0

Requirement/Problem:

I would like to route traffic from the VPC network to a cluster IP. In AKS I was able to do this by adding an entry in the VNET route table to a node running kube-proxy. I can't seem to be able to do this in EKS. I would like to do this for development environments so I can easily access service cluster IPs without having to forward ports or create load balancers. It's my understanding that kube-proxy uses iptables to forward network traffic.

Question:

Is there something fundamental that won't allow me to route traffic to the cluster network in EKS?

Context:

I'm testing with eks.9 and k8s 1.21

Adrian
  • 251
  • 1
  • 5

1 Answers1

1

As per my understanding, you should definitely be able to do this by setting proper SecurityGroup settings (which allow traffic to be forwarded to your worker node clusterIP subnet).

And yes, kube-proxy uses iptables to forward traffic but it really depends on the overlay networking driver you have. If you're running flannel for instance, this is true, but perhaps not for calico or cilium, they may use bpf. So, just double check if your overlay network CNI plugin supports forwarding based on iptables.

Another thing you can do (and this will not require creating Load Balancers) is you can change your service type to NodePort or LoadBalancer which will allow you to set a personalized externalIP on your service. This you can provide to the cluster through a subnet configured in your VPC. All the incoming traffic to this subnet will then be forwarded to your services on the desired ports on which they are listening.

I hope this is helpful enough for you to get started.

zer0
  • 2,153
  • 10
  • 12
  • Thanks. I don't believe it's a problem with SGs, as I'm able to reach the worker nodes fine, and for testing enabled all ingress traffic. – Adrian Jul 14 '22 at 22:28
  • I updated the answer, I think it might be helpful now. – zer0 Jul 14 '22 at 22:34