README ¶
amazon-vpc-resource-controller-k8s
Usage
Controller running on EKS Control Plane for managing Branch & Trunk Network Interface for Kubernetes Pod using the Security Group for Pod feature and IPv4 Address Management(IPAM) of Windows Nodes.
Security Group for Pods
The controller only manages the Trunk/Branch Network Interface for EKS Cluster using the Security Group for Pods feature. The Networking on the host is setup by amazon-vpc-cni-k8s plugin.
ENI Trunking is a private feature even though the APIs are publicly accessible using AWS SDK. Hence, attempting to run the controller on your worker node for enabling Security Group for Pod for managing Trunk and Branch Network Interface will result in failure of the API calls.
Please follow the guide for enabling Security Group for Pods on your EKS Cluster.
Note: The SecurityGroupPolicy CRD only supports up to 5 security groups per custom resource. If you need more than 5 security groups for a pod, please consider to use more than one custom resources. For example, you can have two custom resources to associate up to 10 security groups to a pod. Please be aware when you are doing so:
1, you need to request increasing the limit since the default limit is 5 security groups per interface and there is a hard limit of 16 currently.
2, currently Fargate only allows up to 5 security groups. If you are using Fargate, you can only use up to 5 security groups per pod.
Windows IPv4 Address Management
The controller manages the IPv4 Addresses for all the Windows Node in EKS Cluster and allocates IPv4 Address to Windows Pods. The Networking on the host is setup by amazon-vpc-cni-plugins.
The controller supports the following modes for IPv4 address management on Windows-
-
Secondary IPv4 address mode → Secondary private IPv4 addresses are assigned to the primary instance ENI and the same are allocated to the Windows pods.
For more details about the high level workflow, please visit our documentation here. -
Prefix delegation mode → /28 IPv4 prefixes are assigned to the primary instance ENI and the IP addresses from the prefix are allocated to the Windows pods.
For more details about the configuration options with prefix delegation, please visit our documentation here.For more details about the high level workflow, please visit our documentation here.
Please follow this guide for enabling Windows Support on your EKS cluster.
Troubleshooting
For troubleshooting issues related to Security group for pods or Windows IPv4 address management, please visit our troubleshooting guide here.
License
This library is licensed under the Apache 2.0 License.
Contributing
See CONTRIBUTING.md
We would appreciate your feedback and suggestions to improve the project and your experience with EKS and Kubernetes.
Documentation ¶
There is no documentation for this package.
Directories ¶
Path | Synopsis |
---|---|
apis
|
|
vpcresources/v1alpha1
Package v1beta1 contains API Schema definitions for the vpcresources v1beta1 API group +kubebuilder:object:generate=true +groupName=vpcresources.k8s.aws
|
Package v1beta1 contains API Schema definitions for the vpcresources v1beta1 API group +kubebuilder:object:generate=true +groupName=vpcresources.k8s.aws |
vpcresources/v1beta1
Package v1beta1 contains API Schema definitions for the vpcresources v1beta1 API group +kubebuilder:object:generate=true +groupName=vpcresources.k8s.aws
|
Package v1beta1 contains API Schema definitions for the vpcresources v1beta1 API group +kubebuilder:object:generate=true +groupName=vpcresources.k8s.aws |
controllers
|
|
mocks
|
|
amazon-vcp-resource-controller-k8s/controllers/custom
Package mock_custom is a generated GoMock package.
|
Package mock_custom is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/aws/ec2
Package mock_ec2 is a generated GoMock package.
|
Package mock_ec2 is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/aws/ec2/api
Package mock_api is a generated GoMock package.
|
Package mock_api is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/condition
Package mock_condition is a generated GoMock package.
|
Package mock_condition is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/handler
Package mock_handler is a generated GoMock package.
|
Package mock_handler is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/k8s
Package mock_k8s is a generated GoMock package.
|
Package mock_k8s is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/k8s/pod
Package mock_pod is a generated GoMock package.
|
Package mock_pod is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/node
Package mock_node is a generated GoMock package.
|
Package mock_node is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/node/manager
Package mock_manager is a generated GoMock package.
|
Package mock_manager is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/pool
Package mock_pool is a generated GoMock package.
|
Package mock_pool is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/provider
Package mock_provider is a generated GoMock package.
|
Package mock_provider is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/provider/branch/trunk
Package mock_trunk is a generated GoMock package.
|
Package mock_trunk is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/provider/ip/eni
Package mock_eni is a generated GoMock package.
|
Package mock_eni is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/resource
Package mock_resource is a generated GoMock package.
|
Package mock_resource is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/utils
Package mock_utils is a generated GoMock package.
|
Package mock_utils is a generated GoMock package. |
amazon-vcp-resource-controller-k8s/pkg/worker
Package mock_worker is a generated GoMock package.
|
Package mock_worker is a generated GoMock package. |
pkg
|
|
test
|
|
webhooks
|
|