What's diff Amazon EKS Cluster Endpoint 3 kind of Types?

Kubernetes Fundamental
이민석's avatar
Mar 06, 2024
What's diff Amazon EKS Cluster Endpoint 3 kind of Types?

Introduction

Thank you for clicking through to my arcticle. I've been a DevOps engineer for 2 years in dev-team of 7 engineers.

My name is MINSEOK, LEE, but I use Unchaptered as an alias on the interenet. So, you can call me anythings "MINSEOK, LEE" or "Unchaptered" to ask something.

[Notice]
This post is more of a translation of a blog post by "악분".

Topic

The kubernetes has 3 kind of Cluster Endpoint.

  1. public

  2. public and private

  3. private

https://malwareanalysis.tistory.com/708

Cluster End Point

EKS access type means kube-api access type.
In aws console, you can see cluster endpoint access.

You can set up it in creating eks or can change it in running eks.

Props of EKS VPC

In What's the Amazon EKS?, Amazon EKS is devided into control plane and data plane. As same aspect, Amazon EKS has control plane VPC and data plane VPC.

https://malwareanalysis.tistory.com/708

For configuration kubernetes cluster, each VPC can communication with each vpc. So, when you create Amazon EKS, AWS craete endpoint connected between control plane VPC and data plane VPC.

This endpoint isn't visible in AWS Console.

What's the cluster endpoint access?

The "cluster endpoint access" is same meaning of kube-apiserver access type.
Therefore, in aws consele, the cluster endpoint access is labeled as api server endpoint.

Basic Access Flow

The kubernetes's basic access flow seems like:

In these access workflows, you can specify two type of access.

  1. Send a command from client(engineer) to some endpoint (kube-apiserver or cross-acount eni)

  2. Send a response from kube-proxy into cross-account eni

1. Public EKS

The Public EKS means some eks cluster is connected with public internet network. So all communication is passding through it.

2. Public-Private EKS

The Public/Private EKS means:

  1. The communication between client(engineer) and kube-apiserver is passing through public internet network.

  2. The others is passing through private internet network.

3. Private EKS

The Private EKS means:

  1. All communications is passing through private internet network.
    So no way to direct connect into any reasources in Control/Data Palne.
    If you wanna direct connect with any resources, you'ld craete Bastion Host or other alternative.

References

Share article

Unchaptered