Networking plugin for pod networking in Kubernetes using Elastic Network Interfaces on AWS.
REPO_PATH=<path-to-this-repo>
kubectl apply -f $REPO_PATH/misc/aws-k8s-cni.yaml
There are 2 components:
- CNI Plugin, which will wire up host's and pod's network stack when called.
- L-IPAM, which is a long running node-Local IP Address Management (IPAM) daemon, is responsible for:
- maintaining a warm-pool of available IP addresses, and
- assigning an IP address to a Pod.
The details can be found in Proposal: CNI plugin for Kubernetes networking over AWS VPC
-
kubelets must be started with --network-plugin=cni and have --cni-conf-dir and --cni-bin-dir properly set
- In aws-k8s-cni.yaml, the following defaults are configured:
- --cni-conf-dir=/etc/cni/net.d
- --cni-bin-dir=/opt/cni/bin
- In aws-k8s-cni.yaml, the following defaults are configured:
-
L-IPAM requires following IAM policy:
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:AttachNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:DescribeNetworkInterfaces",
“ec2:DescribeInstances”,
“ec2:ModifyNetworkInterfaceAttribute”,
"ec2:AssignPrivateIpAddresses"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": "tag:TagResources",
"Resource": "*"
},