You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This one is commonly required in the financial industry. User may provide proxy server but with strict outbound filtering (e.g. block Github access, which means all the addons need to be hosted within private repos internally).
This requires us to use AWS service VPC endpoint as much as we can and only use proxy when the AWS services that do not support VPC Endpoint (such as EKS service API).
@starchx can you specify where specifically private VPC endpoints are needed? Is it Velero for S3 access? Something else?
Private cluster support with private repos is supported. I can add an example pattern with the proxy server for GitHub access for example.
The use case is when the customer only allows outbound access via an internal managed proxy server, or no outbound internet access at all. That means the cluster creator lambda and kubectl lambda (from cdk-eks module) will need to be placed inside the customer's VPC.
EKS VPC endpoint support is on the roadmap (aws/containers-roadmap#298), so outbound internet is still required via proxy.
This one is commonly required in the financial industry. User may provide proxy server but with strict outbound filtering (e.g. block Github access, which means all the addons need to be hosted within private repos internally).
This requires us to use AWS service VPC endpoint as much as we can and only use proxy when the AWS services that do not support VPC Endpoint (such as EKS service API).
Related to this issue: #49
The text was updated successfully, but these errors were encountered: