-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for endpoint access control and custom cluster securitygroup #154
Conversation
ca9a389
to
d30c5e5
Compare
Per https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html#modify-endpoint-access, when Also per the defaults here of |
It's actually even worse than that - we won't even be able to successfully deploy resources into the Kubernetes cluster from the machine running |
It passes through the underlying defaults - we'll pass undefined (not present) which will trigger the underlying default value. Right? |
Ya you're correct - I initially skipped over the |
From #86 (comment):
It'd be really great to see new examples added to the |
Yeah - I'll add a test before merging this. It's more involved that I initially expected unfortunately - it'll require setting up VPN endpoints inside the AWS VPC and creating a VPN connection from the test machine (or Travis). That's going to add non-trivial complexity to the test environment. |
Espose these options through to the aws.eks.Cluster. Fixes #86.
Users can now provide their own security group to apply to the cluster endpoint.
c4f771a
to
a096236
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. We'll want to rebase this PR off master once #162 get's merged.
@metral After spending some time thinking about this - it's actually going to be exceedingly hard to test private-only endpoint access - as it will require VPN'ing the test machine into the VPC - or running the Given that this is mostly just passing flags through to EKS, I'm inclined to merge this to unblock all the usage scenarios here (including private+public) - and to open a follow-up issue to add test coverage (and examples) of private-only endpoint access. Thoughts? |
That SGTM @lukehoban. I feel like the follow-up issue for test coverage & examples applies to not only |
Expose these options through to the
aws.eks.Cluster
.Fixes #86.