You must create an ENIConfig custom resource for each subnet that your pods will reside in, and then annotate or To true causes ipamd to use the security groups and VPC subnet in a worker node's ENIConfig for elastic network interfaceĪllocation. Specifies that your pods may use subnets and security groups that are independent of your worker node's VPC configuration.īy default, pods share the same subnet and security groups as the worker node's primary interface. Iptables rules and that the kernel's reverse path filter on the primary interface is set to loose. Specifies whether NodePort services are enabled on a worker node's primary network interface. The following environment variables are available, and all of them are optional. The Amazon VPC CNI plugin for Kubernetes supports a number of configuration options, which are set through environment variables. And Warm-Pool size is 3 eni * (30 -1) = 87įor a detailed explanation, see WARM_ENI_TARGET, WARM_IP_TARGET and MINIMUM_IP_TARGET.
If the number of current running Pods is between 30 and 58, ipamd will allocate 2 more eni. And Warm-Pool size is 2 eni * (30 -1) = 58 
If the number of current running Pods is between 0 and 29, ipamd will allocate one more eni. SeeĮlastic Network Interfaces documentation for details. When number of pods running on the node exceeds the number of addresses on a single ENI, the CNI backend start allocatingĪ new ENI and start using following allocation scheme:įor example, a m4.4xlarge node can have up to 8 ENIs, and each ENI can have up to 30 IP addresses. Without anyĬonfiguration, ipamd always try to keep one extra ENI. When a worker node first joins the cluster, there is only 1 ENI along with all of its addresses in the ENI. Troubleshooting Guide provides tips on how to debug and troubleshoot this CNI. The details can be found in Proposal: CNI plugin for Kubernetes networking over AWS VPC. maintaining a warm-pool of available IP addresses, and. ipamd, which is a long-running node-Local IP Address Management (IPAM) daemon, is responsible for:. CNI Plugin, which will wire up host's and pod's network stack when called. make docker-unit-tests uses a docker container (golang:1.16) to run all unit tests. 
make docker-build uses a docker container (golang:1.16) to build the binaries. make docker will create a docker container using the docker-build with the finished binaries, with a tag of amazon/amazon-k8s-cni:latest. unit-test, format, lint and vet provide ways to run the respective tests/tools and should be run before submitting a PR. make defaults to make build-linux that builds the Linux binaries. "Resource": Īlternatively there is also a Helm chart: eks/aws-vpc-cni Building
0 kommentar(er)
