Why would you want worker node traffic to leave a VPC? (AWS EKS)
When setting up AWS EKS, I came across a configuration option I don't understand. What is the use case for the "public" option as shown in this screenshot? This is the only option that makes worker node traffic leave the VPC in order to connect to the EKS endpoint.
AWS EKS Cluster endpoint acces options:
Compared to the other options, it seems like the "public" option would create unnecessary egress from your VPC.
What is the use case for the "public" option as shown in this screenshot?
For accessing it with non-VPC consumers, such as GitHub/GitLab or non-VPN clients (relying mostly on either the strength of X.509 certificate authentication or that auth plus CIDR restrictions to keep attackers out of your cluster)
Compared to the other options, it seems like the "public" option would create unnecessary egress from your VPC.
Yes, and that's why they have that second option to direct the workers to use the VPC's private IP address while leaving the endpoint with a public IP for consumption outside of the cluster
The only reason I can think of where one would choose the first option but not the second is if there were additional load-balancing or authentication concerns through which one wanted all k8s traffic to travel