Authorize Inbound Traffic for Your EKS Cluster from Your Management Environment¶
This section will walk you through allowing your management environment to reach your EKS cluster.
Overview
What You’ll Need¶
- A configured management environment.
- An existing EKS cluster.
- The public IP address of your management environment.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsRestore the required context from previous sections:
root@rok-tools:~/ops/deployments# source <(cat deploy/env.eks-cluster)root@rok-tools:~/ops/deployments# export EKS_CLUSTER EKS_CLUSTER_VERSION \ > EKS_CLUSTER_SUBNETS EKS_TRUSTED_CIDRS EKS_CLUSTER_PUBLICSpecify the public IP address of your management environment:
root@rok-tools:~/ops/deployments# PUBLIC_IP="<PUBLIC_IP>"Replace
<PUBLIC_IP>
with public IP address of your management environment, for example:root@rok-tools:~/ops/deployments# PUBLIC_IP="198.51.100.1/32"Add the public IP address of your management environment to the trusted CIDRs of your EKS cluster:
root@rok-tools:~/ops/deployments# [[ ${EKS_TRUSTED_CIDRS?} != *"${PUBLIC_IP?}"* ]] \ > && EKS_TRUSTED_CIDRS+=" ${PUBLIC_IP?}"Update the trusted CIDRs of your EKS cluster:
root@rok-tools:~/ops/deployments# eksctl utils set-public-access-cidrs \ > --approve \ > --cluster="${EKS_CLUSTER?}" \ > "${EKS_TRUSTED_CIDRS// /,}" [i] using region us-east-1 [i] current public access CIDRs: [198.51.100.2/32] [i] will update Public Endpoint Restrictions for cluster "arrikto-cluster" in "us-east-1" to: [198.51.100.2/32 198.51.100.1/32] [✔] Public Endpoint Restrictions for cluster "arrikto-cluster" in "us-east-1" have been updated to: [198.51.100.2/32 198.51.100.1/32]Save your state:
root@rok-tools:~/ops/deployments# j2 deploy/env.eks-cluster.j2 \ > -o deploy/env.eks-clusterCommit your changes:
root@rok-tools:~/ops/deployments# git commit \ > -am "Reconfigure trusted CIDRs for EKS cluster"
Verify¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsRestore the required context from previous sections:
root@rok-tools:~/ops/deployments# source <(cat deploy/env.eks-cluster)Get the trusted CIDRs of your EKS cluster:
root@rok-tools:~/ops/deployments# PUBLIC_ACCESS_CIDRS=$(aws eks describe-cluster \ > --name "${EKS_CLUSTER?}" \ > --output text \ > --query cluster.resourcesVpcConfig.publicAccessCidrs \ > | xargs)Ensure you have successfully updated the trusted CIDRs of your EKS cluster:
root@rok-tools:~/ops/deployments# [[ ${PUBLIC_ACCESS_CIDRS?} == "${EKS_TRUSTED_CIDRS?}" ]] \ > && echo OK \ > || echo FAIL OK
Summary¶
You have successfully allowed your management environment to reach your EKS cluster.
What’s Next¶
You can check out the rest of the maintenance operations that you can perform on your cluster.