(aws-eks): (Cluster handler is not well documented on what VPC endpoints it needs to make it work in Isolated Subnets) #28955

madrian · 2024-02-01T04:53:21Z

Describe the issue

The documentation here states that isolated subnets are not fully supported. However, in my testing, EKS cluster creation can work using CDK in a fully private VPC with only Isolated Subnets and no proxies. I have made a PR in aws-cdk-examples here. This was also based off the discussions in this issue.

Hope to get confirmation of the minimum list of VPC endpoints that are required to make it work and add them in the documentation. What I used in the example are the following:

    List<InterfaceVpcEndpointAwsService> endpoints =
        List.of(
            InterfaceVpcEndpointAwsService.ECR,
            InterfaceVpcEndpointAwsService.ECR_DOCKER,
            InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING,
            InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS,
            InterfaceVpcEndpointAwsService.EVENTBRIDGE,
            InterfaceVpcEndpointAwsService.STS,
            InterfaceVpcEndpointAwsService.SSM,
            InterfaceVpcEndpointAwsService.SSM_MESSAGES,
            InterfaceVpcEndpointAwsService.LAMBDA,
            InterfaceVpcEndpointAwsService.EKS,
            InterfaceVpcEndpointAwsService.EC2,
            InterfaceVpcEndpointAwsService.EC2_MESSAGES,
            InterfaceVpcEndpointAwsService.CLOUDFORMATION,
            InterfaceVpcEndpointAwsService.STEP_FUNCTIONS,
            InterfaceVpcEndpointAwsService.STEP_FUNCTIONS_SYNC);

Links

#12171
aws-samples/aws-cdk-examples#989

The text was updated successfully, but these errors were encountered:

pahud · 2024-02-01T17:34:29Z

Big shout out to the eks private cluster example! Unfortunately we are not able to confirm all the details and the list of required endpoint services and we'll need the example contribution like this to help more people in this space.

Do you think we should update the document on aws-eks module? Would be great if we have a link to your example when it's merged.

pahud · 2024-03-14T16:27:32Z

resolving with #29201

github-actions · 2024-03-14T16:27:50Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

madrian added documentation This is a problem with documentation. needs-triage This issue or PR still needs to be triaged. labels Feb 1, 2024

github-actions bot added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Feb 1, 2024

madrian changed the title ~~(aws-eks): (Cluster handler is not well documented on what VPC endpoints in needs to make it work in Isolated Subnets)~~ (aws-eks): (Cluster handler is not well documented on what VPC endpoints it needs to make it work in Isolated Subnets) Feb 1, 2024

pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 1, 2024

github-actions bot mentioned this issue Mar 1, 2024

Monthly issue metrics report #29327

Closed

pahud closed this as completed Mar 14, 2024

pahud added the feature-request A feature should be added or improved. label Mar 14, 2024

pahud mentioned this issue Jun 4, 2024

eks: Auth manifest fails to provision with cluster in isolated subnets #30442

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

(aws-eks): (Cluster handler is not well documented on what VPC endpoints it needs to make it work in Isolated Subnets) #28955

(aws-eks): (Cluster handler is not well documented on what VPC endpoints it needs to make it work in Isolated Subnets) #28955

madrian commented Feb 1, 2024

pahud commented Feb 1, 2024

pahud commented Mar 14, 2024

github-actions bot commented Mar 14, 2024