Capture Proxy Service on Amazon EKS

For zero-downtime migrations, the workflow creates capture proxy pods, a Kubernetes Service in front of those pods, and Apache Kafka wiring so captured traffic can be replayed later. Client traffic is sent to the proxy Service, which forwards requests to the source cluster and records them for later replay. On Amazon EKS, the Service can be backed by AWS load-balancer infrastructure (Application Load Balancer or Network Load Balancer), and the bootstrap path handles the platform wiring for you.

The proxy is secure by default. If you do not configure TLS explicitly, the workflow provisions a self-signed certificate for the proxy. You can also configure cert-manager-issued certificates, an existing AWS Private CA, or a new AWS Private CA via ACK using the bootstrap script’s TLS flags. If you intentionally want plaintext HTTP, set the proxy TLS mode to plaintext.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Workflow-driven operating model

Metadata Migration