K
Q

aws: Application traffic passing through NAT gateways?

1/16/2018

I am deploying a microservices app using kubernetes on aws.

One of the pods will be the ui and will be exposed as a LoadBalancer service.

This creates an ELB that has the k8s nodes as instances behind it.

The k8s cluster is deployed using the --topology private flag of kops, so all nodes are in private subnet and some NAT gateways are created for allowing these private instances to receive traffic.

The app architecture as I said will expose ports 80/443 (accessible via the ELB) and once hit, will perform several back-end tasks before returning a result.

The question is the following: given that NAT instances are also charged per GB processed, will this application-based traffic increase my costs?

Or is the application traffic tunneled only via the ELB?

-- pkaramol
amazon-web-services
kops
kubernetes
nat

Similar Questions

Could not create a service principal with the right permissions
ACS/AKS cluster with linux and windows node
which token to use for kubernetes-dashboard login with Google cloud platform
In GCP Kubernetes (GKE) how do I assign a stateless pod created by a deployment to a provisioned vm

1 Answer

1/16/2018

The load balancer should be in the public subnets, and back end in the private subnets should be accepting traffic from the load balancer.

In this scenario, only traffic initiated by the back end would traverse the NAT. If the containers are immutable, you probably do not need the NAT gateways.

-- chris
Source: StackOverflow