eksctl icon indicating copy to clipboard operation
eksctl copied to clipboard
verified publisher icon eksctl-io

Where and how to mention api-server-endpoint and certificate-authority flags

Open uchiha-pain opened this issue 3 years ago • 3 comments

Hi, I am following the guide for Private cluster requirements to deploy private cluster. In the third requirement it says something like

For Linux and Windows nodes, you must include bootstrap arguments when launching self-managed nodes. This text bypasses the Amazon EKS introspection and doesn't require access to the Amazon EKS API from within the VPC. Replace api-server-endpoint and certificate-authority with the values from your Amazon EKS cluster.

I am not able to figure where and how to mention these flags in eksctl create cluster command or yaml file from past 2 weeks.

Please help me as I am really struggling with this. Thanks

uchiha-pain avatar Sep 02 '22 12:09 uchiha-pain

Hello uchiha-pain :wave: Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-3 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website

github-actions[bot] avatar Sep 02 '22 12:09 github-actions[bot]

@uchiha-pain, you do not need to provide those options, eksctl takes care of that when using the fully-private clusters feature. Head over to the documentation to find more details.

cPu1 avatar Sep 02 '22 12:09 cPu1

Thank you @cPu1 for the very quick response. I got your point in the above comment. I have created the fully private cluster using the guide mentioned by you. I have a VPC called HSCN, it is fully private, no internet access. There are 2 public and 2 private subnets in this HSCN VPC. I want to create a cluster in the private subnet of this HSCN VPC. This HSCN vpc is peered with another VPC and it has the access to the internet. The thing is I am able to create the cluster but my node instances are failing to join the cluster. I can confirm that eksctl is creating the endpoints but still seems like I am not able to make it work. Also, in the documentation it is mentioned that

Post cluster creation, not all eksctl commands will be supported, especially commands that need access to the Kubernetes API server. Creating managed nodegroups will continue to work, however, creating self-managed nodegroups will not work as it needs access to the API server. Even if the command is run from within the cluster's VPC, a peered VPC or using some other means like AWS Direct Connect, some commands may fail because they'll need private access to the EKS API (DescribeCluster), and the AWS EKS service does not offer an interface endpoint. If your setup can reach the EKS API server endpoint via its private address, and has outbound internet access (for EKS:DescribeCluster), all eksctl commands should work.

I am not able to run kubectl command to get cluster. Could you please guide me a how to configure my current setup to create fully functional cluster? Thanks

uchiha-pain avatar Sep 02 '22 14:09 uchiha-pain

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Oct 03 '22 02:10 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

github-actions[bot] avatar Oct 08 '22 02:10 github-actions[bot]