Amazon EKS now supports assigning EC2 security groups to Kubernetes pods

Amazon EKS now supports assigning EC2 security groups to Kubernetes pods

  • September 22, 2020
Table of Contents

Amazon EKS now supports assigning EC2 security groups to Kubernetes pods

Amazon Elastic Kubernetes Service (EKS) customers can now leverage EC2 security groups to secure applications with varying network security requirements on shared cluster compute resources. Previously, all pods on a node shared the same security groups. While IAM roles for service accounts solves the pod level security challenge at the authentication layer, many organization’s compliance requirements also mandate network segmentation as an additional defense in depth step.

Kubernetes network policies provide an option for controlling network traffic within the cluster, but do not support controlling access to AWS resources outside the cluster. Now, network security rules that span pod to pod and pod to external AWS service traffic can be defined in a single place with EC2 security groups, and applied to individual pods and applications with Kubernetes native APIs. This makes it easy to achieve network security compliance in clusters that are shared across multiple teams and applications.

Source: amazon.com

Tags :
Share :
comments powered by Disqus

Related Posts

What’s new in Kubernetes 1.16?

What’s new in Kubernetes 1.16?

What’s new in Kubernetes 1.16: Ephemeral containers for easy pod debugging, support for dual-stack network, new options for the scheduler and much more. These are the features that look more exciting to us for this release (ymmv): Ephemeral containers are a great way to debug running pods, as you can’t add regular containers to a pod after creation (you should use sysdig tools like kubectl capture or kubectl trace for that though!), but you can run ephemeral containers. Right now the steps to run an ephemeral container aren’t straightforward.

Read More
Ingress for Anthos—Multi-cluster Ingress and Global Service Load Balancing

Ingress for Anthos—Multi-cluster Ingress and Global Service Load Balancing

Ingress for Anthos is a Google cloud-hosted multi-cluster ingress controller for Anthos GKE clusters. Ingress for Anthos supports deploying shared load balancing resources across clusters and across regions enabling users to use a same load balancer with an anycast IP for applications running in a multi-cluster and multi-region topology. In simpler terms this allows users to place multiple GKE clusters located in different regions under one LoadBalancer.

Read More
Introducing PodTopologySpread

Introducing PodTopologySpread

Managing Pods distribution across a cluster is hard. The well-known Kubernetes features for Pod affinity and anti-affinity, allow some control of Pod placement in different topologies. However, these features only resolve part of Pods distribution use cases: either place unlimited Pods to a single topology, or disallow two Pods to co-locate in the same topology.

Read More