AWS EKS cluster - need to create it with both private and public subnets

11/6/2019

got one beginners question. Currently, I am trying to setup some basic Kubernetes schema in AWS such as Deployment -> Service -> Ingress -> Network Load Balancer.

Worker nodes and Ingress should run in private subnets while LoadBalancer should be public. The problem is that right now, we have only Private subnets in our EKS Cluster, like this.

EksCluster:
        Type: AWS::EKS::Cluster
        Properties:
            Name: !Ref AWS::StackName
            ResourcesVpcConfig:
                SecurityGroupIds:
                  - !Ref VpcPrivateSecurityGroup
                SubnetIds:
                  - !Ref VpcPrivateSubnetA
                  - !Ref VpcPrivateSubnetB
                  - !Ref VpcPrivateSubnetC
            RoleArn: !GetAtt EksRole.Arn
            Version: "1.14"

So the LoadBalancer is not created because of "could not find any suitable subnets for creating the ELB" error - there are no public subnets available.

The question is - how can I configure this cluster to use both Private and Public subnets? And how can be there subnets configured so they would use correct security groups (because, obviously, private subnets shouldnt use "VpcPrivateSecurityGroup"). Is there a way to mix it? And if not, how can I setup this public NLB / private workers scenario?

Thanks a million

-- Jozef
amazon-eks
amazon-vpc
amazon-web-services
kubernetes
nlb

1 Answer

11/6/2019

You need to have both private and public subnets while creating the EKS cluster. Recommended network architecture is used private subnets for your worker nodes, and public subnets for Kubernetes to create public load balancers within.

Please refer to the below AWS link

https://docs.aws.amazon.com/eks/latest/userguide/create-public-private-vpc.html

-- dassum
Source: StackOverflow