Security Groups with EKS pods

Architecture:

Requirements:

Steps

kubectl set env daemonset -n kube-system aws-node ENABLE_POD_ENI=true
kubectl set env daemonset -n kube-system aws-node  -c "aws-vpc-cni-init" DISABLE_TCP_EARLY_DEMUX=true
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.9/config/v1.9/aws-k8s-cni.yaml
cluster_name=<cluster Name>
eksctl utils associate-iam-oidc-provider — cluster=$cluster_name
set VPCID (aws eks describe-cluster --name $cluster_name  --query "cluster.resourcesVpcConfig.vpcId"  --output text)
echo $VPCID
set RDSSG (aws ec2 create-security-group --group-name RDSDbAccessSG  --description "Security group to apply to apps that need access to RDS" --vpc-id $VPCID --query "GroupId"  --output text )aws ec2 describe-security-groups --filters "Name=vpc-id,Values=vpc-096b8b9f0cb3f605a" --query "SecurityGroups[].[GroupId,GroupName]"
kubectl apply -f service-account.yaml
kubectl apply -f security-group.yaml
apiVersion: v1
kind: Pod
metadata:
name: postgres-test
spec:
serviceAccountName: rds-db-access
containers:
- name: postgres-test
image: <>.dkr.ecr.eu-west-1.amazonaws.com/postgres-test-demo:new

Error:

Reference:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store