terraform-aws-modules/eks/aws中的cluster_primary_security_group_id和cluster_security_group_id有什么区别?
What's the difference between cluster_primary_security_group_id and cluster_security_group_id in terraform-aws-modules/eks/aws?
根据 terraform-aws-modules/eks/aws 的文档,它说有两个名为 cluster_primary_security_group_id 和 cluster_security_group_id 的输出。
cluster_primary_security_group_id
Description: The cluster primary security group ID created by the EKS cluster on 1.14 or
later. Referred to as 'Cluster security group' in the EKS console.
cluster_security_group_id
Description: Security group ID attached to the EKS cluster. On 1.14 or later, this is the
'Additional security groups' in the EKS console.
创建集群后,我确实看到了两个不同的安全组,这两个安全组有什么区别?
文档的 Link:https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest?tab=outputs
EKS 使用 two security groups:
与k8s 1.14一起使用的集群安全组
A cluster security group is designed to allow all traffic from the control plane and managed node groups to flow freely between each other. By assigning the cluster security group to the elastic network interfaces created by Amazon EKS that allow the control plane to communicate with the managed node group instances, you don't need to configure complex security group rules to allow this communication. Any instance or network interface that is assigned this security group can freely communicate with other resources with this security group.
k8s 的控制平面安全组早于 1.14
For Amazon EKS clusters created earlier than Kubernetes version 1.14 and platform version eks.3, control plane to node communication was configured by manually creating a control plane security group and specifying that security group when you created the cluster. At cluster creation, this security group was then attached to the network interfaces created by Amazon EKS that allow communication between the control plane and the nodes.
根据 terraform-aws-modules/eks/aws 的文档,它说有两个名为 cluster_primary_security_group_id 和 cluster_security_group_id 的输出。
cluster_primary_security_group_id
Description: The cluster primary security group ID created by the EKS cluster on 1.14 or
later. Referred to as 'Cluster security group' in the EKS console.
cluster_security_group_id
Description: Security group ID attached to the EKS cluster. On 1.14 or later, this is the
'Additional security groups' in the EKS console.
创建集群后,我确实看到了两个不同的安全组,这两个安全组有什么区别?
文档的Link:https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest?tab=outputs
EKS 使用 two security groups:
与k8s 1.14一起使用的集群安全组
A cluster security group is designed to allow all traffic from the control plane and managed node groups to flow freely between each other. By assigning the cluster security group to the elastic network interfaces created by Amazon EKS that allow the control plane to communicate with the managed node group instances, you don't need to configure complex security group rules to allow this communication. Any instance or network interface that is assigned this security group can freely communicate with other resources with this security group.
k8s 的控制平面安全组早于 1.14
For Amazon EKS clusters created earlier than Kubernetes version 1.14 and platform version eks.3, control plane to node communication was configured by manually creating a control plane security group and specifying that security group when you created the cluster. At cluster creation, this security group was then attached to the network interfaces created by Amazon EKS that allow communication between the control plane and the nodes.