Let me start this by saying I am a complete newbie, and I’m trying to wrap my head around some Kubernetes concepts.
I created an EKS cluster whose worker nodes are all inside a private subnet, and then I configured kubectl to see and use it on my local computer. My computer is not connected to a VPN or any other means of accessing a private subnet directly.
I made a three-pod deployment of a trivial “hello world” type application that listens on port 8080. (Specifically, I ran luksa/kubia, the example used throughout Kubernetes in Action.) I did not set up any kind of ingress that would allow communication with the public internet.
As an experiment, I then ran the following:
kubectl exec kubia-deployment-c97c5cbcd-pntx4 -- curl -s http://10.2.36.193:8080
kubia-deployment-c97c5cbcd-pntx4 was one of the pods in my deployment, and
10.2.36.193 was the internal IP of a different pod.
To my surprise, I got a response:
This is v1 running in pod kubia-deployment-c97c5cbcd-66qzl
This implies that
kubectl, once configured to work with an EKS cluster, is also able to access worker nodes even if they are inside an inaccessible private network. What is the path by which my
exec command gets to the pod, and how do I get the response back? Basically, what happened here?
My manifest file:
apiVersion: apps/v1 kind: Deployment metadata: name: kubia-deployment labels: app: kubia spec: replicas: 3 selector: matchLabels: app: kubia template: metadata: name: kubia-pod labels: app: kubia spec: containers: - image: luksa/kubia:v1 name: nodejs