Problem Statement
Elastic Kubernetes Service (EKS) is predominantly used by many of the Organizations because it is an upstream and certified conformant version of Kubernetes with backported security fixes. It also provides a managed Kubernetes experience for performant, reliable and secure Kubernetes clusters. In a rapidly growing Business or Organization, where the Workloads deployed to EKS increases rapidly, Kubernetes Admin face a situation where the New Pods run out of IPs during its initialization as part of Scaling.
Background:
When we use a third-party Networking Plugin like Calico, Cilium, Flannel or etc., the IPs of the Node and the Pod initialized gets assigned from different IP CIDRs. Pod IP space (Network plugin CIDR) and Node IP space (from VPC subnet) are different, and Pods get an isolated IP addresses from other services.
This case is bit different when we use EKS with AWS VPC CNI Networking Plugin. This is because the plugin assigns a private IPv4 or IPv6 address from your VPC to each pod and service. Your pods and services have the same IP address inside the pod as they do on the VPC network. This is intentional to ease the communication between Pod and other AWS
services.
Solution:
1. Enable ipv6 — Create EKS Cluster with ipv6 option enabled.
2. Add Secondary CIDR ranges to existing EKS cluster.
We will discuss in detail about the second solution and how we can achieve it via Terraform.
Steps in Detail:
Create subnets with a new CIDR range
aws ec2 describe-availability-zones — region us-east-1 — query
‘AvailabilityZones[*].ZoneName’
Considering our AWS region as us-west-2
1. list all the Availability Zones in your AWS Region, run the following command:
aws ec2 describe-availability-zones — region us-west-2 — query ‘AvailabilityZones[*].ZoneName’
2. Choose the Availability Zone where you want to add the subnets, and then assign those Availability
Zones to variables. For example
export AZ1=us-west-2a
export AZ2=us-west-2b
export AZ3=us-west-2c
3. To create new subnets under the VPC with the new CIDR range, run the following commands:
SUBNETA=$(aws ec2 create-subnet — cidr-block 100.64.0.0/19 — vpc-id $VPC_ID —
availability-zone $AZ1 | jq -r .Subnet.SubnetId)
SUBNETB=$(aws ec2 create-subnet — cidr-block 100.64.32.0/19 — vpc-id $VPC_ID —
availability-zone $AZ2 | jq -r .Subnet.SubnetId)
SUBNETC=$(aws ec2 create-subnet — cidr-block 100.64.64.0/19 — vpc-id $VPC_ID —
availability-zone $AZ3 | jq -r .Subnet.SubnetId)
4. (Optional) Add a name tag for your subnets by setting a key-value pair.
For example:
aws ec2 create-tags — resources $SUBNETA — tags Key=Name,Value=SubnetA
aws ec2 create-tags — resources $SUBNETB — tags Key=Name,Value=SubnetB
aws ec2 create-tags — resources $SUBNETC — tags Key=Name,Value=SubnetC
5. Associate your new subnet to a route table. List the entire route table under the VPC, run the following command:
aws ec2 describe-route-tables — filters Name=vpc-id,Values=$VPC_ID |jq -r
‘.RouteTables[].RouteTableId’export ROUTETABLE_ID=rtb-xxxxxxxxx
6. Associate the route table to all new subnets. For example:
aws ec2 associate-route-table — route-table-id $ROUTETABLE_ID — subnet-id
$SUBNETA
aws ec2 associate-route-table — route-table-id $ROUTETABLE_ID — subnet-id
$SUBNETB
aws ec2 associate-route-table — route-table-id $ROUTETABLE_ID — subnet-id
$SUBNETC
Configure the CNI Plugin to use Newly created Secondary CIDR via Terraform
var.eks_pod_subnet_ids — Subnet IDs created as part of previous step
var.availability_zones — List of Availability Zones for which ENIConfig has to be created
Summary:
By this method, we can avoid a situation where we run out of ipv4 addresses in our Kubernetes
environment.
For more such technical blogs — cubensquare.com/blog
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.
Your article helped me a lot, is there any more related content? Thanks! https://www.binance.com/da-DK/register?ref=V2H9AFPY
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
Hey! Do you know if they make any plugins to assist with SEO?
I’m trying to get my blog to rank for some targeted keywords
but I’m not seeing very good gains. If you know of any please share.
Many thanks! I saw similar article here: Warm blankets
Both crew members have been remoted, and the remainder of the roughly 450 crew members of the ship have been placed under quarantine.
sugar defender reviews
I’ve fought with blood sugar level fluctuations for several years, and it actually impacted my power levels throughout the day.
Since starting Sugar Defender, I feel more well balanced and alert, and I do not
experience those mid-day drops any longer!
I like that it’s a natural option that works without any rough adverse effects.
It’s really been a game-changer for me
sugar defender reviews As somebody
who’s always bewared regarding my blood glucose, discovering Sugar Defender has been an alleviation. I really
feel a lot a lot more in control, and my current exams have revealed positive enhancements.
Knowing I have a trusted supplement to support my regular provides me
satisfaction. I’m so happy for Sugar Protector’s impact on my
health!
Your article helped me a lot, is there any more related content? Thanks!
This website truly has all of the information and facts I wanted about this subject and didn’t know who to ask.
Hi, I do believe this is an excellent website. I stumbledupon it 😉 I’m going to revisit yet again since I bookmarked it. Money and freedom is the greatest way to change, may you be rich and continue to help other people.
I couldn’t refrain from commenting. Perfectly written!
After I initially left a comment I seem to have clicked the -Notify me when new comments are added- checkbox and from now on every time a comment is added I receive 4 emails with the same comment. There has to be a means you can remove me from that service? Many thanks.
Next time I read a blog, I hope that it doesn’t fail me just as much as this particular one. After all, Yes, it was my choice to read, but I actually thought you would have something useful to say. All I hear is a bunch of moaning about something that you can fix if you were not too busy searching for attention.
Your style is very unique in comparison to other folks I’ve read stuff from. Thanks for posting when you have the opportunity, Guess I’ll just bookmark this page.
Aw, this was an exceptionally nice post. Finding the time and actual effort to generate a great article… but what can I say… I procrastinate a lot and don’t manage to get nearly anything done.
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
Howdy! This post could not be written much better! Looking through this post reminds me of my previous roommate! He continually kept talking about this. I will send this article to him. Fairly certain he will have a great read. I appreciate you for sharing!
I blog quite often and I truly appreciate your content. Your article has really peaked my interest. I’m going to take a note of your blog and keep checking for new details about once per week. I subscribed to your RSS feed as well.
In the event you install that ritzy business stove you have been lusting after, it’s possible you’ll not get your money back from the funding.
Hi there! I simply would like to give you a big thumbs up for the great info you have got right here on this post. I am coming back to your site for more soon.
There aren’t any jobs listed in NC.
Sports as a reward in sales incentives offer you the interior profit for tying an awesome theme on the competition that could be described and leveraged by means of the complete promotion interval.
An instance is by offering strong-waste classification, allowing visitors and native residents alike to see how it is possible to cut back the amount that goes to landfills by simply the separation and correct disposal of waste.
The high temperatures needed for outgassing additionally tend to destroy the extremely effective “mushy” low-emissivity coatings that are often applied to one or both of the interior surfaces (i.e.
The losses at Fort Lee positioned a heavy toll on Washington and the Continental Army.
Do you know that in Hungary, public baths are nonetheless quite popular?
Critics of the show have remarked that the high-funds house purchases and renovations are “out of touch” with the altering housing markets that favor rentals, though Kathleen Finch (an HGTV executive) has said that so-called “hatewatch is a part of the attraction” of the present.
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article. https://www.binance.com/en-IN/register?ref=UM6SMJM3
Mr. PATRICK was born December 3, 1899 in Allen, Ok the place he had moved from over 30 years ago to Drumright and was retired from the Atlantic Richfield Pipeline Co.
You are so interesting! I don’t believe I’ve read through anything like this before. So great to find another person with a few unique thoughts on this subject matter. Really.. thank you for starting this up. This site is one thing that is required on the web, someone with some originality.
You have talked some nice information on the subject, are you working to do a FAQ about this issue in the future, as i have some more doubts that will be common to other readers.
I love it when people get together and share thoughts. Great blog, keep it up.
Nice post. I learn something new and challenging on sites I stumbleupon everyday. It’s always useful to read content from other authors and practice something from other web sites.
Aw, this was an extremely good post. Finding the time and actual effort to make a good article… but what can I say… I procrastinate a whole lot and never manage to get nearly anything done.
Hi, I do believe this is a great website. I stumbledupon it 😉 I may revisit once again since i have book marked it. Money and freedom is the best way to change, may you be rich and continue to guide other people.
Certified gasoline cell property prices.
An outstanding share! I’ve just forwarded this onto a colleague who was conducting a little research on this. And he in fact ordered me breakfast because I discovered it for him… lol. So let me reword this…. Thank YOU for the meal!! But yeah, thanx for spending time to discuss this issue here on your internet site.
The player’s character ultimately defeated Sion, and was then given the choice to show him again to the sunshine facet.