K
Q

How to specify existing node security group in cloud formation template while creating EKS worker nodes

8/19/2019

I want to create EKS worker nodes with an existing node security group in an EKS cluster.

Currently, with the following cloudformation template, the EKS worker node is created with a new security group.

How can I refer to the pre-existing node security group for my worker nodes?

-- Arundathi G Vardhan
amazon-cloudformation
amazon-web-services
eks
kubernetes

Similar Questions

what is the relationship between EXPOSE in the dockerfile and TARGETPORT in the service YAML and actual running port in the Pod?
MinIO AWS CLI via nginx-ingress controller
Can't send log into Graylog kubernetes
My nodes got deleted in EKS, how can I recover
How to install Kubernetes Cluster on Azure Ubuntu Virtual Machine 20.04 LTS

1 Answer

8/19/2019

Arundathi, I'm gonna use the same template to explain it.

The NodeSecurityGroup is being created in this template (#L200). If you want to use an existing security group then you can take it as user input, just like ClusterControlPlaneSecurityGroup(#L136):

  ClusterControlPlaneSecurityGroup:
    Description: The security group of the cluster control plane.
    Type: AWS::EC2::SecurityGroup::Id

And, then refer to that, wherever required (#L226). For example:

  NodeSecurityGroupFromControlPlaneIngress:
    Type: AWS::EC2::SecurityGroupIngress
    DependsOn: NodeSecurityGroup
    Properties:
      Description: Allow worker Kubelets and pods to receive communication from the cluster control plane
      GroupId: !Ref NodeSecurityGroup
      SourceSecurityGroupId: !Ref ClusterControlPlaneSecurityGroup
      IpProtocol: tcp
      FromPort: 1025
      ToPort: 65535

Let me know if you still have any questions.

-- bhalothia
Source: StackOverflow