(enhancement) Add new import variables to control whether instances, subnets, lbs are public (default) or private about terraform-kubernetes-installer HOT 6 CLOSED

If the .ssh/config file could be created yo jump through the NT server it would be awesome, that will simplify as yuo don't have to go to the NAT(Bastion) first and then connect to the server on the private NW.

from terraform-kubernetes-installer.

ISV reported this as a critical need, so would be good to support this scenario.

from terraform-kubernetes-installer.

Is there any ETA for this issue being resolved in near future?
Private instances/subnets/lbr are must-have according to our Threat-Model.

from terraform-kubernetes-installer.

I'm working on this now and hope to have something soon.

The change was a bit involved than just prohibiting public IPs on the instances and load-balancers since instances need access to the internet during the bootstrap phase. But here is our approach:

If the tbd_cluster_visibility input variable is set toprivate (vs. public):

1. The etcd, master, and worker subnets, instances, and load-balancers, will be private - meaning they will not have public IP addresses.
2. We'll provision a NAT instance in the VCN that is on a public subnet and connected to the Internet.
3. While the etcd, master, and worker instances instances are initializing they will access the internet to download software through the NAT instance.

from terraform-kubernetes-installer.

Thanks for the update! I'm glad to try it out once the NAT instance is implemented.

from terraform-kubernetes-installer.

If the .ssh/config file could be created yo jump through the NT server it would be awesome, that will simplify as yuo don't have to go to the NAT(Bastion) first and then connect to the server on the private NW.

Yeah, that was what we were thinking.

from terraform-kubernetes-installer.