1 Answer
- Newest
- Most votes
- Most comments
0
Have you tried using the k8s service accounts(user roles with RBAC) with appropriate access to the other in-cluster service. Additionally you could associate them with IAM roles in case you need access to AWS services outside cluster using what is known as IAM Roles for Service Accounts(IRSA)
answered 2 years ago
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 3 months ago
Thanks for your reply Madhav. Yes, we actually tried RBAC. But I don't think it worked. Our scenario is we have serviceA called
service-a
and serviceB calledservice-b
. Both expose port 8080. We only want a Pod to be able tocurl service-a:8080
but notcurl service-b:8080
. Correct me if I'm wrong.. I think RBAC can only restrict the Kubernetes API access but it cannot restrict HTTP calls to services?You can use security groups with the Container Network Interface (CNI): https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html