Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

googleapi: Error 400: Cluster CIDR range is not within allowed ranges., badRequest #1424

Closed
yardenas opened this issue Jun 7, 2023 · 6 comments · Fixed by #1429
Closed

googleapi: Error 400: Cluster CIDR range is not within allowed ranges., badRequest #1424

yardenas opened this issue Jun 7, 2023 · 6 comments · Fixed by #1429

Comments

@yardenas
Copy link

yardenas commented Jun 7, 2023

Hi,

We're trying to deploy an airflow cluster with this blueprint, using a shared VPC.

We created a subnet as specified in your fast network peering stage.

Also, I'm specifying the following configuration:

    composer_secondary_ranges = {
      pods     = "pods"
      services = "services"
    }

Unfortunately, I'm getting this error:

googleapi: Error 400: Cluster CIDR range 100.128.48.0/20 is not within allowed ranges., badRequest

I'm not entirely sure how to proceed. Any suggestions?
@juliocc
Copy link
Collaborator

juliocc commented Jun 7, 2023

My only guess is that you have to use an RFC1918 range. Can you try that?

@lcaggio any ideas?

@yardenas
Copy link
Author

yardenas commented Jun 7, 2023
edited
Loading

Yes, you're right, this IP doesn't conform with RFC1918. Thing is, we got this IP from fast

@yardenas
Copy link
Author

yardenas commented Jun 7, 2023

We changed this file to the following:

# skip boilerplate check

region: us-central1
description: Default subnet for dev Data Platform
ip_cidr_range: 172.16.0.0/12
secondary_ip_ranges:
  pods: 10.10.8.0/22
  services: 10.10.12.0/24

@bluPhy
Copy link
Collaborator

bluPhy commented Jun 8, 2023

We may be hitting this issue: Error updating secondary IP ranges in Google_compute_subnetwork #2570

@wiktorn
Copy link
Collaborator

wiktorn commented Jun 8, 2023
edited
Loading

@yardenas @lcaggio @sruffilli I think that this is a bug in networking config for dataplatform, as it references public T-Mobile address space (100.128.0.0/9):

ip_cidr_range: 10.128.48.0/24
secondary_ip_ranges:
   pods: 100.128.48.0/20
   services: 100.255.48.0/24

Either we should use 10.0.0.0/8 network here or 100.64.0.0/10 if the intention was not to use RFC1918 space.

wiktorn added a commit to wiktorn/cloud-foundation-fabric that referenced this issue Jun 8, 2023
@wiktorn
Use RFC6598 addresses for pods and subnets
f7c23f7 
10.128.0.0/9 is public network.

Closes: GoogleCloudPlatform#1424
@wiktorn wiktorn mentioned this issue Jun 8, 2023
Merged
wiktorn added a commit that referenced this issue Jun 8, 2023
@wiktorn
Use RFC6598 addresses for pods and subnets
6b4bca1 
10.128.0.0/9 is public network.

Closes: #1424
@yardenas
Copy link
Author

yardenas commented Jun 8, 2023

Thanks everyone!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use RFC6598 addresses for pods and subnets wiktorn/cloud-foundation-fabric
4 participants
@juliocc @wiktorn @bluPhy @yardenas