EKS - Create EKS Node Group in Private Subnets¶
Step-01: Introduction¶
- We are going to create a node group in VPC Private Subnets
- We are going to deploy workloads on the private node group wherein workloads will be running private subnets and load balancer gets created in public subnet and accessible via internet.
Step-02: Delete existing Public Node Group in EKS Cluster¶
# Get NodeGroups in a EKS Cluster
eksctl get nodegroup --cluster=<Cluster-Name>
eksctl get nodegroup --cluster=eksdemo1
# Delete Node Group - Replace nodegroup name and cluster name
eksctl delete nodegroup <NodeGroup-Name> --cluster <Cluster-Name>
eksctl delete nodegroup eksdemo1-ng-public1 --cluster eksdemo1
Step-03: Create EKS Node Group in Private Subnets¶
- Create Private Node Group in a Cluster
- Key option for the command is
--node-private-networking
eksctl create nodegroup --cluster=eksdemo1 \
--region=us-east-1 \
--name=eksdemo1-ng-private1 \
--node-type=t3.medium \
--nodes-min=2 \
--nodes-max=4 \
--node-volume-size=20 \
--ssh-access \
--ssh-public-key=kube-demo \
--managed \
--asg-access \
--external-dns-access \
--full-ecr-access \
--appmesh-access \
--alb-ingress-access \
--node-private-networking
AWS EKS - Elastic Kubernetes Service - Masterclass¶
Step-04: Verify if Node Group created in Private Subnets¶
Verify External IP Address for Worker Nodes¶
- External IP Address should be none if our Worker Nodes created in Private Subnets
Subnet Route Table Verification - Outbound Traffic goes via NAT Gateway¶
- Verify the node group subnet routes to ensure it created in private subnets
- Go to Services -> EKS -> eksdemo -> eksdemo1-ng1-private
- Click on Associated subnet in Details tab
- Click on Route Table Tab.
- We should see that internet route via NAT Gateway (0.0.0.0/0 -> nat-xxxxxxxx)
🎉 New Course
Ultimate DevOps Real-World Project Implementation on AWS
$15.99
$84.99
81% OFF
APRIL2026
Enroll Now on Udemy
🎉 Offer