You can bind specified security group to the ENI created in VPC-CNI mode through the following methods:
kubectl edit deploy tke-eni-ipamd -n kube-system.
- --enable-security-groups # If you want to use the security groups from the primary ENI/instance by default, you do not add the security-Groups parameter. - --security-groups=sg-xxxxxxxx,sg-xxxxxxxx
--security-groupsis not set, or its value is empty, the security group of each node will use the security group bound to the node instance.
--security-groupsis set, the security group of each node is set to the security group set specified by
spec.securityGroupsdomain contains node security group information.
Run the following command to modify the node security group, and it takes effect immediately.
kubectl get nec <nodeName> -oyaml
kubectl edit nec <nodeName>