[英]How is eks cluster accessible when deployed in a private subnet?
When deploying an EKS cluster, the best practice is to deploy the managed control plane in private su.nets.部署 EKS 集群时,最佳做法是在私有 su.net 中部署托管控制平面。 In terms of accessibility, the defalt option is
public
cluster, meaning that I can access it locally with kubectl
tool and updated kubeconfig.在可访问性方面,默认选项是
public
集群,这意味着我可以使用kubectl
工具和更新的 kubeconfig 在本地访问它。
How am I able to access the cluster if it is deployed in private su.nets with no inbound traffic?如果集群部署在没有入站流量的私有 su.net 中,我如何能够访问该集群? As per the documentation , AWS creates a managed endpoint that can access the cluster from within the AWS.network.
根据文档,AWS 创建了一个托管端点,可以从 AWS.network 中访问集群。
What is the architecture behind it, how does it internally work?它背后的架构是什么,它在内部是如何工作的? Is there some kind of a proxy (agent) being deployed (found
aws-node
)?是否部署了某种代理(代理)(找到
aws-node
)?
The type of EKS.networking you're setting up is configured to restrict access to the API server with a private endpoint that's only accessible from within the VPC.您正在设置的 EKS.networking 类型配置为限制对 API 服务器的访问,该服务器具有只能从 VPC 内部访问的专用端点。 So any Kube.netes API requests (kubectl commands) have to originate from within the VPC (public or private su.nets).
因此,任何 Kube.netes API 请求(kubectl 命令)都必须来自 VPC(公共或私有 su.net)。 If you are doing this as a personal project, then you can do the following:
如果您将此作为个人项目进行,则可以执行以下操作:
aws eks --region <region> update-kubeconfig --name <name-of-your-cluster>
to update your kubeconfig and then proceed to run kubectl commands.aws eks --region <region> update-kubeconfig --name <name-of-your-cluster>
更新您的 kubeconfig,然后继续运行 kubectl 命令。 Sidenote: If this is for an enterprise project, you can also look into using AWS VPN or DirectConnect to access the VPC.旁注:如果这是针对企业项目,您还可以考虑使用 AWS VPN 或 DirectConnect 访问 VPC。
Other helpful resources:其他有用的资源:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.