EKS cluster example that imports and modifies the default EKS cluster security group.
-
Clone the repo:
git clone https://github.com/metral/modify-default-eks-sg cd modify-default-eks-sg -
Install the dependencies.
npm install
-
Create a new Pulumi stack e.g.
dev.pulumi stack init dev
-
Set the Pulumi configuration variables for the project.
Note: Select any valid Kubernetes regions for the providers.
pulumi config set aws:region us-west-2
Create the cluster and import the default cluster security group created automatically by EKS.
pulumi upWith the cluster created and the default security group imported in the initial update, modify the security group properties and run another update.
An example to remove the ingress and egress rules from the default security
group is in step1.ts.
Use the example to remove the rules.
mv index.ts index.ts.bak
cp step1.ts index.ts
pulumi upBoth sets of rules should now be removed from the default security group.
Note: Not all security group properties are patchable, some require a replace.
Since EKS creates this security group and attaches ENIs to it for the control plane, an attempt to replace or delete the security group will be held up by the ENIs to be deleted first. For easier cluster management and teardown, it's best to only update patchable properties of this security group, instead of deleting the security group resource.
Once the update is complete, you can use the cluster.
pulumi stack output kubeconfig > kubeconfig.json
export KUBECONFIG=`pwd`/kubeconfig.jsonExample: query the cluster's nodes and pods.
kubectl get nodes -o wide --show-labels
kubectl get pods --all-namespaces -o wide --show-labelsRun the following command to tear down the resources that are part of our stack.
-
Run
pulumi destroyto tear down all resources. You'll be prompted to make sure you really want to delete these resources.pulumi destroy
-
To delete the stack, run the following command.
pulumi stack rm
Note: This command deletes all deployment history from the Pulumi Console and cannot be undone.