Outside access on EKS with CNI

[rafaelalmeida]

I have an EKS cluster with CNI plugin, so the IPs that EKS assigns to my pods are IPs from Elastic Network Interfaces, which are in the same subnet as my other EC2 instances. If the Security Group allows this (which mine does), this means that I can access a pod via IP straight from an EC2 instance outside the cluster.

With such a setup, would it be possible to have just one or two bootstrap servers, accessible in a "stable" (i.e. NodePort or DNS) way from outside the cluster, and expose the other brokers just from their plain IPs? I assume some advertised listener configuration would be necessary, but is it feasible/a good idea?

Related question: Are the outside-[0,1,2].yml services one per broker? I.e. this means I would have to create more services if I were to use more than three brokers? Will the advertised listeners work out-of-the-box in this case?

[solsson]

I'm sure it would be possible. Pods can figure out their listener addresses using arbitrary logic.

Maybe you'll want #187?

Are the outside-[0,1,2].yml services one per broker? I.e. this means I would have to create more services if I were to use more than three brokers?

Correct.

Will the advertised listeners work out-of-the-box in this case?

Off the top of my mind I think they will work up to 10 brokers.

[rafaelalmeida]

@solsson #187 makes total sense, thanks a lot, will try running a test.