I have a service in K8S which I want to access from another EKS cluster's POD privately.
service.yaml
apiVersion: v1
kind: Service
metadata:
name: test
namespace: test
spec:
type: LoadBalancer
selector:
app: test
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8888
In LoadBalancer's Security Group I have removed 0.0.0.0/0
and enabled only client's worker node IP and POD IP
Worker Node IP
Type: All traffic
Protocol: All
Port range: All
Source: 10.x.0.0/16
POD IP
Type: All traffic
Protocol: All
Port range: All
Source: 10.x.x.x/32
Now when I telnet to the service from the client's POD, telnet hangs at Trying state
telnet xxxx-xxxxx.us-west-1.elb.amazonaws.com 80
Trying xx.xxx.xxx.xxx...
If I enable all source in security group like below, everything works fine. Which is not intended behavior because this resource must be accessed privately.
Type: HTTP
Protocol: TCP
Port range: 80
Source: 0.0.0.0/0
I tried other options in service, nothing worked
....
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
spec:
externalTrafficPolicy: Local # Tried both Cluster and Local
....