1. Answers
  2. Enabling Private API Server Access Within Amazon EKS

Enabling Private API Server Access Within Amazon EKS

Introduction

In this guide, we will walk through the steps to enable private API server access within an Amazon EKS cluster using Pulumi. This setup ensures that the API server endpoint is accessible only from within your VPC, enhancing the security of your Kubernetes cluster.

Step-by-Step Explanation

Step 1: Create an Amazon EKS Cluster

First, we need to create an Amazon EKS cluster. Ensure that you have the necessary IAM roles and policies set up for EKS.

Step 2: Configure VPC and Subnets

Set up a VPC with private subnets where the EKS cluster will be deployed. Ensure that the subnets have the necessary route tables and security groups.

Step 3: Enable Private Access

When creating the EKS cluster, set the endpointPrivateAccess parameter to true and endpointPublicAccess to false to enable private API server access.

Step 4: Deploy the Cluster

Deploy the EKS cluster with the specified configurations.

Summary

By following these steps, you can successfully enable private API server access within your Amazon EKS cluster, ensuring that the API server is only accessible from within your VPC. This setup enhances the security of your Kubernetes cluster.

Full Code Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";

// Create a VPC
const vpc = new aws.ec2.Vpc("eks-vpc", {
    cidrBlock: "10.0.0.0/16",
    enableDnsHostnames: true,
    enableDnsSupport: true,
});

// Create subnets
const subnet1 = new aws.ec2.Subnet("subnet1", {
    vpcId: vpc.id,
    cidrBlock: "10.0.1.0/24",
    availabilityZone: "us-west-2a",
});

const subnet2 = new aws.ec2.Subnet("subnet2", {
    vpcId: vpc.id,
    cidrBlock: "10.0.2.0/24",
    availabilityZone: "us-west-2b",
});

// Create route table
const routeTable = new aws.ec2.RouteTable("routeTable", {
    vpcId: vpc.id,
});

// Associate route table with subnets
new aws.ec2.RouteTableAssociation("rta1", {
    subnetId: subnet1.id,
    routeTableId: routeTable.id,
});

new aws.ec2.RouteTableAssociation("rta2", {
    subnetId: subnet2.id,
    routeTableId: routeTable.id,
});

// Create EKS cluster
const cluster = new eks.Cluster("eks-cluster", {
    vpcId: vpc.id,
    subnetIds: [subnet1.id, subnet2.id],
    instanceType: "t3.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
    endpointPrivateAccess: true,
    endpointPublicAccess: false,
});

export const vpcId = vpc.id;
export const subnetIds = [subnet1.id, subnet2.id];
export const eksClusterName = cluster.eksCluster.name;

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up