1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Have you tried using the k8s service accounts(user roles with RBAC) with appropriate access to the other in-cluster service. Additionally you could associate them with IAM roles in case you need access to AWS services outside cluster using what is known as IAM Roles for Service Accounts(IRSA)
回答済み 2年前
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 2年前
Thanks for your reply Madhav. Yes, we actually tried RBAC. But I don't think it worked. Our scenario is we have serviceA called
service-a
and serviceB calledservice-b
. Both expose port 8080. We only want a Pod to be able tocurl service-a:8080
but notcurl service-b:8080
. Correct me if I'm wrong.. I think RBAC can only restrict the Kubernetes API access but it cannot restrict HTTP calls to services?You can use security groups with the Container Network Interface (CNI): https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html