Deploy EKS Cluster Endpoint.

이민석's avatar
Mar 06, 2024
Deploy EKS Cluster Endpoint.

Introduce

Thank you for clicking through to my arcticle. I've been a DevOps engineer for 2 years in dev-team of 7 engineers.

My name is MINSEOK, LEE, but I use Unchaptered as an alias on the interenet. So, you can call me anythings "MINSEOK, LEE" or "Unchaptered" to ask something.

This article is based on learning content of 1 week, AEWS 2.
 

In the previous lab, Deploy Amazon EKS and NodeGroups using CloudFormation, we implemented EKS Cluster and Endpoint as public-public.

However, this approach exposes you to security risks.

  1. Request from kubectl to kube-apiserver is going through public internet.

  2. Request from kube-proxy to kube-apiserver is going through public internet.

The purpose of this article is gradually change the default public-public to the more secure public-private and private-private methods as 3 type of cluster endpoint case.

We will also validate this by using a network tool(cli), rather than just implementing it.
 

Topic

In this article, I reinforce EKS Cluster Endpoint security from public-public to private-private.

Also, I'll verify that the network flows are actually same by we expected.

  1. EKS Cluster Endpoint as Public-Public

  2. EKS Cluster Endpoint as Public-Private

  3. EKS Cluster Endpoint as Private-Private

Share article

Unchaptered