add pod sg enforcing mode to fix ebs eni crashloopback issue

SPHTech-Platform · Jun 30, 2023 · 5e010ad · 5e010ad
1 parent d0c3f54
commit 5e010ad
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/main.tf b/main.tf
@@ -83,8 +83,9 @@ module "eks" {
  configuration_values = jsonencode({
  env = {
  # Reference doc: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html#security-groups-pods-deployment
- ENABLE_POD_ENI = "true"
- DISABLE_TCP_EARLY_DEMUX = "true"
+ ENABLE_POD_ENI = "true"
+ DISABLE_TCP_EARLY_DEMUX = "true"
+ POD_SECURITY_GROUP_ENFORCING_MODE = "standard"
  }
  })
  } : {