In Amazon EKS using the VPC CNI plugin, how are IP addresses assigned to pods?
Think about how pods integrate with the VPC network for direct connectivity.
The VPC CNI plugin assigns IP addresses to pods from the VPC subnet, so pods appear as native VPC network interfaces. This allows pods to communicate directly with other AWS resources without NAT.
You are designing an EKS cluster with the VPC CNI plugin enabled. Which subnet type should you select for your worker nodes to ensure pods get IP addresses correctly?
Consider where pods get their IPs and how nodes communicate externally.
Worker nodes should be in private subnets with NAT gateways to allow nodes and pods to access the internet securely. Pods get IPs from the subnet, so subnet choice affects IP availability and routing.
What is the effect of setting the environment variable AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG to true in the VPC CNI plugin configuration?
Think about customizing IP address allocation sources.
Setting AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=true allows the VPC CNI plugin to allocate IP addresses from custom subnets specified by the user, enabling advanced networking setups.
Which security group rule is essential for EKS worker nodes to allow pod networking when using the VPC CNI plugin?
Consider how pods communicate across nodes inside the cluster.
Nodes must allow all traffic between themselves to enable pod-to-pod communication across nodes, as pods get IPs from the VPC subnet and communicate directly.
Given an EC2 instance type with a maximum of 4 ENIs and 15 IP addresses per ENI, what is the maximum number of pods that can be scheduled on a single node using the VPC CNI plugin?
Remember that the node uses one IP per ENI, reducing available pod IPs.
Each ENI has 15 IPs, but one IP per ENI is used by the node, leaving 14 IPs per ENI for pods. With 4 ENIs, 4 * 14 = 56 pod IPs. The primary ENI is counted the same way, so total pods = (4 ENIs * 15 IPs) - 4 reserved IPs = 56 pods.