github-actions[bot]
commented
1 month ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days
Open muelleme opened 3 months ago
github-actions[bot]
commented
1 month ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days
What happened:
Hello!
We have a use-case where we run pods with EKS in host network mode and attach a 2nd ENI to the node. The 2nd ENI is tagged with
node.k8s.amazonaws.com/no_manage: trueand we expected it to be completely left alone by the CNI. However, the iptables rules set up by the CNI force all traffic going out via that ENI to be SNATed and the source IP gets changed to the primary node IP. Is that the intended behaviour, and if yes, is there a way to disable this? We do not have a NAT gateway running, so usingAWS_VPC_K8S_CNI_EXTERNALSNAT = trueis not an option for us, as it breaks all other use cases in the cluster.Thanks in advance, any help is highly appreciated!
Environment:
kubectl version): 1.28cat /etc/os-release): amazon-eks-node-1.28-v20240514 AMI