Martin Klefas-Stennett
External IP Ranges (for an AWS VPC Security Group
I've been using an RDS database to collate the results of the work my pods are doing, and that's been fine so far with one or two running, but we're about to scale to a lot more.
This kind of means that I can no longer log into a pod and ping something to get it's IP address to add to my RDS VPC Inbound Whitelist.
I was looking at maybe AWS PrivateLink or mTLS, but neither seem to be supported.
If I stick to the secure cloud, and one/two regions, is there a defined external IP range that'll get used? Honestly even if it's a /16 range then that at least reduces the attack surface a little!
3 replies
Kill a pod from the inside?
Last weekend I started a community pod for a large workload and went to bed once it confirmed it was starting the work properly. Unfortunately though the pod was on a very slow connection to my cloud storage, and so it spent about 14 out of the 16 hours run time just downloading the job files… I’ve only just realised it after noticing how much faster things went on other runs and analysing my cloud egress logs.
I’ve rewritten my code to report current download speeds so I can kill pods by hand, but is there any way to do it from a running python app? Ideally if it detected slow disk or downloads it’s kill itself so that at least I’d know.
My alternative is to have it send me a discord message, but that’s not as useful!
6 replies