I have an existing VPC on AWS. In it there are 2 subnets per each availability zone (one private, one public).
Each public subnet has a NAT gateway in it to allow internet access from the private subnet in that availability zone.
All of my servers are in the private subnets, and there's a bastion server in a public subnet to allow access into the private subnets.
There's also a private hosted zone that's configured on the VPC to allow dns hostname resolving.
I want to setup a kubernetes cluster in that VPC, using KOPS but I want all elements of the cluster to reside in the private subnets. I will access the API using a tunnel from the bastion server (I have a Zero Trust/BeyondCorp logic so this is not an issue).
I can't seem to understand how should I create the cluster using KOPS so it'll be created on the existing private subnets, using the existing private hosted zone (or on a subdomain of the existing private hosted zone), without creating a new VPC, subnets, nat gateways, bastion server, etc...
I've read about the public/private topologies, high availability, using a private hosted zone, and using an existing VPC - but I can't seem to glue it it all into a single kops create command.
This is what I got so far, but I'm not sure it's correct and I'm afraid to damage the existing VPC:
export KOPS_STATE_STORE=s3://<somes3bucket>
export CLUSTER_NAME="A_NAME.my.private.hosted.zone.name" ?
export SUBNET_IDS=LIST_OF_IDS_OF_PRIVATE_SUBNETS?_OR_ALL_SUBNETS_IN_VPC?
kops create cluster \
--vpc vpc-12345678 \
--zones us-east-1a,us-east-1b,us-east-1c,us-east-1d,us-east-1e \
--name ${CLUSTER_NAME} \
--subnets ${SUBNET_IDS} \
--master-zones us-east-1a,us-east-1b,us-east-1c,us-east-1d,us-east-1e \
--topology private \
--dns private \
--dns-zone my.private.hosted.zone.name \
--networking calico