So you’ve followed best practices and configured your container to use a user other than root for its requirements. Nice job. The security experts are convinced this will keep your container, pod, and cluster all more secure. However, sometime in the near future, a completely unforeseen and impossible issue pops
Category: kubernetes
Once you have a working ingress in place, you may want to restrict access to it by IP. Fortunately, K8s makes this pretty easy with a simple annotation. Edit the ingress Near the top should be the annotations metadata.annotations Add the following annotation and update it with the desired IPs
Create IAM Role (Service Account) and attach the policy Run the following command– Update <clustername> with the correct cluster name– Update <role-name> with the role name (example: app-ebs-csi-role)– Update or remove the <awscli-profile> depending on your configuration Install CSI Driver Add the AWS CSI Driver Repo Update Repos Install
After you’ve installed the AWS CSI Driver into your cluster, you must create a storage class to use the driver. Create a file called ebs-sc.yaml and paste in the following contents. Apply with the following