Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Option to disable NAT gateway #694
Why do you want this feature?
Creating the NAT gateway is an unneeded cost when nodes are going to be in public nodegroups anyway.
What feature/behavior/change do you want?
I dont know if its best to disable private subnets and the gateway with the same flag, probably makes it a much more complicated feature request, but is an option.
I'm thinking just '--no-nat-gateway' for create cluster.
Seems that gateway provisioning is of limited usefulness anyway, #392
@mcfedr yes, something of that sort, but let's consider making this a config file option to begin with, as it's relatively advanced.
Perhaps something like
vpc: natGateway: mode: <none|single|ha>
We might want to provide more options here in the future, such as using pre-allocated IPs or flexible per-zone config, so seems plausible to add a sub-section.
@cdenneen I suppose it could be, at least in theory, as one should be able to deploy private nodegroup without access to the internet... however until recently EKS control plane was only reachable via the internet, and that's not been fixed. One other thing to look into is ECR, as all of the default add-on images are in ECR.
Maybe the simple option then is '--no-private-subnets' - I guess for me, this was an unexpected cost, and one i dont need, and i wanted a simple way to disable it - in my mind the private subnets are a more advanced option - if it was me i'd default to not having private subnets, but seems that would be a bigger change as it changes the existing behaviour
or maybe --num-private-subnets and it defaults to 3, with a nat gateway in each (for HA) and then i can set it to 0
We have to have all subnets in place, because one should be able to create private nodegroups at any time, and initially EKS didn't let you add subnets (this may have changed rectantly, or it's about to change). Quick question - do you use only flags, not the config file?…
On Wed, 3 Apr 2019, 10:14 am Fred Cox, ***@***.***> wrote: Maybe the simple option then is '--no-private-subnets' - I guess for me, this was an unexpected cost, and one i dont need, and i wanted a simple way to disable it - in my mind the private subnets are a more advanced option - if it was me i'd default to not having private subnets, but seems that would be a bigger change as it changes the existing behaviour — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#694 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAPWS1Jjeuy53yNmKL8X2T3teHkwAGTuks5vdHEKgaJpZM4cYA4N> .