1.0/locals.tf - Subnet calculations and EKS tags
  • aws/network/aws_vpc_k8s/1.0/outputs.tf - VPC attributes output
  • aws/network/aws_vpc_k8s/1.0/variables.tf - Standard Facets variables
  • aws/network/aws_vpc_k8s/1.0/README.md - Module documentation

Checklist

  • Created new flavor aws_vpc_k8s by copying aws_vpc
  • Updated facets.yaml with new flavor name
  • Updated sample section in facets.yaml
  • All Terraform files unchanged (identical to aws_vpc)
  • Commit includes detailed naming rationale
  • PR includes alternative names considered

Generated by Facets AI assistant

prashant-facets and others added 5 commits December 10, 2025 13:29
@prashant-facets
Added import project type doc.
b8fdcea
@anshulsao
Merge pull request #57 from Facets-cloud/add-import-project-type-doc
3b87db2 
Add import project type documentation
@bhat-akshay
Add aws_vpc_k8s flavor - Kubernetes-optimized VPC module
0ff449a 
Created new flavor 'aws_vpc_k8s' for network/aws_vpc module to provide
a Kubernetes-optimized VPC configuration as an alternative to the
existing 'aws_vpc' flavor.

## Why aws_vpc_k8s?

The module is explicitly Kubernetes-optimized with the following features:
- Private subnets sized at /19 (8,192 IPs/AZ) for K8s pod scaling
- EKS-specific subnet tags (kubernetes.io/role/elb, kubernetes.io/role/internal-elb)
- Auto-calculated subnet allocation to prevent IP exhaustion
- VPC endpoints for EKS, ECR, and container workloads

## Naming Rationale

**aws_vpc_k8s** is the recommended name because:
1. **Accurate**: Module has explicit Kubernetes optimizations (EKS tags, pod-scale IP ranges)
2. **Concise**: Short (10 chars) and memorable
3. **Clear differentiation**: Distinguishes from generic 'aws_vpc' system module
4. **Not workload-specific**: Works for any K8s workload (ML, web apps, batch jobs, etc.)

## Alternative Names Considered

- **aws_vpc_ml**: Too workload-specific; module isn't ML-exclusive
- **aws_vpc_optimized**: Vague; doesn't indicate what it's optimized for
- **aws_vpc_auto**: Emphasizes auto-calculation over K8s optimization
- **aws_vpc_eks**: Accurate but ties to AWS implementation; K8s is more generic
- **aws_vpc_v2**: Version-based naming; doesn't convey purpose

## Technical Details

Module characteristics:
- /16 VPC CIDR requirement with automatic subdivision
- 3-tier subnet architecture (private/public/database)
- Configurable NAT gateway strategy (single or per-AZ)
- Comprehensive VPC endpoint support
- EKS subnet tagging for AWS Load Balancer Controller discovery

Generated with Facets AI assistant
@bhat-akshay
Rename AWS VPC module flavor to aws_network
ee524dc 
Changes:
- Updated aws/network/aws_vpc/1.0/facets.yaml:
  - Changed flavor from 'aws_vpc' to 'aws_network'
  - Updated sample section to use new flavor name
- Removed aws_vpc_k8s module directory (consolidating to single network module)

Rationale:
- Simplifies module naming - one network module per cloud provider
- 'aws_network' is cleaner and more generic than 'aws_vpc'
- Eliminates redundancy between aws_vpc and aws_vpc_k8s flavors
- Module retains all Kubernetes-optimized features (8K IPs/AZ, EKS tags, VPC endpoints)
@bhat-akshay
Update project type and documentation to use aws_network flavor
ed0f1cd 
Changes:
- Updated project-type/aws/project-type.yml to reference aws_network flavor
- Updated docs/import-project-type-documentation.md example to use aws_network

This completes the flavor rename from aws_vpc to aws_network.
@bhat-akshay bhat-akshay changed the title Add aws_vpc_k8s flavor - Kubernetes-optimized VPC module Add aws_network flavor - VPC module Dec 15, 2025
@mbhandari31
Copy link
Contributor

mbhandari31 commented Dec 16, 2025

Change the folder name as well to "aws_network"

@unni-facets unni-facets merged commit af9c2eb into main Jan 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@unni-facets unni-facets unni-facets approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@bhat-akshay @mbhandari31 @unni-facets @prashant-facets @anshulsao