Managing multiple EKS clusters access using Private EKS API Endpoint with OpenVPN
Well, it really doesn’t matter to lot of people though, but being in the security space as a DevSecOps Engineer, i get that body itch, come on, why will you expose your kubernetes cluster ApiServer public endpoint especially for production cluster.
I get it gives that easy get go and access, but bet you, just little more effort from you and me, we can have a reduced attack surface and we would both sleep well at night, atleast to some extent .
A win for you as the DevOps/Infra Engineer and win for me who is putting the Sec into your existing process.
Here is what it looks like if you enable public apiserver endpoint
Credit: jaanhio.me Blog
And what it looks like when you have it disabled and enabled private apiserver endpoint
Credit: jaanhio.me Blog
Let's jump right in,
Take care guys 🤞🏽.