add more configuration to enable private clusters on AWS (#1841)

Co-authored-by: eskild <[email protected]>
nebari-dev · Jun 27, 2023 · 596083a · 596083a
1 parent f4179dc
commit 596083a
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 0 deletions.
diff --git a/src/_nebari/template/stages/02-infrastructure/aws/main.tf b/src/_nebari/template/stages/02-infrastructure/aws/main.tf
@@ -90,4 +90,6 @@ module "kubernetes" {
 
   node_groups = var.node_groups
 
+  endpoint_private_access = var.eks_endpoint_private_access
+  public_access_cidrs     = var.eks_public_access_cidrs
 }
diff --git a/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/main.tf b/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/main.tf
@@ -6,6 +6,9 @@ resource "aws_eks_cluster" "main" {
   vpc_config {
     security_group_ids = var.cluster_security_groups
     subnet_ids         = var.cluster_subnets
+
+    endpoint_private_access = var.endpoint_private_access
+    public_access_cidrs     = var.public_access_cidrs
   }
 
   depends_on = [

diff --git a/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/variables.tf b/src/_nebari/template/stages/02-infrastructure/aws/modules/kubernetes/variables.tf
@@ -59,3 +59,13 @@ variable "node_group_instance_type" {
   type        = string
   default     = "m5.large"
 }
+
+variable "endpoint_private_access" {
+  type    = bool
+  default = false
+}
+
+variable "public_access_cidrs" {
+  type    = list(string)
+  default = ["0.0.0.0/0"]
+}
diff --git a/src/_nebari/template/stages/02-infrastructure/aws/variables.tf b/src/_nebari/template/stages/02-infrastructure/aws/variables.tf
@@ -60,3 +60,13 @@ variable "kubeconfig_filename" {
   type        = string
   default     = null
 }
+
+variable "eks_endpoint_private_access" {
+  type    = bool
+  default = false
+}
+
+variable "eks_public_access_cidrs" {
+  type    = list(string)
+  default = ["0.0.0.0/0"]
+}