AWS EKS cluster networking
On AWS Kubernetes requires an understanding the EKS networking to the cluster control plane and worker node reach. This blog is just explain networking on EKS and resolution to investigating and troubleshooting when you have a problem scenario with AWS EKS cluster network communication between EKS control-plan(EKS VPC) to worker nodes(Subnet).
EKS Cluster
- VPC
- ClusterIP CIDR
- Subnet
- ENI
- Security Group
- NetworkACLs
- RouteTable
- Internet Gateway
- NAT or VPC entpoints
EKS with public and Private subnet
Consider, EKS control plan needs to use ENI that reseverd for Amazon EKS to comunicate the nodes, and on each of instances are attached eni which control inbound/outbound by network ACLs on VPC Subnet and router by routetable for contrrol traffice to CIDR range. The instances policy are applied on-top by security group layer.
Cluster Add-on Plugins
- CoreDNS
- Kube-Proxy
- VPC-CNI
Cluster IPs and PODs IPs
The Cluster IPs is IP for internal cluster comunication it depend by cluster CIDR range at first time cluster has been created.
The IPs of pods these are reserved from instance with secondary private IPv4 it depend by subnet.
Example if subet A set CIDR = 192.168.96.0/19 the first IPv4 is 192.168.96.0 and the last IP is 192.168.127.255. that reseved to 8,192 IPv4
Check Plugins pods
use to kubectl logs and exec.
In configmap kube-proxy.it config to cluster sever endpoint (EKS master endpoint) reached to EKS loadbalacer.
Investigating tools
https://docs.aws.amazon.com/vpc/latest/reachability/what-is-reachability-analyzer.html
Conclusion
For a well understanding of the EKS network communication you can read from Ref below for adoption on your project and make more experince on AWS EKS. enjoy with code thanks.
Ref: https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html
