Document how to use the module when public access to the cluster endpoint is disabled (the default)

[shimpeko]

When using the cluster module, terraform apply fails even when all "required" variables are set. Because terraform fails to access the health check URL of the control plane API.

To let terraform access the health check URL:

• The public endpoint needs to be enabled when running terraform in the local environment or in the different VPC from the EKS cluster
• At least a security group needs to be passed when running terraform in the same VPC with the EKS cluster,

I agree that it is safer to disable public endpoint but I also think a terraform module should be able to be applied when all "required" parameters are set. When it is not applicable with only "required" parameters, some documentation might needed.

[errm]

yes I think we should add some documentation around this.

Basically something that mentions:

• you will need a sg + sg rule to allow access to the apiserver
• if running terraform on a workstation (or anywhere else outside your VPC) you will need to do something to route requests to the apiserver e.g. sshuttle

[errm]

I am not sure this is possible without leaking to many internal cookpad specific stuff ...