Answer: Install the AWS Load Balancer Controller for Kubernetes. Using that controller, configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.

The question requires a solution that supports encryption in transit without decryption between the client and the backend, uses the gRPC protocol over TCP port 443, scales to thousands of simultaneous connections, and employs mutual TLS for two-way authentication. Option A suggests using a Network Load Balancer (NLB) with a TCP listener on port 443. NLBs operate at the transport layer (Layer 4) and can handle the high throughput and low latency required for thousands of simultaneous connections. They also support the gRPC protocol and can forward encrypted traffic without decrypting it, which is crucial for maintaining encryption in transit. Additionally, NLBs can be configured to support mutual TLS, meeting the requirement for two-way authentication. Option B, using an Application Load Balancer (ALB) with an HTTPS listener, would decrypt the traffic at the ALB, which violates the requirement that traffic must not be decrypted between the client and the backend. Options C and D involve creating target groups and adding the EKS managed node group's Auto Scaling group as a target, which does not directly address the need for mutual TLS or the specific requirement to use the AWS Load Balancer Controller for Kubernetes. Therefore, the correct answer is A.

Author: LeetQuiz Editorial Team