AWS EKS Master Cluster Security Group

1/30/2019

I'm a bit confused about Security group for EKS Master Cluster on AWS.

As I understand it, there is no egress traffic allowed at all, and as ingress it has to be to 443 as source from Worked-Nodes security group.

If I'am wrong please correct me

Thank you

-- Arsen
amazon-web-services
kubernetes

1 Answer

1/30/2019

AWS already provided the EKS recommended security group settings

For ingress rule, you are right, only 443 required for all worker node's security group.

For egress rule, you have to allow at least 10250 or 1025-65535 with worker node's security group for control plane to access worker node. But I think it should be fine to leave 0-65535 0.0.0.0/0 by default.

-- Tony Lee
Source: StackOverflow