I have an EKS cluster in a VPC in AWS. In addition, I have a VPN endpoint defined in the same VPC. Inside my EKS there's pod that expose some service over HTTP at port 3005.
I want to be able to get to my pod's service while connected to the VPN. The pod's service and the VPN doesn't need to connect to the internet. Everything should happen inside the VPC.
I guess I need the private IP of the pod or the k8s service that attached to it, but I'm not sure that such a thing exist and can be reachable from outside EKS (but inside the VPC).
If I just try to connect to the pod's IP when connected to the VPN, it doesn't work.
In terms of security group and authorization rules, I think that everything is setup correctly since I also have an EC2 instance in the same VPC, which I can access when connected to the VPN and security groups are basically the same and they are all in the same VPC.
If I try to add ELB to the k8s service then it has an A record and a public IP which doesn't help me cause I need a private IP when connected to the VPN, in addition I don't need the pod's service to be reachable from outside the VPC so having ELB with public IP doesn't help me at all.
Is there an easy way to make my pod's service accessible only through the VPN connection?
If you want to expose some k8s service it can be done in different ways, take a look here https://repost.aws/knowledge-center/eks-kubernetes-services-cluster#
Regarding the ELB - it's good approach and you can have Private ELB which will be available only inside VPC.