How to deploy CDM release/6.5.2 with private IPs?

This topic contains 2 replies, has 2 voices, and was last updated by  8427C399-9811-4941-A0B3-92AF6BF19CD9 2 weeks, 1 day ago.

  • Author
    Posts
  • #27044

    There are numerous resources with public IPs created in CDM release/6.5.2.
    How can they be deployed with private IPs?
    I can certainly slog through this process, but hoping there is something a little more turn key?
    There is also code that leave 3 ports open to 0.0.0.0/0 in:

    bin/eks-mount-efs.sh
    etc/amazon-eks-vpc.yaml

    Tried changing to my public IP, but this is a breaking change in eks-mount-efs.sh
    (Can’t detect the public IPs anymore)

    #27045
     Volker Scheuber 
    Participant

    Hi,

    does this address the concern:
    https://backstage.forgerock.com/docs/platform/6.5/eks-sr-guide/#eks-sr-security-cidr

    or are you asking the CDM to lock down in other ways?

    #27049

    It may be part of the answer in that we can limit access.
    But I would think the cluster and worker node don’t need public IPs.
    At least AWS agrees with this assessment at least generically for the EKS service.
    Not sure about compatibility with CDM.
    I am testing this additional controller.service parameter.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?