-
Notifications
You must be signed in to change notification settings - Fork 466
AWS VPC NAT Gateway? #212
Comments
Personally I think this would be a nice feature to offer, but I don't think it should be required. |
@phemmer From a production point of view nobody wants their CoreOS instances all facing the Internet directly. Put them in a private subnet is the best way, we either follow the old way to deploy the gateway instance ourself, which is tedious, or use the new capabilities of the platform, and both will incur costs for sure. |
Hence my:
|
@phemmer Unless I'm missing something there is absolutely no reason for master/kubelet instances to be accessible from the internet except - (a) Ease of SSH access, (b) Ease of access to the k8s api I agree with @xied75 Instances launched into private subnets should be the default not a nice feature for production deployments. Now that #439 has been merged into master, I'd be interested in contributing to this piece. |
@harsha-y this issue isn't about the node being accessible from the internet. This issue is about being able to put nodes in a private subnet. Slightly related, but still separate. You can have nodes inaccessible from the internet without a nat gateway. |
I would be happy to see this option enabled in kube-aws too, but meanwhile I worked on manual configuration, please see http://eugene.taranov.me/2016/06/12/kubernetes-aws/ detailed instructions |
It would be awesome to have this implemented |
Putting them in a private subnet is the right way. |
The kube-aws tool has been moved to its own top-level directory @ https://github.com/coreos/kube-aws If this issue still needs to be addressed, please re-open the issue under the new repository. |
Dear all,
Got marketing email from aws about the VPC NAT Gateway, so can we put nodes into private subnet now?
The text was updated successfully, but these errors were encountered: