Blocking pod access to metadata in EKS
Some time ago, I got a task from our security team: ensure that pods running in our EKS cluster couldn’t access the instance metadata endpoint. This was part of a broader effort to tighten security and prevent potential credential exposure. In this post, I’ll walk you through how I did this with a combination of two Kubernetes egress NetworkPolicies.