Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing documentation on how you should configure security groups? #11

Closed
mumoshu opened this issue Dec 5, 2017 · 1 comment
Closed

Missing documentation on how you should configure security groups? #11

mumoshu opened this issue Dec 5, 2017 · 1 comment

Comments

@mumoshu
Copy link

mumoshu commented Dec 5, 2017

If I understand it correctly, in order to allow Pod-to-Pod communication over IP addresses associated to secondary ENIs attached to master and worker nodes, you should configure security groups so that:

  • One of your worker SGs associated to worker nodes allow ingress traffic on any port/protocol from other master and worker SGs
  • Similarly, one of your master SGs associated to master nodes allow ingress traffic on any port/protocol from other master and worker SGs

Otherwise pods are unable to communicate with each other, right?

If so, could we add some note on README?
@mumoshu mumoshu changed the title Missing documentation on how you should configure the SGs associated? Missing documentation on how you should configure security groups? Dec 5, 2017
@mogren
Copy link
Contributor

mogren commented Mar 14, 2019

Documented for EKS.

@mogren mogren closed this as completed Mar 14, 2019
cgchinmay added a commit to cgchinmay/amazon-vpc-cni-k8s that referenced this issue Dec 9, 2021
@cgchinmay
# This is a combination of 11 commits.
d6a1cee 
# This is the 1st commit message:

Add VlanId in the cmdAdd Result struct
This VlanId will appear in the prevResult during cmdDel request

Test prevResult contents

CleanUp Pod Network using vlanId from prevResult in CNI itself
No need to call ipamd

Log formatting changes

Added hostNetworking Setup test for pods using security groups

revoke unnecessary test agent image changes

Revoke unnecessary changes

remove focussed test
set replica count to total number of branch interface

Fix replica count

# This is the commit message aws#2:

Updated cleanUpPodENI method

# This is the commit message aws#3:

Skip processing Delete request if prevResult is nil
Add Logging vlanId to ipamd

# This is the commit message aws#4:

Add support to test with containerd nodegroup in pod-eni test

# This is the commit message aws#5:

Add check for empty Netns() in cni

# This is the commit message aws#6:

Manifests and Readme updates (aws#1732)

* Manifests and Readme updates

* update manifest.jsonnet
# This is the commit message aws#7:

Readme updates (aws#1735)


# This is the commit message aws#8:

Updates to troubleshooting doc (aws#1737)

* Updates to troubleshooting doc

* updates to troubleshooting doc
# This is the commit message aws#9:

imdsv2 changes (aws#1743)


# This is the commit message aws#10:

fix flaky canary test (aws#1742)


# This is the commit message aws#11:

add CODEOWNERS (aws#1747)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mumoshu @mogren