Best Practices - Utilizing AKS services from EKS

Question

We have Azure AKS services exposed to a service running in AWS EKS. Is there a guidance on practices that should be followed for this use-case and have a secure connectivity? I have researched couple of options like VPC Lattice and/or API Gateway with site-to-site VPN or Direct Connect.

Accepted Answer

Usually the connectivity between services running in different K8s clusters is done by multiple options. And the option depends on specific use-case, constraints (security/operational) and requirements. Let me give you some of the options here that might apply in your scenario.
 
1. Hybrid DNS Solutions – Pros: DNS-based discovery across clusters in different clouds. Cons: Latency
2. Direct Internet Access – can be don’t use API Gateways. Pros: Cross-cloud communication. Security controls at API level. Cons: Latency, Public Endpoints, API Security Overhead
3. VPC Peering – if both clusters are in VPCs. Pros: Direct private IP connectivity. Low latency. Cons: Route configuration. Firewall rules.
4. VPN Connection – Connection between AWS VPC and Azure VNet. Pros Secure encrypted tunnel. Caters to hybrid cloud environment.
5. Service Mesh – Istio etc. Pros: Provides unified way for secure communication. Cons: Adds complexity.
 
Considerations – think about security not only in the network but within each K8s cluster. Simplify it using IAM and RBAC.
 
I hope this helps.

Best Practices - Utilizing AKS services from EKS

Conteúdo relevante