Merge pull request #29 from jonjozwiak/master

Clarifying deploying worker nodes in private subnets
awsdocs · Jun 14, 2019 · 9e1f9bb · 9e1f9bb
2 parents 06ecde9 + 091236c
commit 9e1f9bb
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/doc_source/create-cluster.md b/doc_source/create-cluster.md
@@ -117,7 +117,7 @@ If your IAM user doesn't have administrative privileges, you must explicitly add
 Amazon EKS will deprecate Kubernetes version 1\.10 on July 22, 2019\. On this day, you will no longer be able to create new 1\.10 clusters and all Amazon EKS clusters running Kubernetes version 1\.10 will be updated to the latest available platform version of Kubernetes version 1\.11\. For more information, see [Amazon EKS Version Deprecation](kubernetes-versions.md#version-deprecation)\.
    + **Role name** – Choose the Amazon EKS service role to allow Amazon EKS and the Kubernetes control plane to manage AWS resources on your behalf\. For more information, see [Amazon EKS Service IAM Role](service_IAM_role.md)\.
    + **VPC** – The VPC to use for your cluster\.
-   + **Subnets** – The subnets within the preceding VPC to use for your cluster\. By default, the available subnets in the VPC are preselected\. Your subnets must meet the requirements for an Amazon EKS cluster\. For more information, see [Cluster VPC Considerations](network_reqs.md)\.
+   + **Subnets** – The subnets within the above VPC to use for your cluster\. By default, the available subnets in the above VPC are preselected\. Specify all subnets that will host resources for your cluster \(such as private subnets for worker nodes and public subnets for load balancers\)\. Your subnets must meet the requirements for an Amazon EKS cluster\. For more information, see [Cluster VPC Considerations](network_reqs.md)\.
    + **Security Groups** – Specify one or more \(up to a limit of five\) security groups within the preceding VPC to apply to the cross\-account elastic network interfaces for your cluster\. Your cluster and worker node security groups must meet the requirements for an Amazon EKS cluster\. For more information, see [Cluster Security Group Considerations](sec-group-reqs.md)\.
 **Important**  
 The worker node AWS CloudFormation template modifies the security group that you specify here, so **Amazon EKS strongly recommends that you use a dedicated security group for each cluster control plane \(one per cluster\)**\. If this security group is shared with other resources, you might block or disrupt connections to those resources\.
@@ -215,5 +215,3 @@ You might receive an error that one of the Availability Zones in your request do
 1. Now that you have created your cluster, follow the procedures in [Installing `aws-iam-authenticator`](install-aws-iam-authenticator.md) and [Create a `kubeconfig` for Amazon EKS](create-kubeconfig.md) to enable communication with your new cluster\.
 
 1. After you enable communication, follow the procedures in [Launching Amazon EKS Worker Nodes](launch-workers.md) to add worker nodes to your cluster to support your workloads\.
-
-------
diff --git a/doc_source/getting-started.md b/doc_source/getting-started.md
@@ -3,4 +3,4 @@
 There are two getting started guides available for creating a new Kubernetes cluster with worker nodes in Amazon EKS:
 + [Getting Started with `eksctl`](getting-started-eksctl.md): This getting started guide helps you to install all of the required resources to get started with Amazon EKS using `eksctl`, a simple command line utility for creating and managing Kubernetes clusters on Amazon EKS\. At the end of this tutorial, you will have a running Amazon EKS cluster with worker nodes, and the `kubectl` command line utility will be configured to use your new cluster\. This is the fastest and simplest way to get started with Amazon EKS\.  
 ![\[eksctl create cluster\]](http://docs.aws.amazon.com/eks/latest/userguide/images/eksctl-create-cluster.gif)
-+ [Getting Started with the AWS Management Console](getting-started-console.md): This getting started guide helps you to create all of the required resources to get started with Amazon EKS in the AWS Management Console\. In this guide, you manually create each resource in the Amazon EKS or AWS CloudFormation consoles, and the workflow described here gives you complete visibility into how each resource is created and how they interact with each other; however, this is a more complicated and time consuming way to get started with Amazon EKS\.
++ [Getting Started with the AWS Management Console](getting-started-console.md): This getting started guide helps you to create all of the required resources to get started with Amazon EKS in the AWS Management Console\. In this guide, you manually create each resource in the Amazon EKS or AWS CloudFormation consoles, and the workflow described here gives you complete visibility into how each resource is created and how they interact with each other; however, this is a more complicated and time consuming way to get started with Amazon EKS\.
diff --git a/doc_source/launch-workers.md b/doc_source/launch-workers.md
@@ -90,7 +90,11 @@ These procedures have the following prerequisites:
    ```
    https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/amazon-eks-nodegroup.yaml
    ```
-
+   **Note**
+   If deploying workers into private subnets, you should save a copy of this template locally and modify the `AssociatePublicIpAddress` parameter in the NodeLaunchConfig to be false\.
+   ```
+      AssociatePublicIpAddress: 'false'
+   ```
 1. On the **Specify Details** page, fill out the following parameters accordingly, and choose **Next**:
    + **Stack name** – Choose a stack name for your AWS CloudFormation stack\. For example, you can call it ***<cluster\-name>*\-worker\-nodes**\.
    + **ClusterName** – Enter the name that you used when you created your Amazon EKS cluster\.
@@ -132,7 +136,7 @@ The Amazon EKS worker node AMI is based on Amazon Linux 2\. You can track securi
 If you do not provide a keypair here, the AWS CloudFormation stack creation fails\.
    + **BootstrapArguments** – Specify any optional arguments to pass to the worker node bootstrap script, such as extra kubelet arguments\. For more information, view the bootstrap script usage information at [https://github\.com/awslabs/amazon\-eks\-ami/blob/master/files/bootstrap\.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) 
    + **VpcId** – Enter the ID for the VPC that your worker nodes should launch into\.
-   + **Subnets** – Choose the subnets within the above VPC that your worker nodes should launch into\.
+   + **Subnets** – Choose the subnets within the above VPC that your worker nodes should launch into\. If launching worker nodes in private subnets, do not include public subnets here\.
 
 1. On the **Options** page, you can choose to tag your stack resources\. Choose **Next**\.
 
@@ -193,5 +197,3 @@ If your cluster is running a different Kubernetes version than 1\.12, be sure to
    ```
    kubectl apply -f https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/v1.12/nvidia-device-plugin.yml
    ```
-
-------