You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please note, this inquiry is aimed at seeking clarification and understanding rather than reporting an issue.
Hello EKS Anywhere Team,
I'm currently utilizing EKS Anywhere to manage Kubernetes clusters in an on-premise environment, specifically with VMware vSphere as the underlying infrastructure.
My query revolves around the use of the vsphere-cloud-controller-manager (CCM) within the worker clusters managed by EKS Anywhere. Given the architecture of EKS-A, with a clear distinction between management and worker clusters, and considering the management cluster handles the lifecycle operations of worker clusters (including VM creation and management), I'm exploring the possibility of minimizing the footprint and permissions required in worker clusters. Specifically, I'm interested in understanding if deploying the CCM in worker clusters is mandatory for EKS-A operations, or if it's optional.
One of my primary motivations is to avoid storing vSphere credentials within each worker cluster to reduce the security surface area. This leads me to the following questions:
Is it possible to exclude the CCM from deployment in worker clusters when using EKS Anywhere with VMware vSphere, and if so, how?
If the CCM is optional, are there specific functionalities or features within the worker clusters that would be impacted or limited by its absence?
I aim to streamline the operation and security posture of my clusters while ensuring that we can still fully utilize the capabilities of EKS Anywhere in a vSphere environment. Any guidance, insights, or documentation you could provide on this matter would be greatly appreciated.
Thank you for your time and assistance.
Best regards,
Jan
The text was updated successfully, but these errors were encountered:
Please note, this inquiry is aimed at seeking clarification and understanding rather than reporting an issue.
Hello EKS Anywhere Team,
I'm currently utilizing EKS Anywhere to manage Kubernetes clusters in an on-premise environment, specifically with VMware vSphere as the underlying infrastructure.
My query revolves around the use of the vsphere-cloud-controller-manager (CCM) within the worker clusters managed by EKS Anywhere. Given the architecture of EKS-A, with a clear distinction between management and worker clusters, and considering the management cluster handles the lifecycle operations of worker clusters (including VM creation and management), I'm exploring the possibility of minimizing the footprint and permissions required in worker clusters. Specifically, I'm interested in understanding if deploying the CCM in worker clusters is mandatory for EKS-A operations, or if it's optional.
One of my primary motivations is to avoid storing vSphere credentials within each worker cluster to reduce the security surface area. This leads me to the following questions:
I aim to streamline the operation and security posture of my clusters while ensuring that we can still fully utilize the capabilities of EKS Anywhere in a vSphere environment. Any guidance, insights, or documentation you could provide on this matter would be greatly appreciated.
Thank you for your time and assistance.
Best regards,
Jan
The text was updated successfully, but these errors were encountered: