Annoucing Amazon VPC CNI introduces Enhanced Subnet Discovery

2 minute read
Content level: Intermediate
0

Amazon EKS introduces Enhanced Subnet Discovery to address IPv4 address space exhaustion, enabling scalable and efficient IP management for EKS clusters without adding operational complexity.

Users of Amazon Elastic Kubernetes Service (Amazon EKS) often face IPv4 address space exhaustion due to scaling. To address this, Amazon EKS introduces Enhanced Subnet Discovery, which maximizes the use of VPC CIDRs and subnets for EKS pods without adding operational complexity. Although IPv6 is a long-term solution, current dependencies on IPv4 necessitate this feature.

How It Works The Amazon VPC Container Network Interface (CNI) plugin, deployed on each EC2 worker node in an EKS cluster, assigns private IPv4 and IPv6 addresses to pods. By default, it allocates IPs from the same subnet as the worker node's primary network interface. Enhanced Subnet Discovery expands this to automatically allocate pod IPs from all available subnets/CIDRs tagged for use within the VPC.

New subnets can be tagged with "kubernetes.io/role/cni" and integrated seamlessly, allowing for effective scaling with minimal disruption.

Prerequisites AWS Account EKS cluster version 1.25 or higher Amazon VPC CNI version 1.18.0 or later AWS CLI or AWS CloudShell eksctl CLI tool (v0.165.0 or higher) Setup Walkthrough Environment Setup:

Export AWS region, account number, and EKS cluster name. Simulate IP Exhaustion:

Create a VPC with a /24 CIDR block divided into subnets. Deploy a sample application to simulate IP exhaustion. Enable Enhanced Subnet Discovery:

Associate a secondary CIDR block with the VPC. Create and tag new subnets. Verify the feature is enabled via the "ENABLE_SUBNET_DISCOVERY" environment variable. Observe Results:

Check that pods are assigned IPs from new subnets, resolving IP exhaustion issues. Key Considerations Shared Subnets: When using cross-account scenarios, ensure subnets in the participant account are tagged appropriately. Custom Networking: Provides flexibility in IP assignments and security group configurations, reducing configuration overhead compared to Enhanced Subnet Discovery. Pod Networking Use Cases: Compatible with various VPC CNI features like SNAT for Pods, Security Groups for Pods, and Kubernetes network policies. Conclusion Enhanced Subnet Discovery in Amazon EKS allows for scalable and flexible IPv4 address management, accommodating the growth of EKS clusters with low operational overhead. It simplifies IP address management while supporting dynamic IT environments. For further recommendations and best practices, refer to the Amazon EKS best practices guide.

Source :- https://aws.amazon.com/it/blogs/containers/amazon-vpc-cni-introduces-enhanced-subnet-discovery/

profile picture
EXPERT
A_J
published 17 days ago1295 views