github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-01-18 01:27:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: Update FAQ for security group tagging (#2695)

Browse Source 
* Add aws_eks_addons.before_compute to the cluster_addons output

* update FAQ docs for custom networking

* Rephrasing

---------

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
This commit is contained in:
Cody Grant
2023-08-03 19:16:57 -04:00
committed by GitHub
parent de14031c97
commit d4e6c153ad
1 changed files with 3 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docs/faq.md
View File

@@ -24,27 +24,7 @@ By default, EKS creates a cluster primary security group that is created outside
attach_cluster_primary_security_group = true # default is false
```
2. If you want to use the cluster primary security group, you can disable the tag passed to the node security group by overriding the tag expected value like:
```hcl
attach_cluster_primary_security_group = true # default is false
node_security_group_tags = {
"kubernetes.io/cluster/<CLUSTER_NAME>" = null # or any other value other than "owned"
}
```
3. By overriding the tag expected value on the cluster primary security group like:
```hcl
attach_cluster_primary_security_group = true # default is false
cluster_tags = {
"kubernetes.io/cluster/<CLUSTER_NAME>" = null # or any other value other than "owned"
}
```
4. By not attaching the cluster primary security group. The cluster primary security group has quite broad access and the module has instead provided a security group with the minimum amount of access to launch an empty EKS cluster successfully and users are encouraged to open up access when necessary to support their workload.
2. By not attaching the cluster primary security group. The cluster primary security group has quite broad access and the module has instead provided a security group with the minimum amount of access to launch an empty EKS cluster successfully and users are encouraged to open up access when necessary to support their workload.
```hcl
attach_cluster_primary_security_group = false # this is the default for the module
@@ -52,6 +32,8 @@ By default, EKS creates a cluster primary security group that is created outside
In theory, if you are attaching the cluster primary security group, you shouldn't need to use the shared node security group created by the module. However, this is left up to users to decide for their requirements and use case.
If you choose to use [Custom Networking](https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html), make sure to only attach the security groups matching your choice above in your ENIConfig resources. This will ensure you avoid redundant tags.
### Why are nodes not being registered?
Nodes not being able to register with the EKS control plane is generally due to networking mis-configurations.