Authorize Inbound Traffic for Your EKS Cluster from Your Management Environment

This section will walk you through allowing your management environment to reach your EKS cluster.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Restore the required context from previous sections:

    root@rok-tools:~/ops/deployments# source <(cat deploy/env.eks-cluster)
    root@rok-tools:~/ops/deployments# export EKS_CLUSTER EKS_CLUSTER_VERSION \ > EKS_CLUSTER_SUBNETS EKS_TRUSTED_CIDRS EKS_CLUSTER_PUBLIC
  3. Specify the public IP address of your management environment:

    root@rok-tools:~/ops/deployments# PUBLIC_IP="<PUBLIC_IP>"

    Replace <PUBLIC_IP> with public IP address of your management environment, for example:

    root@rok-tools:~/ops/deployments# PUBLIC_IP="198.51.100.1/32"
  4. Add the public IP address of your management environment to the trusted CIDRs of your EKS cluster:

    root@rok-tools:~/ops/deployments# [[ ${EKS_TRUSTED_CIDRS?} != *"${PUBLIC_IP?}"* ]] \ > && EKS_TRUSTED_CIDRS+=" ${PUBLIC_IP?}"
  5. Update the trusted CIDRs of your EKS cluster:

    root@rok-tools:~/ops/deployments# eksctl utils set-public-access-cidrs \ > --approve \ > --cluster="${EKS_CLUSTER?}" \ > "${EKS_TRUSTED_CIDRS// /,}" [i] using region us-east-1 [i] current public access CIDRs: [198.51.100.2/32] [i] will update Public Endpoint Restrictions for cluster "arrikto-cluster" in "us-east-1" to: [198.51.100.2/32 198.51.100.1/32] [✔] Public Endpoint Restrictions for cluster "arrikto-cluster" in "us-east-1" have been updated to: [198.51.100.2/32 198.51.100.1/32]
  6. Save your state:

    root@rok-tools:~/ops/deployments# j2 deploy/env.eks-cluster.j2 \ > -o deploy/env.eks-cluster
  7. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit \ > -am "Reconfigure trusted CIDRs for EKS cluster"

Verify

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Restore the required context from previous sections:

    root@rok-tools:~/ops/deployments# source <(cat deploy/env.eks-cluster)
  3. Get the trusted CIDRs of your EKS cluster:

    root@rok-tools:~/ops/deployments# PUBLIC_ACCESS_CIDRS=$(aws eks describe-cluster \ > --name "${EKS_CLUSTER?}" \ > --output text \ > --query cluster.resourcesVpcConfig.publicAccessCidrs \ > | xargs)
  4. Ensure you have successfully updated the trusted CIDRs of your EKS cluster:

    root@rok-tools:~/ops/deployments# [[ ${PUBLIC_ACCESS_CIDRS?} == "${EKS_TRUSTED_CIDRS?}" ]] \ > && echo OK \ > || echo FAIL OK

Summary

You have successfully allowed your management environment to reach your EKS cluster.

What’s Next

You can check out the rest of the maintenance operations that you can perform on your cluster.