Search code examples
amazon-web-servicescommand-line-interfaceamazon-ekseksctl

Create EKS private cluster using CLI without NAT gateway?


Create 2 managed node group join private EKS cluster

I tried following the link: https://eksctl.io/usage/creating-and-managing-clusters/


Solution

  • Strictly speaking you don't need to, but you will have to use interface endpoints (AWS PrivateLink):

    You can use AWS PrivateLink to create a private connection between your VPC and Amazon Elastic Kubernetes Service. You can access Amazon EKS as if it were in your VPC, without the use of an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC don't need public IP addresses to access Amazon EKS.

    Here, "NAT device" includes NAT gateways.

    You establish this private connection by creating an interface endpoint powered by AWS PrivateLink. We create an endpoint network interface in each subnet that you enable for the interface endpoint. These are requester-managed network interfaces that serve as the entry point for traffic destined for Amazon EKS.

    The whole point of NAT is to facilitate the outbound communication to register nodes with the EKS control plane. For more information see Subnet requirements and considerations.