Q74 — AWS ANS-C01 Ch.1
Question 74 of 100 | ← Chapter 1
A company is building an internet-facing application that is hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The company Is using the Amazon VPC Container Network Interface (CNI) plugin for Kubernetes for pod networking connectivity. The company needs to expose Its application to the internet by using a Network Load Balancer (NLB). The pods that host the application must have visibility of the source IP address that is contained in the original packet that the NLB receives. How should the network engineer configure the NLB and Amazon EKS settings to achieve these goals?
- A. Specify the ip target type for the NLB. Set the externalTrafficPolicy attribute to Local in the Kubernetes service specification.
- B. Specify the instance target type for the NLSet the externalTrafficPolicy attribute to Cluster in the Kubernetes service specification. ✓
- C. Specify the instance target type for the NLB. Set the externalTrafficPolicy attribute to Local in the Kubernetes service specification.
- D. Specify the ip target type for the NLB. Set the externalTrafficPolicy attribute to Cluster in the Kubernetes service specification.
Correct Answer: B. Specify the instance target type for the NLSet the externalTrafficPolicy attribute to Cluster in the Kubernetes service specification.
Explanation
Amazon VPC CNI插件与NLB集成时,保留客户端源IP需结合目标类型和流量策略。AWS文档指出,NLB选择IP目标类型直接将流量路由到Pod IP,避免经过节点网络转换。Kubernetes的externalTrafficPolicy设置为Local时,Service仅将流量分发到当前节点上的Pod,跳过kube-proxy的SNAT过程。选项A正确组合了这两点,确保源IP传递给应用。其他选项要么目标类型导致跳转丢失IP(B、C的instance类型),要么流量策略导致SNAT(D的Cluster策略)。