Hi and welcome to Your Devops Tip blog series. In this series I am going to share some interesting scenarios, challenge and solutions on topics related to realtime use cases on Cloud and Devops.
Scenario
Imagine you have two EKS clusters in separate VPCs with no direct network connectivity (like Transit Gateway or VPC peering) between the two services and you are not allowed to make a connection using TGW or VPC peering between the two VPC’s.
Challenge
There is requirement that an application from VPC-A EKS cluster wants to connect a service on VPC-B EKS cluster. How can you make that happen?
Solution
By Using hashtag AWS PrivateLink , NLB, VPC Endpoints. Here is a brief explanation of the steps.
Create a Network Load Balancer (NLB) for the microservice in VPC B.
Create a VPC Endpoint Service in VPC B and Register the NLB as a VPC Endpoint Service. Modify the microservice in VPC B to be accessible via the NLB.
Create an Interface VPC Endpoint in VPC A that connects to the VPC Endpoint Service in VPC B. This will create an endpoint network interface in VPC A, providing a private IP address to access the service in VPC B.
-
Update Security Groups:
- Ensure the security groups in VPC B (associated with the NLB and the microservice) allow inbound traffic from the VPC Endpoint in VPC A.
- Similarly, configure the security groups in VPC A to allow outbound traffic to the VPC Endpoint.
Modify the Microservice in VPC A to Use the VPC Endpoint
By following these steps, you can enable secure, private communication between microservices in different EKS clusters without exposing them to the internet or requiring direct network connectivity between the VPCs.
For more techbytes on Cloud and Devops please stay connected to NandiTechBytes on Youtube. Also I am sharing the playlist here for you , please check it out.
Playlist Cloud & Devops Projects and Tasks
Cheers
Keep Learning!
@NandiTechBytes
Top comments (0)