1 Answer
- Newest
- Most votes
- Most comments
Relevant content
- asked 2 years ago
- Accepted Answerasked 7 months ago
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a day ago
Jason_S, thanks for that. hostNetwork spec is set to true in pods with node IP, indeed.
Obviously I'm new to AWS EKS and CNI in general. I guess hostNetwork is set to true on purpose, for example, calico-node pods require direct access to host network ?
This is due to a limitation of EKS (Unable to deploy Calico to control plane nodes), you can refer here https://projectcalico.docs.tigera.io/getting-started/kubernetes/managed-public-cloud/eks. Generally speaking hostNetwork is a bad idea from a security point of view and only trusted pods should have it enabled (even that is not recommended).
Additionally, not sure what pod density you are concerned about. For performance and reliability perspective we strongly discourage you from exceeding the limit such as in here https://github.com/awslabs/amazon-eks-ami/blob/master/files/eni-max-pods.txt. However if it's an ENI imposed limit (i.e. # of ENIs attached to the instance) you can refer to the following blogpost - https://aws.amazon.com/blogs/containers/amazon-vpc-cni-increases-pods-per-node-limits/
Jason_S, many thanks for excellent answer. That helps a lot. Much appreciated.