Deploy a POP in an Existing VPC
If needed, you can deploy a Point of Presence in an existing Virtual Private Cloud, different from the secure VPC created from the required CloudFormation template.
To deploy a POP in an existing VPC:
-
Make sure that your existing VPC has a private subnet, public subnet, security group and IAM role. The VPN must be attached to an Internet Gateway to connect to Skyhigh CASB.
-
Add the tag
kubernetes.io/cluster/<PoPName>
to all these resources with the value as shared. The place holder<PoPName>
refers to the name of the POP that you need to create. Ex: kubernetes.io/cluster/demo1-pop, where 'demo1-pop' is the name of the POP. -
The Security Group should have all the traffic allowed for the VPC CIDR, and must have an outbound connection open to the world.
- Once these things are validated, complete the POP deployment.