3

I'm usin terraform to set up an EKS cluster i need to make sure that my worker nodes will be placed on private subnets and that my public subnets will be used for my load balancers but i don't actually know how to inject public and private subnets in my cluster because i'm only using private ones.

resource "aws_eks_cluster" "master_node" { name = "my-cluster" role_arn = aws_iam_role.master_iam_role.arn version = "1.14" vpc_config { security_group_ids = [aws_security_group.master_security_group.id] subnet_ids = var.private_subnet_eks_ids } depends_on = [ aws_iam_role_policy_attachment.main-cluster-AmazonEKSClusterPolicy, aws_iam_role_policy_attachment.main-cluster-AmazonEKSServicePolicy, ] } resource "aws_autoscaling_group" "eks_autoscaling_group" { desired_capacity = var.desired_capacity launch_configuration = aws_launch_configuration.eks_launch_config.id max_size = var.max_size min_size = var.min_size name = "my-autoscaling-group" vpc_zone_identifier = var.private_subnet_eks_ids depends_on = [ aws_efs_mount_target.efs_mount_target ] }
Improve this question
2
  • By load balancers do you mean ALB/NLB ingress? Or do you mean some other form of ingress? Commented Aug 20, 2020 at 13:41
  • i mean when i create a service in this cluster i want to be able to change its type to public loadbalancer Commented Aug 20, 2020 at 14:07

2 Answers 2

Reset to default
2

I make use to create both public and private subnets on the VPC using the vpc module. Then I create the EKS cluster using the eks module and refere to the vpc-data.

Example

module "vpc" { source = "terraform-aws-modules/vpc/aws" name = "my-vpc" cidr = "10.0.0.0/16" azs = ["eu-north-1a", "eu-north-1b", "eu-north-1c"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] enable_nat_gateway = true enable_vpn_gateway = true }

And then EKS cluster where I refer to the VPC subnets using module.vpc.private_subnets and module.vpc.vpc_id:

module "eks-cluster" { source = "terraform-aws-modules/eks/aws" cluster_name = "my-eks-cluster" cluster_version = "1.17" subnets = module.vpc.private_subnets vpc_id = module.vpc.vpc_id worker_groups = [ { instance_type = "t3.small" asg_max_size = 2 } ] }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Give only private subnets to your eks cluster but, before that, make sure you've tagged the public subnets so:

Key: kubernetes.io/role/elb value: 1

as described here: https://aws.amazon.com/premiumsupport/knowledge-center/eks-vpc-subnet-discovery/

EKS will discover the public subnets where to place the load balancer querying by tags.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.