Requirement/Problem:
I would like to route traffic from the VPC network to a cluster IP. In AKS I was able to do this by adding an entry in the VNET route table to a node running kube-proxy. I can't seem to be able to do this in EKS. I would like to do this for development environments so I can easily access service cluster IPs without having to forward ports or create load balancers. It's my understanding that kube-proxy uses iptables to forward network traffic.
Question:
Is there something fundamental that won't allow me to route traffic to the cluster network in EKS?
Context:
I'm testing with eks.9 and k8s 1.21
As per my understanding, you should definitely be able to do this by setting proper
SecurityGroupsettings (which allow traffic to be forwarded to your worker nodeclusterIPsubnet).And yes,
kube-proxyusesiptablesto forward traffic but it really depends on theoverlaynetworking driver you have. If you're runningflannelfor instance, this is true, but perhaps not forcalicoorcilium, they may usebpf. So, just double check if your overlay network CNI plugin supports forwarding based oniptables.Another thing you can do (and this will not require creating Load Balancers) is you can change your service type to
NodePortorLoadBalancerwhich will allow you to set a personalizedexternalIPon your service. This you can provide to the cluster through a subnet configured in your VPC. All the incoming traffic to this subnet will then be forwarded to your services on the desired ports on which they are listening.I hope this is helpful enough for you to get started.