K
Q

AWS EKS Master Cluster Security Group

1/30/2019

I'm a bit confused about Security group for EKS Master Cluster on AWS.

As I understand it, there is no egress traffic allowed at all, and as ingress it has to be to 443 as source from Worked-Nodes security group.

If I'am wrong please correct me

Thank you

-- Arsen
amazon-web-services
kubernetes

Similar Questions

Cannot Connect to MongoDB Pod via Flask app Pod
How to get annotation from namespace in side car injector
environment variables in Docker images in Kubernetes Cluster
OpenShift - List serviceaccounts with privileged scc
What is the interval of kube-controller-manager control loop?
Unable to setup remote cluster(Install istio with external control plane)

1 Answer

1/30/2019

AWS already provided the EKS recommended security group settings

For ingress rule, you are right, only 443 required for all worker node's security group.

For egress rule, you have to allow at least 10250 or 1025-65535 with worker node's security group for control plane to access worker node. But I think it should be fine to leave 0-65535 0.0.0.0/0 by default.

-- Tony Lee
Source: StackOverflow