EKS pods get node IP address instead of IP from Calico IP Pool

0

Hello, in order to take advantage of higher pod density along with network policies we removed AWS VPC CNI add-on (aws-node) and rely on Calico CNI add-on (calico-node) for pod network management. After removing aws-node daemonset and terminating EKS worker nodes, new nodes were created by ASG and all pods scheduled. My question, while most pods scheduled on the new nodes have been assigned IP address from Calico IP pool, as expected, a number of pods, mostly daemonset pods, have been assigned the same IP as the node IP.
Any help with this will be highly appreciated. JS

Themen

Vernetzung & Bereitstellung von Inhalten Behälter

Tags

Amazon VPC Vernetzung & Bereitstellung von Inhalten Amazon Elastic Kubernetes Dienst

Sprache

English

gefragt vor 2 Jahren1379 Aufrufe

1 Antwort

Neueste
Die meisten Stimmen
Die meisten Kommentare

Sind diese Antworten hilfreich? Stimmen Sie der richtigen Antwort zu, damit die Community von Ihrem Wissen profitieren kann.

0

Akzeptierte Antwort

Can you inspect and see if the pod spec has hostNetwork set to true?

beantwortet vor 2 Jahren

AWS-User-JS
vor 2 Jahren
Jason_S, thanks for that. hostNetwork spec is set to true in pods with node IP, indeed.
Obviously I'm new to AWS EKS and CNI in general. I guess hostNetwork is set to true on purpose, for example, calico-node pods require direct access to host network ?
Jason_S
vor 2 Jahren
This is due to a limitation of EKS (Unable to deploy Calico to control plane nodes), you can refer here https://projectcalico.docs.tigera.io/getting-started/kubernetes/managed-public-cloud/eks. Generally speaking hostNetwork is a bad idea from a security point of view and only trusted pods should have it enabled (even that is not recommended).
Jason_S
vor 2 Jahren
Additionally, not sure what pod density you are concerned about. For performance and reliability perspective we strongly discourage you from exceeding the limit such as in here https://github.com/awslabs/amazon-eks-ami/blob/master/files/eni-max-pods.txt. However if it's an ENI imposed limit (i.e. # of ENIs attached to the instance) you can refer to the following blogpost - https://aws.amazon.com/blogs/containers/amazon-vpc-cni-increases-pods-per-node-limits/
AWS-User-JS
vor 2 Jahren
Jason_S, many thanks for excellent answer. That helps a lot. Much appreciated.

Relevanter Inhalt

Was sind die bewährten Methoden für die Konfiguration des Amazon VPC CNI-Plug-Ins zur Verwendung einer IP-Adresse in VPC-Subnetzen mit Amazon EKS?
AWS OFFICIALAktualisiert vor 2 Jahren
Warum verbinden sich meine Pods nicht mit anderen Pods in Amazon EKS?
AWS OFFICIALAktualisiert vor einem Jahr
Wie wähle ich bestimmte IP-Subnetze aus, die für Pods in meinem Amazon-EKS-Cluster verwendet werden sollen?
AWS OFFICIALAktualisiert vor einem Jahr
Warum hängt mein Amazon-EKS-Pod im Status ContainerCreating mit dem Fehler „Pod-Sandbox konnte nicht erstellt werden“ fest?
AWS OFFICIALAktualisiert vor einem Jahr