VPC‑Only Access for Kubernetes Clusters

We’ve added support for VPC‑only access to Kubernetes control planes. When enabled, the cluster’s public API endpoint is disabled and the Kubernetes API is reachable only from within your Virtual Private Cloud. This helps teams meet stricter security and compliance requirements without sacrificing operational access.

VPC-only access is valuable for DevOps teams because it boosts security by removing the internet-facing API endpoint, which reduces the attack surface. It also makes network rules and identity limits clearer by using your VPC as the boundary.

What this means in practice:

• Public endpoint disabled for the control plane
• API access restricted to resources inside the same VPC
• Combine with Security Groups for firewalling and additional security layer, matching defense in depth strategies

How to access your cluster with VPC‑only enabled:

• VPN connection from your workstation into the VPC
• Bastion/jump host inside the VPC
• VPC peering from a trusted VPC

Note: The Kubernetes Dashboard in the console is currently unavailable for clusters with VPC‑only access enabled and will return in a future update.

Learn more, including configuration details and troubleshooting steps, in our docs: VPC‑Only Access.