Clarify EKS Control Plane Subnet Selection

[blakeromano]

Describe the problem The EKS Networking communication talks about best practices for Public/Private subnets however the documentation doesn't make the clarification this is really referring to the way to schedule workers not what Subnets are passed to EKS for the control plane.

The documentation should make it clear this is relating to the worker nodes not the control plane which is specified by the Subnets for the EKS Cluster and ideally should link to new documentation regarding cluster control plane subnet best practices.

References https://github.com/aws/aws-eks-best-practices/blob/master/content/networking/subnets/index.md#you-can-configure-vpc-and-subnets-in-three-different-ways

[jicowan]

There is a paragraph above the section you reference that says the following:

The nodes connect to the EKS control plane through (a) an EKS public endpoint or (b) a Cross-Account [elastic network interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) (X-ENI) managed by EKS. When a cluster is created, you need to specify at least two VPC subnets. EKS places a X-ENI in each subnet specified during cluster create (also called cluster subnets). The Kubernetes API server uses these Cross-Account ENIs to communicate with nodes deployed on the customer-managed cluster VPC subnets.

Is this not clear enough?

[blakeromano]

I think the wording of best practices for public/private subnets are the part that makes it unclear which it is referring to. If there was some sort of note or reference or something saying that Section is relating to worker nodes or something along those lines