EKS pods cannot reach EC2 instance running in public subnet wihtin the same VPC

Anadi Misra

1/29/23, 7:28 AM

Is there a way I can make an EKS Faragte node or a EC2 instance running in a private subnet connect to an ec2 instance running in the public subnet in the same VPC?

When I try a test from the VPC "Reachability Analyzer" for path from the ENI attached to NAT Gateway to the EC2 instance the test succeeds.

When I run curl from inside the EKS POD (which is essentially running as a node in the Private Subnet of the VPC) to the instance running the public subnet of the same VPC the command times out.

I'm running jetty bound to 0.0.0.0 port 28980 on that target EC2 public subnet instance.

239

0 + 0

amazon-web-services

Tim

1/29/23, 8:07 AM

Sounds like a routing issue. Suggest you edit your question to show a shot of both of your route tables, and tell us the CIDR range of the VPC and both private and public subnets.

Anadi Misra

1/29/23, 12:24 PM

Hi! the problem was we were attaching security groups to ec2 instane so it would block traffic out of CIDR mismatch. Attached rules as default security group to VPC instead.

Tim

1/29/23, 5:26 PM

It's generally best to delete the default VPC and remove all rules from the default security group, and create your own security groups. Various compliance standards suggest that. Please answer your own question so it's not left hanging :)

Score:0

Server

Anadi Misra

1/30/23, 2:15 PM

The issue was this

we want to restrict traffic to our VPN and to a Jenkins running on EKS; we were going about adding security groups to VMS which was becoming hard to handle.

So we've moved all security rules to VPC Default Security and any VM attached to the VPC has those rules, my assumption was since VPCs allow all traffic within them, the private to public subnet ping won't be an issue.

But, that was not the case I still had to add a rule with VPC CIDR to the default security group of VPC and then it all worked.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: EKS pods cannot reach EC2 instance running in public subnet wihtin the same VPC

TH: พ็อด EKS ไม่สามารถเข้าถึงอินสแตนซ์ EC2 ที่ทำงานอยู่ในซับเน็ตสาธารณะที่มี VPC เดียวกัน

RO: Pod-urile EKS nu pot ajunge la instanța EC2 care rulează în subrețea publică cu același VPC

RU: Модули EKS не могут получить доступ к экземпляру EC2, работающему в общедоступной подсети в том же VPC.

VI: Nhóm EKS không thể truy cập phiên bản EC2 đang chạy trong mạng con công cộng với cùng một VPC

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.