0
0
AWScloud~10 mins

EKS networking with VPC CNI in AWS - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - EKS networking with VPC CNI
Create VPC with subnets
Deploy EKS Cluster
Install VPC CNI Plugin
Assign ENIs and IPs to Pods
Pods get IPs from VPC subnet
Pods communicate using VPC networking
This flow shows how an EKS cluster uses the VPC CNI plugin to assign real VPC IP addresses to pods, enabling native VPC networking.
Execution Sample
AWS
eksctl create cluster --name my-cluster --region us-west-2 --nodes 2
kubectl apply -f aws-vpc-cni.yaml
kubectl get pods -n kube-system
kubectl describe pod <pod-name>
This sequence creates an EKS cluster, installs the VPC CNI plugin, and checks pod networking details.
Process Table
StepActionResource Created/ModifiedResult/State Change
1Create VPC with public and private subnetsVPC, SubnetsVPC ready with subnets for EKS
2Create EKS cluster with nodesEKS Cluster, EC2 NodesCluster active, nodes registered
3Install AWS VPC CNI pluginDaemonSet aws-nodePods get ENIs and IPs from VPC
4Pods start with VPC IP addressesPod ENIsPods have IPs from VPC subnet range
5Pods communicate over VPC networkNetwork trafficPod-to-pod traffic uses VPC routing
6Check pod IP assignmentkubectl describe podPod IP matches VPC subnet IP
7Cluster scales nodesNew EC2 nodesNew nodes get ENIs, pods get IPs
8ExitN/AAll pods use VPC IPs, native networking enabled
💡 Pods have IPs assigned from VPC subnets, enabling native VPC networking; no further steps needed.
Status Tracker
VariableStartAfter Step 2After Step 3After Step 4Final
VPCNoneCreated with subnetsSameSameSame
EKS ClusterNoneCreatedSameSameSame
NodesNoneCreatedSameSameScaled as needed
VPC CNI PluginNot installedNot installedInstalled as DaemonSetRunning on nodesRunning
Pod IPsNoneNoneNoneAssigned from VPC subnetAssigned from VPC subnet
Key Moments - 3 Insights
Why do pods get IP addresses from the VPC subnet instead of a separate range?
Because the VPC CNI plugin assigns ENIs and IPs directly from the VPC subnets, pods use real VPC IPs, as shown in execution_table step 4.
What happens if the VPC CNI plugin is not installed?
Pods will not get VPC IPs and will use Kubernetes default networking, losing native VPC integration, as seen by the absence of step 3 and 4 in execution_table.
How does scaling nodes affect pod IP assignment?
New nodes get ENIs attached and pods on them get IPs from the VPC subnet, maintaining native networking, as shown in step 7.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, at which step do pods start receiving IPs from the VPC subnet?
AStep 3
BStep 4
CStep 2
DStep 5
💡 Hint
Check the 'Result/State Change' column for when pods get IPs from VPC subnet.
According to variable_tracker, what is the state of the VPC CNI Plugin after Step 3?
ANot installed
BRunning on nodes
CInstalled as DaemonSet
DScaled as needed
💡 Hint
Look at the 'VPC CNI Plugin' row under 'After Step 3' column.
If the cluster scales nodes, what happens to pod IP assignment according to execution_table?
APods get IPs from the VPC subnet as before
BPods lose IPs
CPods get IPs from a new subnet
DPods share IPs
💡 Hint
See step 7 in execution_table about scaling nodes and pod IPs.
Concept Snapshot
EKS networking with VPC CNI:
- Pods get real VPC IPs via ENIs
- VPC CNI plugin runs as DaemonSet
- Pods use VPC routing for communication
- Enables native AWS networking features
- Scales with nodes attaching ENIs
- Requires VPC with proper subnets
Full Transcript
This visual execution shows how Amazon EKS uses the VPC CNI plugin to assign real VPC IP addresses to pods. First, a VPC with subnets is created. Then, an EKS cluster with nodes is deployed. The VPC CNI plugin is installed as a DaemonSet on the nodes. This plugin assigns Elastic Network Interfaces (ENIs) and IP addresses from the VPC subnets directly to pods. As a result, pods communicate over the native VPC network. When the cluster scales, new nodes get ENIs and pods on them receive IPs from the same VPC subnet range. This setup enables pods to have native AWS networking capabilities. The execution table and variable tracker detail each step and state change, clarifying common confusions about pod IP assignment and plugin installation.