Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

(aws-eks): (Cluster handler is not well documented on what VPC endpoints it needs to make it work in Isolated Subnets) #28955

Closed
madrian opened this issue Feb 1, 2024 · 3 comments
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service documentation This is a problem with documentation. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@madrian
Copy link

madrian commented Feb 1, 2024

Describe the issue

The documentation here states that isolated subnets are not fully supported. However, in my testing, EKS cluster creation can work using CDK in a fully private VPC with only Isolated Subnets and no proxies. I have made a PR in aws-cdk-examples here. This was also based off the discussions in this issue.

Hope to get confirmation of the minimum list of VPC endpoints that are required to make it work and add them in the documentation. What I used in the example are the following:

    List<InterfaceVpcEndpointAwsService> endpoints =
        List.of(
            InterfaceVpcEndpointAwsService.ECR,
            InterfaceVpcEndpointAwsService.ECR_DOCKER,
            InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING,
            InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS,
            InterfaceVpcEndpointAwsService.EVENTBRIDGE,
            InterfaceVpcEndpointAwsService.STS,
            InterfaceVpcEndpointAwsService.SSM,
            InterfaceVpcEndpointAwsService.SSM_MESSAGES,
            InterfaceVpcEndpointAwsService.LAMBDA,
            InterfaceVpcEndpointAwsService.EKS,
            InterfaceVpcEndpointAwsService.EC2,
            InterfaceVpcEndpointAwsService.EC2_MESSAGES,
            InterfaceVpcEndpointAwsService.CLOUDFORMATION,
            InterfaceVpcEndpointAwsService.STEP_FUNCTIONS,
            InterfaceVpcEndpointAwsService.STEP_FUNCTIONS_SYNC);

Links

#12171
aws-samples/aws-cdk-examples#989

@madrian madrian added documentation This is a problem with documentation. needs-triage This issue or PR still needs to be triaged. labels Feb 1, 2024
@github-actions github-actions bot added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Feb 1, 2024
@madrian madrian changed the title (aws-eks): (Cluster handler is not well documented on what VPC endpoints in needs to make it work in Isolated Subnets) (aws-eks): (Cluster handler is not well documented on what VPC endpoints it needs to make it work in Isolated Subnets) Feb 1, 2024
@pahud
Copy link
Contributor

pahud commented Feb 1, 2024

Big shout out to the eks private cluster example! Unfortunately we are not able to confirm all the details and the list of required endpoint services and we'll need the example contribution like this to help more people in this space.

Do you think we should update the document on aws-eks module? Would be great if we have a link to your example when it's merged.

@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 1, 2024
@pahud
Copy link
Contributor

pahud commented Mar 14, 2024

resolving with #29201

@pahud pahud closed this as completed Mar 14, 2024
@pahud pahud added the feature-request A feature should be added or improved. label Mar 14, 2024
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service documentation This is a problem with documentation. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Development

No branches or pull requests

2 participants