Security Groups with EKS pods

Architecture:

Requirements:

Steps

  1. Enable pod networking environment variable:
kubectl set env daemonset -n kube-system aws-node ENABLE_POD_ENI=true
kubectl set env daemonset -n kube-system aws-node  -c "aws-vpc-cni-init" DISABLE_TCP_EARLY_DEMUX=true
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.9/config/v1.9/aws-k8s-cni.yaml
cluster_name=<cluster Name>
eksctl utils associate-iam-oidc-provider — cluster=$cluster_name
set VPCID (aws eks describe-cluster --name $cluster_name  --query "cluster.resourcesVpcConfig.vpcId"  --output text)
echo $VPCID
set RDSSG (aws ec2 create-security-group --group-name RDSDbAccessSG  --description "Security group to apply to apps that need access to RDS" --vpc-id $VPCID --query "GroupId"  --output text )aws ec2 describe-security-groups --filters "Name=vpc-id,Values=vpc-096b8b9f0cb3f605a" --query "SecurityGroups[].[GroupId,GroupName]"
kubectl apply -f service-account.yaml
kubectl apply -f security-group.yaml
apiVersion: v1
kind: Pod
metadata:
name: postgres-test
spec:
serviceAccountName: rds-db-access
containers:
- name: postgres-test
image: <>.dkr.ecr.eu-west-1.amazonaws.com/postgres-test-demo:new

Error:

Reference:

--

--

--

Working as Cloud Architect & Software enthusiastic

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to chose which coding language to learn first

Android Application Development Learning Resources

How to plot fis in MatLab?

Week in Review : Making My Own Way

Umbraco vs. Kentico

Umbraco vs Kentico

No-Agile hurts less than Bad Agile

Morpheus Labs | A Member of SG Tech

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
NIRAV SHAH

NIRAV SHAH

Working as Cloud Architect & Software enthusiastic

More from Medium

Ansible Role to Configure Kubernetes Multi Node Cluster over AWS Cloud

Bursting MongoDB to a Remote Kubernetes Clusters in Minutes — Part 3

Architecture Example

Secure network communication of EKS Fargate pods via AWS Security Group

No BS guide to Enforcing Mandatory Tags for EC2 and EKS