search

aws / amazon-vpc-cni-k8s

Networking plugin repository for pod networking in Kubernetes using Elastic Network Interfaces on AWS
Apache License 2.0
2.27k stars 737 forks source link

Use unreserved IP address for pod ENI #3087

Closed alam0rt closed 6 hours ago

alam0rt commented 8 hours ago

Problem:

We use ENABLE_POD_ENI=true and ENABLE_PREFIX_DELEGATION=true to create a secondary ENI attached to our nodes in a dedicated subnet.

These subnets also have a number of CIDR reservations which we use for pods.

The issue we face is that randomly the primary address of the secondary ENI falls within the reserved CIDR ranges. This means more fragmentation of the subnet and wasted IP space. I am pretty sure that the reservation range that the primary address falls in becomes unusable for pods.

A solution?:

Looking at the code in https://github.com/aws/amazon-vpc-cni-k8s/blob/0703d03dec8afb8f83a7ff0c9d5eb5cc3363026e/pkg/awsutils/awsutils.go#L891-L910 I can see that it doesn't request a specific address. Is it possible / a good idea to allow selecting a primary address from a range that is outside of any CIDR reservation?

alam0rt commented 6 hours ago

Closing as https://github.com/aws/amazon-vpc-cni-k8s/issues/2313 is identical

github-actions[bot] commented 6 hours ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one.