Register EKS cluster in private endpoint

Owned by Mykhailo Teliatnikov
Last updated: Apr 10, 2023
1 min read

In terraform eks module there is a parameter that allow us to use private endpoint 

cluster_endpoint_private_access = true

But base on aws documentation https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html for successful register this created cluster we need to make query only in private layer:

  • All traffic to your cluster API server must come from within your cluster's VPC or a connected network.

  • There is no public access to your API server from the internet. Any kubectl commands must come from within the VPC or a connected network. For connectivity options, see Accessing a private only API server.

But usually, we register our cluster in rancher though public network 

For rancher2_cluster (didn't test) there is a map eks_config_v2 where base on documentation https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster#nested-blocks there are parameter that influence on layer that we should use to register our cluster.

 

But when you will modify these parameters be carefully because here was said https://ranchermanager.docs.rancher.com/v2.5/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters#configuring-an-imported-eks-cluster-with-terraform:

Warning: Even a small difference between the current EKS cluster and a user-provided config could have unexpected results.