AWS-CDK EKS Cluster can not be created in a VPC without at least 1 private subnet

1
votes

I am trying to spawn EKS Cluster using AWS CDK. The problem is the following: when I define a VPC for the EKS Cluster, which does not contain private subnets, cdk synth throws the error below.

Vpc definition and usage:

cluster = eks.Cluster(self, "airflow-eks",
            endpoint_access=eks.EndpointAccess.PUBLIC,
            vpc=ec2.Vpc(self, "airflow-eks-vpc", cidr="172.16.0.0/22", max_azs=2,
                subnet_configuration=[
                    ec2.SubnetConfiguration(
                        name="subnet-1",
                        cidr_mask=27,
                        subnet_type=ec2.SubnetType.PUBLIC
                    ),
                    ec2.SubnetConfiguration(
                        name="subnet-2",
                        cidr_mask=27,
                        subnet_type=ec2.SubnetType.PUBLIC
                    )
                ]
            ),

The error is:

jsii.errors.JSIIError: There are no 'Private' subnet groups in this VPC. Available types: Public

When I add extra private subnet to the cluster definition, like

ec2.SubnetConfiguration(
                        name="subnet-3",
                        cidr_mask=27,
                        subnet_type=ec2.SubnetType.PRIVATE
                    )

cdk synth works well.

I would like to know if it is possible to spawn a EKS Cluster without creating private subnets, as I do not need them at all, and there are extra costs for using private subnets. In Terraform it can be done for sure, what about AWS CDK?

2
amazon-web-servicesaws-cdkamazon-eks

2 Answers

2
votes

Not sure about that the following is a root cause, however it helped. So eks.Cluster init method contains a param - vpcSubnets, which is optional, and by default includes all public and private (!) subnets. Thus when this parameter is defined explicitly, i.e.

const cluster = new eks.Cluster(stack,'my-ts-eks',
    {
        vpc: eks_vpc,
        vpcSubnets:[
            {
                subnetType: ec2.SubnetType.PUBLIC,
                onePerAz: true
            }
        ],
        defaultCapacity: 0,
        version: eks.KubernetesVersion.V1_17,
    });

EKS Cluster can be created without private subnets.

P.S. The example above is in TypeScript not Python

P.P.S In Python it will look like:

cluster = eks.Cluster(self, "airflow-eks",
           ...
            vpc_subnets = eks_vpc.select_subnets(subnet_type=ec2.SubnetType.PUBLIC, one_per_az=True).subnets,
          ...
        )
0
votes

Can you try it by adding assignPublicIp: true, to the FargateServiceProps. You can refer github ticket #7062 for more detail.

In Java the implementation is as below

ApplicationLoadBalancedFargateService.Builder.create(this, "FargateServiceName").cluster(cluster)
            .assignPublicIp(true)
            .cpu(512) // Default is 256
            .
            .
            .
            .build();