AWS VPC CNI (Helm)
Palette supports the AWS VPC CNI plugin for Kubernetes clusters running on Amazon EKS. This integration allows you to leverage the native networking capabilities of AWS, providing high performance and scalability for your containerized applications.
Configure Pod CIDR
Configuring a pod CIDR helps maintain predictable, scalable, and conflict-free networking within Kubernetes clusters. By selecting a custom pod CIDR range, you can ensure alignment with existing network policies, avoid overlaps with corporate or cloud VPC networks, and plan for future cluster growth.
Before deploying the CNI pack, make sure the following AWS resources are configured manually:
- A
10.0.0.0/16CIDR block - Three Availability Zones (AZs)
- Three public subnets attached to a single public route table
- Three private subnets attached to a single private route table
- One NAT gateway in a single AZ
Once the above resources are created, make the following adjustments to the pack's YAML before deploying the CNI pack.
-
Provide your AWS account ID to all
account:fields. -
Change the following environment variables in the
envsection. Refer to the AWS VPC CNI documentation for more details.
AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG: "true"
ENABLE_POD_ENI: "true"
ENI_CONFIG_LABEL_DEF: "topology.kubernetes.io/zone"
- Provide the subnet IDs and security group IDs in the
eniConfigsection. Replace the placeholder values with your created subnet and security group IDs.
eniConfig:
# Specifies whether ENIConfigs should be created
create: true
region: '{{ .spectro.system.cloud.region }}'
subnets:
"{{ .spectro.system.cloud.region }}a":
id: subnet-<REPLACE_WITH_YOUR_SUBNET_ID>
securityGroups:
- sg-<REPLACE_WITH_YOUR_SECURITY_GROUP_ID>
"{{ .spectro.system.cloud.region }}b":
id: subnet-<REPLACE_WITH_YOUR_SUBNET_ID>
securityGroups:
- sg-<REPLACE_WITH_YOUR_SECURITY_GROUP_ID>
"{{ .spectro.system.cloud.region }}c":
id: subnet-<REPLACE_WITH_YOUR_SUBNET_ID>
securityGroups:
- sg-<REPLACE_WITH_YOUR_SECURITY_GROUP_ID>