Skip to main content

Configure Amazon VPC CNI

In this lab exercise, we'll start configuring the Amazon VPC CNI.

Let's review the existing VPC and Availability Zone configuration.

~$echo "The secondary subnet in AZ $AZ1 is $SECONDARY_SUBNET_1"
~$echo "The secondary subnet in AZ $AZ2 is $SECONDARY_SUBNET_2"
~$echo "The secondary subnet in AZ $AZ3 is $SECONDARY_SUBNET_3"

Set the AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG environment variable to true in the aws-node DaemonSet.

~$kubectl set env daemonset aws-node -n kube-system AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=true

Create an ENIConfig custom resource for each subnet that you want to deploy pods in. Here is the ENIConfig configuration.

/workspace/modules/networking/custom-networking/provision/eniconfigs.yaml
apiVersion: crd.k8s.amazonaws.com/v1alpha1
kind: ENIConfig
metadata:
name: ${AZ1}
spec:
securityGroups:
- ${EKS_CLUSTER_SECURITY_GROUP_ID}
subnet: ${SECONDARY_SUBNET_1}
---
apiVersion: crd.k8s.amazonaws.com/v1alpha1
kind: ENIConfig
metadata:
name: ${AZ2}
spec:
securityGroups:
- ${EKS_CLUSTER_SECURITY_GROUP_ID}
subnet: ${SECONDARY_SUBNET_2}
---
apiVersion: crd.k8s.amazonaws.com/v1alpha1
kind: ENIConfig
metadata:
name: ${AZ3}
spec:
securityGroups:
- ${EKS_CLUSTER_SECURITY_GROUP_ID}
subnet: ${SECONDARY_SUBNET_3}

Let's apply this to our cluster:

~$envsubst < <(cat /workspace/modules/networking/custom-networking/provision/eniconfigs.yaml) | kubectl apply -f -

Confirm that your ENIConfigs were created.

~$kubectl get ENIConfigs

Update your aws-node DaemonSet to automatically apply the ENIConfig for an Availability Zone to any new Amazon EC2 nodes created in your cluster.

~$kubectl set env daemonset aws-node -n kube-system ENI_CONFIG_LABEL_DEF=topology.kubernetes.io/zone