Pod security group for Mendix

Hi there: I am deploying multiple applications using multiple Namespaces on a single EKS cluster. The EKS cluster is shared, but the DB instances are separated by environment. To increase the level of security, I would like to use Pod security groups to control communication. -What I would like to achieve: 1. allow DB instances to communicate only from Mendix, not from the entire EKS cluster -What I have done: 1. added a matchLabels to Mendix deployment 2. created a security group policy, in the policy, I added the Mendix pod sg, the DB instance sg, and the EKS cluster sg 3. added Mendix Pod SG to inbound rules for DB instance sg -The behavior of the sg: 1. when I allow the EKS cluster sg to the DB instance sg, the Runtime server comes up normally and the application is deployed successfully 2. if I allow only Mendix pod sg to the DB instance sg, the connection to the DB failed, Runtime also shut down Here are my questions: 1. is it possible to do what I want to do, or is it necessary to allow communication at the cluster level due to Mendix specifications? 2. if it is possible, what did I do wrong in my configuration? Thank you!
0 answers