Update private-clusters.adoc

geoffcline · web-flow · commit 128fe007429e · 2025-02-04T18:21:55.000-06:00
Add callout for Route53 External DNS and PrivateLink
diff --git a/latest/ug/clusters/private-clusters.adoc b/latest/ug/clusters/private-clusters.adoc
@@ -95,6 +95,7 @@ We recommend that you link:vpc/latest/privatelink/interface-endpoints.html#enabl
 
 * Any self-managed nodes must be deployed to subnets that have the VPC interface endpoints that you require. If you create a managed node group, the VPC interface endpoint security group must allow the CIDR for the subnets, or you must add the created node security group to the VPC interface endpoint security group.
 * If your [.noloc]`Pods` use Amazon EFS volumes, then before deploying the  <<efs-csi,Store an elastic file system with Amazon EFS>>, the driver's https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/deploy/kubernetes/overlays/stable/kustomization.yaml[kustomization.yaml] file must be changed to set the container images to use the same {aws} Region as the Amazon EKS cluster.
+* Route53 does not support AWS PrivateLink. You cannot manage Route53 DNS records from a private EKS cluster. This impacts Kubernetes https://github.com/kubernetes-sigs/external-dns[external-dns]. 
 * You can use the <<aws-load-balancer-controller,{aws} Load Balancer Controller>> to deploy {aws} Application Load Balancers (ALB) and Network Load Balancers to your private cluster. When deploying it, you should use https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/deploy/configurations/#controller-command-line-flags[command line flags] to set `enable-shield`, `enable-waf`, and `enable-wafv2` to false. https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/cert_discovery/#discover-via-ingress-rule-host[Certificate discovery] with hostnames from Ingress objects isn't supported. This is because the controller needs to reach {aws} Certificate Manager, which doesn't have a VPC interface endpoint.
 +
 The controller supports network load balancers with IP targets, which are required for use with Fargate. For more information, see <<alb-ingress>> and <<network-load-balancer>>.

Original file line number	Diff line number	Diff line change
`@@ -95,6 +95,7 @@ We recommend that you link:vpc/latest/privatelink/interface-endpoints.html#enabl`
`95`	`95`
`96`	`96`	`* Any self-managed nodes must be deployed to subnets that have the VPC interface endpoints that you require. If you create a managed node group, the VPC interface endpoint security group must allow the CIDR for the subnets, or you must add the created node security group to the VPC interface endpoint security group.`
`97`	`97`	* If your [.noloc]`Pods` use Amazon EFS volumes, then before deploying the <<efs-csi,Store an elastic file system with Amazon EFS>>, the driver's https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/deploy/kubernetes/overlays/stable/kustomization.yaml[kustomization.yaml] file must be changed to set the container images to use the same {aws} Region as the Amazon EKS cluster.
	`98`	`+* Route53 does not support AWS PrivateLink. You cannot manage Route53 DNS records from a private EKS cluster. This impacts Kubernetes https://github.com/kubernetes-sigs/external-dns[external-dns].`
`98`	`99`	* You can use the <<aws-load-balancer-controller,{aws} Load Balancer Controller>> to deploy {aws} Application Load Balancers (ALB) and Network Load Balancers to your private cluster. When deploying it, you should use https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/deploy/configurations/#controller-command-line-flags[command line flags] to set `enable-shield`, `enable-waf`, and `enable-wafv2` to false. https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/cert_discovery/#discover-via-ingress-rule-host[Certificate discovery] with hostnames from Ingress objects isn't supported. This is because the controller needs to reach {aws} Certificate Manager, which doesn't have a VPC interface endpoint.
`99`	`100`	`+`
`100`	`101`	`The controller supports network load balancers with IP targets, which are required for use with Fargate. For more information, see <<alb-ingress>> and <<network-load-balancer>>.`