-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for cluster endpoint access control #86
Comments
This feature would be helpful for enterprise adoption |
Something to consider when implementing this: it would be great if the library accounted for ensuring that the machine that it’s running on has access to the cluster API, probably via an additional extra security group rule or assertion. (See https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) |
Espose these options through to the aws.eks.Cluster. Fixes #86.
Espose these options through to the aws.eks.Cluster. Fixes #86.
This is a great point. If public=false,private=true then the
(2) would require some slightly non-trivial manual configuration - but should otherwise be reliable. (1) is "automatic" but doesn't feel reliable - for one its subtly defeating security best-practices by default. But then also if deployments happen from different IPs (even different IPs within a single CI system), there will be unexpected churn in the deployment. I think I'll solve for (2) for now, and we could explore (1) or some variant of it as an ease-of-use addon in the future if really needed (though I suspect that ease-of-use will not be aligned with private-only endpoint access :-)). Thoughts? |
I agree that option 2 is the best path forward. I've added some comments in #154 (comment). |
Espose these options through to the aws.eks.Cluster. Fixes #86.
I know the feature is recent, but I would like to set the cluster endpoint access control as shown here: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
I may be wrong, but I don't see the option currently
The text was updated successfully, but these errors were encountered: