You can bind specified security group to the ENI created in VPC-CNI mode through the following methods:
--enable-security-groups
.kubectl edit deploy tke-eni-ipamd -n kube-system
.spec.template.spec.containers[0].args
.- --enable-security-groups
# If you want to use the security groups from the primary ENI/instance by default, you do not add the security-Groups parameter.
- --security-groups=sg-xxxxxxxx,sg-xxxxxxxx
--security-groups
is not set, or its value is empty, the security group of each node will use the security group bound to the node instance.--security-groups
is set, the security group of each node is set to the security group set specified by --security-groups
.spec.securityGroups
domain contains node security group information. kubectl get nec <nodeName> -oyaml
Run the following command to modify the node security group, and it takes effect immediately. kubectl edit nec <nodeName>
Was this page helpful?