sigs.k8s.io/cluster-api-provider-aws@v1.5.5/docs/book/src/topics/eks/pod-networking.md

sigs.k8s.io/cluster-api-provider-aws@v1.5.5/docs/book/src/topics/eks/pod-networking.md (about)

     1  # Pod Networking
     2  
     3  When creating a EKS cluster the Amazon VPC CNI will be used by default for Pod Networking.
     4  
     5  > When using the AWS Console to create an EKS cluster with a Kubernetes version of v1.18 or greater you are required to select a specific version of the VPC CNI to use.
     6  
     7  ## Using the VPC CNI Addon
     8  You can use an explicit version of the Amazon VPC CNI by using the **vpc-cni** EKS addon. See the [addons](./addons.md) documentation for further details of how to use addons.
     9  
    10  ## Using an alternative CNI
    11  
    12  There may be scenarios where you do not want to use the Amazon VPC CNI. EKS supports a number of alternative CNIs such as Calico, Cilium, and Weave Net (see [docs](https://docs.aws.amazon.com/eks/latest/userguide/alternate-cni-plugins.html) for full list).
    13  
    14  There are a number of ways to install an alternative CNI into the cluster. One option is to use a [ClusterResourceSet](https://cluster-api.sigs.k8s.io/tasks/experimental-features/cluster-resource-set.html) to apply the required artifacts to a newly provisioned cluster.
    15  
    16  When using an alternative CNI you will want to delete the Amazon VPC CNI, especially for a cluster using v1.17 or less. This can be done via the **disableVPCCNI** property of the **AWSManagedControlPlane**:
    17  
    18  ```yaml
    19  kind: AWSManagedControlPlane
    20  apiVersion: controlplane.cluster.x-k8s.io/v1beta1
    21  metadata:
    22    name: "capi-managed-test-control-plane"
    23  spec:
    24    region: "eu-west-2"
    25    sshKeyName: "capi-management"
    26    version: "v1.18.0"
    27    disableVPCCNI: true
    28  ```
    29  
    30  > You cannot set **disableVPCCNI** to true if you are using the VPC CNI addon.
    31  
    32  Some alternative CNIs provide for the replacement of kube-proxy, such as in [Calico](https://projectcalico.docs.tigera.io/maintenance/ebpf/enabling-ebpf#configure-kube-proxy) and [Cilium](https://docs.cilium.io/en/stable/gettingstarted/kubeproxy-free/). When enabling the kube-proxy alternative, the kube-proxy installed by EKS must be deleted. This can be done via the **disable** property of **kubeProxy** in **AWSManagedControlPlane**:
    33  
    34  ```yaml
    35  kind: AWSManagedControlPlane
    36  apiVersion: controlplane.cluster.x-k8s.io/v1beta1
    37  metadata:
    38    name: "capi-managed-test-control-plane"
    39  spec:
    40    region: "eu-west-2"
    41    sshKeyName: "capi-management"
    42    version: "v1.18.0"
    43    disableVPCCNI: true
    44    kubeProxy:
    45      disable: true
    46  ```
    47  
    48  > You cannot set **disable** to true in **kubeProxy** if you are using the kube-proxy addon.
    49  
    50  ## Additional Information
    51  
    52  See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/pod-networking.html) for further details of EKS pod networking.