Eksctl: ability to manage control plane SG for private cluster
Why do you want this feature?
eksctl create cluster tries to connect to the control plane after it is ready and fails if control plane is private. Control plane SG doesn't allow 443 communication from VPC or any other CIDR by default.
As a workaround we update the SG during cluster creation i.e. allow VPC cidr for 443 port, after this eksctl doesn't complain at the last stage.
What feature/behavior/change do you want?
allow adding rules in "Cluster security group", this will help in below connection:
"eksctl running on a VM within or peered vpc --> eks control plane private endpoint"
infa-ddeore
All 5 comments
I've faced this issue as well, and it took a while for me to figure this out.
We should be allowed to add rules to the cluster/control plane security group
This issue of course only happens when we create a private cluster. If we create the public + private cluster, then this doesn't happen
chiranjib-b
on 8 Dec 2020
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
![github-actions[bot] picture](https://avatars.githubusercontent.com/in/15368?v=4&s=40)
github-actions[bot]
on 18 Jan 2021
Duplicate of https://github.com/weaveworks/eksctl/issues/1805
michaelbeaumont
on 18 Jan 2021
@chiranjib-b @infa-ddeore Am I correct in thinking that #1805 would cover your use case?
michaelbeaumont
on 18 Jan 2021
yes, my use case will be covered in #1805
infa-ddeore
on 18 Jan 2021
Related issues
dewittcx
路
3Comments
bartcant
路
4Comments
danielchalef
路
3Comments
KevinMonk
路
3Comments
whereisaaron
路
4Comments
Most helpful comment
yes, my use case will be covered in #1805