Best Practices - Utilizing AKS services from EKS


We have Azure AKS services exposed to a service running in AWS EKS. Is there a guidance on practices that should be followed for this use-case and have a secure connectivity? I have researched couple of options like VPC Lattice and/or API Gateway with site-to-site VPN or Direct Connect.

1 Answer
Accepted Answer

Usually the connectivity between services running in different K8s clusters is done by multiple options. And the option depends on specific use-case, constraints (security/operational) and requirements. Let me give you some of the options here that might apply in your scenario.

  1. Hybrid DNS Solutions – Pros: DNS-based discovery across clusters in different clouds. Cons: Latency
  2. Direct Internet Access – can be don’t use API Gateways. Pros: Cross-cloud communication. Security controls at API level. Cons: Latency, Public Endpoints, API Security Overhead
  3. VPC Peering – if both clusters are in VPCs. Pros: Direct private IP connectivity. Low latency. Cons: Route configuration. Firewall rules.
  4. VPN Connection – Connection between AWS VPC and Azure VNet. Pros Secure encrypted tunnel. Caters to hybrid cloud environment.
  5. Service Mesh – Istio etc. Pros: Provides unified way for secure communication. Cons: Adds complexity.

Considerations – think about security not only in the network but within each K8s cluster. Simplify it using IAM and RBAC.

I hope this helps.

answered 9 months ago
profile picture
reviewed 2 months ago
  • Thank you! That really helps.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions