AWS transit gateway allows you to connect VPCs, direct connects and VPNs through a central hub. Traditionally in networking this is known as the hub and spoke model. In AWS cloud, this simplifies network connectivity and offers scalable and robust way of stiching networks together privately.

One of the requirements of the k8s networking model is that all pods running in a host are able to communicate with each other. This flat networking model posses some security challenges in clusters that are multi-tenanted. So for an MSP running multiple customer applications on a single cluster; this can lead to customers accessing each other’s service. Even in a setup where multiple business units share a common cluster having a network security policy is needed from a goverance and…

EKS and GKE make k8s networking some what transparent. You bring up a cluster and nodes, then create a deployment and by magic your pods have IP addresses and even a load balancer. Obviously this is assuming your VPCs and subnets are already in place, but the main point is that you never typically get to worry about the inner working on how networking is implemented within your k8s clusters. In this post, I will be studying how this networking magic happens behind the scenes.