Skip to content

eksctl is now fully maintained by AWS. For more details check out eksctl Support Status Update.

eksctl now supports Cluster creation flexibility for networking add-ons.

eksctl now installs default addons as EKS addons instead of self-managed addons. To understand its implications, check out Cluster creation flexibility for networking add-ons.

eksctl

Security

Initializing search

eksctl-io/eksctl

Home
Getting Started
User Guide
Example Configs
Community
Adopters

eksctl

eksctl-io/eksctl

Home
Getting Started
Getting Started
- Introduction
- Installation
- Config File Schema
- Dry Run
- FAQ
- Announcements
  Announcements
  - Managed Nodegroups Default
  - Nodegroup Bootstrap Override For Custom AMIs
User Guide
User Guide
- Clusters
  Clusters
- Nodegroups
  Nodegroups
- Karpenter Support
- EKS Anywhere
- GitOps
  GitOps
  - GitOps with Flux v2
- Security
  Security
  - Security Security
    Table of contents
    
    withOIDC
    
    disablePodIMDS
  - KMS Envelope Encryption for EKS clusters
- Networking
  Networking
- IAM
  IAM
- Config File Schema
- Dry Run
- Troubleshooting
- FAQ
Example Configs
Community
Adopters

Table of contents

withOIDC
disablePodIMDS

Security¶

eksctl provides some options that can improve the security of your EKS cluster.

`withOIDC`¶

Enable withOIDC to automatically create an IRSA for the amazon CNI plugin and limit permissions granted to nodes in your cluster, instead granting the necessary permissions only to the CNI service account. The background is described in this AWS documentation.

`disablePodIMDS`¶

For managed and unmanaged nodegroups, disablePodIMDS option is available prevents all non host networking pods running in this nodegroup from making IMDS requests.

Note

This can not be used together with withAddonPolicies.

Was this page helpful?

Thanks for your feedback!

Thanks for your feedback! Help us improve this page by using our feedback form .

Eksctl Adopters

We are happy and proud to have you all as part of our community! To join the list of eksctl adopters, please follow these instructions.

Gophers: E, K, S, C, T, & L

Original Gophers drawn by Ashley McNamara, unique E, K, S, C, T & L Gopher identities had been produced with Gopherize.me.

Site powered by Netlify ©

Copyright © 2024 Weaveworks
Made with Material for MkDocs

Cookie consent

We use cookies to recognize your repeated visits and preferences, as well as to measure the effectiveness of our documentation and whether users find what they're searching for. With your consent, you're helping us to make our documentation better.

Google Analytics
GitHub

Manage settings