Home > Software design >  Amazon EKS on public subnets
Amazon EKS on public subnets

Time:05-17

This article from AWS states that recommended production setup for EKS is a mix of private and public subnets. Unfortunately it does not explain the 'why'. What is wrong with the option 'only public subnets' assuming it has a properly configured security groups? It seems much simpler and cheaper (since we do not need NAT).

CodePudding user response:

This SO seems to actually answer my question:

In particular the question in one of the comments:

What is the advantage of a server on a private subnet with a NAT instance and a a server public subnet with a strict security policy?

and the answer:

it's not really about an advantage. It's about the way networking works, in VPC. All of the instances on a given subnet have to use the same default gateway, which will either be the "Internet gateway" virtual object, which will not do NAT, or it will be a NAT instance, which will not "not do" NAT. Unless all your machines have public IPs, or none of them do, you're going to want both types of subnets. If everything is an Internet-facing web server, sure, you might need only a public subnet, and with correct security configuration, there's no disadvantage.

Page link:https//www.codepudding.com/Softwaredesign/409239.html

Prev:I'm using docker desktop with kubernetes and I'm trying to create some pods but I've
Next:SOLVED - Kubernetes can't pull private image from docker
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding