After EKS Pod is bound to EIP, it cannot use EIP to connect to the Internet.
By default, traffic to a destination outside of the VPC has the source Pod IP SNAT'ed to the instance ENI's primary IP address.
Use the command:
kubectl set env daemonset -n kube-system aws-node AWS_VPC_K8S_CNI_EXTERNALSNAT=true To allow Pods to access the outside directly through the attached EIP.
However, it should be noted that this may affect the Pods deployed in the public subnet without attached EIP being unable to access the network externally. If the EIP-Controller is deployed in the public subnet, EC2 and STS's PrivateLink need to be created. AWS services that integrate with AWS PrivateLink
How should node groups be handled during an upgrade?
When the EIP Controller is not running, it will miss the Pod delete event, leading to the inability to properly reclaim the associated EIP. During the upgrade of the node group, it is necessary to ensure that the EIP Controller is in a running state when the node is being reclaimed. One method is to first deploy the EIP Controller to another node group and ensure it is running, and then upgrade the node group that needs to be upgraded.