aws_eks: vpcSubnets description seems to be incorrect #27923

takawaha · 2023-11-10T11:13:46Z

Describe the issue

The documentation for vpcSubnets says, If you want to create public load balancers, this must include public subnets..
However, we can create internet-facing ALB/NLB/CLB regardless of where the EKS Control Plane ENIs are located.

cloud-controller-manager and aws-load-balancer-controller can automatically detect public subnets by the tag kubernetes.io/role/elb.
https://repost.aws/knowledge-center/eks-vpc-subnet-discovery

Links

https://github.com/aws/aws-cdk/blob/v2.106.0/packages/aws-cdk-lib/aws-eks/lib/cluster.ts#L443
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks.Cluster.html#vpcsubnets

The text was updated successfully, but these errors were encountered:

…ets (#27931) It seems that the description for vpcSubnets in EKS Cluster class includes incorrect requirement. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks.Cluster.html#vpcsubnets > If you want to create public load balancers, this must include public subnets. The requirements for subnets where control plane ENIs are placed are described in the following document. https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html#network-requirements-subnets > The subnets that you specify when you create or update a cluster must meet the following requirements: > > The subnets must each have at least six IP addresses for use by Amazon EKS. However, we recommend at least 16 IP addresses. > The subnets can't reside in AWS Outposts, AWS Wavelength, or an AWS Local Zone. However, if you have them in your VPC, you can deploy self-managed nodes and Kubernetes resources to these types of subnets. > The subnets can be a public or private. However, we recommend that you specify private subnets, if possible. A public subnet is a subnet with a route table that includes a route to an internet gateway, whereas a private subnet is a subnet with a route table that doesn't include a route to an internet gateway. Other components such as nodes, Kubernetes resources or ELB can be located in different subnets from the above subnets. This is also described in the above document as below. > You can deploy nodes and Kubernetes resources to the same subnets that you specify when you create your cluster. However, this isn't necessary. This is because you can also deploy nodes and Kubernetes resources to subnets that you didn't specify when you created the cluster. So, this PR simply removes the incorrect sentence from CDK doc. Closes #27923 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2023-11-10T17:00:12Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

…ets (#27931) It seems that the description for vpcSubnets in EKS Cluster class includes incorrect requirement. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks.Cluster.html#vpcsubnets > If you want to create public load balancers, this must include public subnets. The requirements for subnets where control plane ENIs are placed are described in the following document. https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html#network-requirements-subnets > The subnets that you specify when you create or update a cluster must meet the following requirements: > > The subnets must each have at least six IP addresses for use by Amazon EKS. However, we recommend at least 16 IP addresses. > The subnets can't reside in AWS Outposts, AWS Wavelength, or an AWS Local Zone. However, if you have them in your VPC, you can deploy self-managed nodes and Kubernetes resources to these types of subnets. > The subnets can be a public or private. However, we recommend that you specify private subnets, if possible. A public subnet is a subnet with a route table that includes a route to an internet gateway, whereas a private subnet is a subnet with a route table that doesn't include a route to an internet gateway. Other components such as nodes, Kubernetes resources or ELB can be located in different subnets from the above subnets. This is also described in the above document as below. > You can deploy nodes and Kubernetes resources to the same subnets that you specify when you create your cluster. However, this isn't necessary. This is because you can also deploy nodes and Kubernetes resources to subnets that you didn't specify when you created the cluster. So, this PR simply removes the incorrect sentence from CDK doc. Closes #27923 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

takawaha added documentation This is a problem with documentation. needs-triage This issue or PR still needs to be triaged. labels Nov 10, 2023

github-actions bot added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Nov 10, 2023

tam0ri mentioned this issue Nov 10, 2023

docs(eks): remove description about incorrect requirement for vpcSubnets #27931

Merged

mergify bot closed this as completed in #27931 Nov 10, 2023

github-actions bot mentioned this issue Dec 1, 2023

Monthly Issue metrics report - November 2023 #28211

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

aws_eks: vpcSubnets description seems to be incorrect #27923

aws_eks: vpcSubnets description seems to be incorrect #27923

takawaha commented Nov 10, 2023

github-actions bot commented Nov 10, 2023