My kubernetes cluster is in an AWS VPC that does not have Internet access. The suggested replacement for the AWS service side of this is to use VPC Endpoints for things like EC2. I can not find any support in cloud-provider-aws for this. Is there some way to accomplish this in the configuration of the cloud provider?
It works fine with the aws ec2 describe-instances --endpoint-url=$MYENDPOINT
.
I found this bug that led to finding an undocumented feature which I'll try to document a bit.
If you edit /etc/origin/cloudprovide/aws.conf
(or your equivalent) to include something like this and you have your AWS credentials or a role setup on the instance you should be good or at least further down the road. The global section is probably already there if your setup is similar to mine.
[Global]
Zone = us-west-1a
[ServiceOverride "ec2"]
Service = ec2
Region = us-west-1
URL = https://vpce-xxxxx-xxxxx.ec2.us-west-1.vpce.amazonaws.com
SigningRegion = us-west-1