Problem adding nodegroup in EKS cluster with GW NAT

0

Hello

I am having difficulties in bringing an EKS cluster back into compliance

Cluster:

I have an eks cluster with :

  • 6 EKS Plane Control Networks (network 1-6)

    i. Network 1/2/3 are in a RA routing table with a 0.0.0.0/0 which refers to an Internet Gateway

ii. Network 4/5/6 are in an RB routing table with a 0.0.0.0/0 that refers to a NAT Gateway (+ other routes to my company network)

  • 4 cluster nodegroupe with networks 4/5/6 used for worker nodes

  • My EKS cluster has a Public and Private API ( => From a node, when I do a DNS resolution I do see a private IP)

Target:

EKS cluster with :

  • 6 EKS Plane Control Networks (network 1-6)

i. Network 1/2/3 in a RA routing table with a 0.0.0.0/0 that refers to an Internet Gateway

ii. Network 4/5/6 also in the RA routing table

  • 4 cluster nodegroupe

i. Nodegroupe 1 : Use networks 10 and should be in the RC routing table with 0.0.0.0/0 which refers to a new NAT Gateway (+ other routes to my company network)

ii. Nodegroupe 2 : Use networks 11 and should be in the RC routing table with 0.0.0.0/0 which refers to a new NAT Gateway (+ other routes to my company network)

iii. Nodegroupe 3 : Use networks 12 and should be in the RC routing table with 0.0.0.0/0 which refers to a new NAT Gateway (+ other routes to my company network)

iiii. Nodegroupe 4 : Use networks 13 and should be in the RC routing table with 0.0.0.0/0 which refers to a new NAT Gateway (+ other routes to my company network)

Problem

When creating a new nodegroup to replace an existing one, I indicate network 10/11/12 or 13

The RC routing table is OK with the NAT Gateway

Problem: the node can't join the cluster (error message: Instances failed to join the kubernetes cluster)

I can see the EC2 instance being created in the right network 10/11/12 or 13

I don't understand the problem, why the nodes in this network 10/11/12 or 13 can't join the API cluster through the ENI in network 1-6?

When I create a new nodegroup and I indicate a network 1-6 (network on route table RA or RB) it works without problem

Sincerely

No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions