Restrict public access to Kubernetes API Server on EC2 kubernetes clusters #5260
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
needs-priority
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
/kind feature
Describe the solution you'd like
There should be a way to restrict public access to the Kubernetes API server on EC2 kubernetes clusters to specific Whitelisted IP's while using NLB's.
Currently the auto-generated security group attached to the control plane load balancer always allows public access. This is a security risk for sensitive clusters.
Anything else you would like to add:
The internet suggests using the SecurityGroupOverrides feature to replace the default security group with your own security group thats more private but this does not work well outside a Bring Your Own AWS Infrastructure scenario.
Environment:
kubectl version
): v1.32.0/etc/os-release
): Ubuntu 24.04The text was updated successfully, but these errors were encountered: