As you may or may not know services with Kubernetes do not natively support ICMP protocol but there is a way to get around this limitation with load balancer services on Amazon EKS.

Internet Control Message Protoco (ICMP)

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address, for example, an error is indicated when a requested service is not available or that a host or router could not be reached.[2] ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute) – Wikipedia

First, to use ICMP protocol for your load balancer service, you need to create a separate security group to which you will point the service. This will bypass Kubernetes from making its own automatically. You can create the security group through any method you desire and ensure it’s on the same VPC as your EKS cluster.

Your security needs to have an inbound rule like this to allow for ICMP

Now, after creating your security group go back to the YAML file used to deploy the Kubernetes service and put this piece of code into the “annotations” section.

service.beta.kubernetes.io/aws-load-balancer-security-groups: "sg-yoursgcode"

With that in place and your security group code inserted apply the YAML. Then, going to the load balancers section of the EC2 dashboard look up your service’s load balancer and click on its security group and you’ll see that now you have a Kubernetes load balancer service that is using the ICMP protocol.

Load balancer page
Security group page

Checkout more of our blogs here

Leave a Reply

Your email address will not be published. Required fields are marked *