Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[aws-eks] cluster to support private endpoint access #7972

Closed
1 of 2 tasks
pahud opened this issue May 14, 2020 · 5 comments
Closed
1 of 2 tasks

[aws-eks] cluster to support private endpoint access #7972

pahud opened this issue May 14, 2020 · 5 comments
Assignees
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service feature-request A feature should be added or improved.

Comments

@pahud
Copy link
Contributor

pahud commented May 14, 2020

Add endpointPrivateAccess support for EKS cluster creation.

It's currently not possible to create an Amazon EKS cluster with private-only endpoint with AWS CDK and this gap stops some users and customers from using aws-eks construct lib to create their EKS cluster.

Use Case

To secure the cluster endpoint in private network when creating the cluster with AWS CDK.

Proposed Solution

To expose an additional property for Cluster resource.

Will make sure the kubectl provider in Lambda with vpc support can connect to the eks private endpoint. aws-samples/aws-lambda-layer-kubectl#32

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

@pahud pahud added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels May 14, 2020
@SomayaB SomayaB added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label May 18, 2020
@eladb
Copy link
Contributor

eladb commented May 18, 2020

Yeah the tricky part will be the lambda custom resources inside the vpc. That one will be fun!

@pahud
Copy link
Contributor Author

pahud commented May 20, 2020

Hi @eladb

Looks like the ClusterResourceProvider will be in a nested stack and we can't just pass the props.Vpc as IVpc from parent stack to nested stack. Is there any sample or pattern for this scenario? I need to pass the Vpc to the custom resource provider so it can create the Lambda function with this Vpc.

export class ClusterResourceProvider extends NestedStack {

thanks

@eladb
Copy link
Contributor

eladb commented May 20, 2020

You should technically be able to just reference the vpc object in the custom resource and the framework should rely all the information from the parent stack through paramaters.

@eladb
Copy link
Contributor

eladb commented May 20, 2020

Let's continue the discussion over #5220...

@eladb eladb closed this as completed May 20, 2020
@iliapolo iliapolo changed the title eks cluster to support private endpoint access [aws-eks] cluster to support private endpoint access Aug 16, 2020
@iliapolo iliapolo removed the needs-triage This issue or PR still needs to be triaged. label Aug 16, 2020
@iliapolo
Copy link
Contributor

Resolved by #9095

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service feature-request A feature should be added or improved.
Projects
None yet
Development

No branches or pull requests

4 participants