AWS Security ChangesHomeSearch

AWS eks documentation change

Service: eks · 2025-05-22 · Documentation medium

File: eks/latest/userguide/metrics-server.md

Summary

Added network configuration considerations for Metrics Server on Fargate nodes

Security assessment

The changes provide security hardening guidance (port configuration and network ACL rules) to prevent misconfigurations, but there's no evidence of addressing a specific existing vulnerability.

Diff

diff --git a/eks/latest/userguide/metrics-server.md b/eks/latest/userguide/metrics-server.md
index bd607aabf..f43a3b97c 100644
--- a//eks/latest/userguide/metrics-server.md
+++ b//eks/latest/userguide/metrics-server.md
@@ -5 +5 @@
-Deploy as community add-on with Amazon EKS Add-onsDeploy with manifest
+ConsiderationsDeploy as community add-on with Amazon EKS Add-onsDeploy with manifest
@@ -18,0 +19,9 @@ The metrics are meant for point-in-time analysis and aren’t an accurate source
+## Considerations
+
+  * If manually deploying Kubernetes Metrics Server onto Fargate nodes using the manifest, configure the `metrics-server` deployment to use a port other than its default of `10250`. This port is reserved for Fargate. The Amazon EKS add-on version of Metrics Server is pre-configured to use port `10251`.
+
+  * Ensure security groups and network ACLs allow port `10250` between the `metrics-server` Pods and all other nodes and Pods. The Kubernetes Metrics Server still uses port `10250` to collect metrics from other endpoints in the cluster. If you deploy on Fargate nodes, allow both the configured alternate Metrics Server port and port `10250`.
+
+
+
+