Closed alam0rt closed 6 hours ago
Closing as https://github.com/aws/amazon-vpc-cni-k8s/issues/2313 is identical
This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one.
Problem:
We use
ENABLE_POD_ENI=true
andENABLE_PREFIX_DELEGATION=true
to create a secondary ENI attached to our nodes in a dedicated subnet.These subnets also have a number of CIDR reservations which we use for pods.
The issue we face is that randomly the primary address of the secondary ENI falls within the reserved CIDR ranges. This means more fragmentation of the subnet and wasted IP space. I am pretty sure that the reservation range that the primary address falls in becomes unusable for pods.
A solution?:
Looking at the code in https://github.com/aws/amazon-vpc-cni-k8s/blob/0703d03dec8afb8f83a7ff0c9d5eb5cc3363026e/pkg/awsutils/awsutils.go#L891-L910 I can see that it doesn't request a specific address. Is it possible / a good idea to allow selecting a primary address from a range that is outside of any CIDR reservation?