Skip to content

Commit

Permalink
Add notes/config on AWS EKS VPC CNI
Browse files Browse the repository at this point in the history
  • Loading branch information
@manics
manics committed Oct 8, 2023
1 parent 767cdbb commit 66eb7e5
Show file tree
Hide file tree
Showing 3 changed files with 585 additions and 0 deletions.
1 change: 1 addition & 0 deletions .prettierignore
View file
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
mybinder/templates/
terraform/aws/curvenote/cni/
20 changes: 20 additions & 0 deletions terraform/aws/curvenote/cni/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Enable NetworkPolicies on EKS

EKS automatically installs the VPC CNI plugin, but by default NetworkPolicies are not enabled.

1. Find the recommended version of the VPC CNI plugin
https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html
2. Download the VPC-CNI Kubernetes manifest, replacing `1.15.0` with the recommended version
```
curl -O https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.15.0/config/master/aws-k8s-cni.yaml
```
3. Edit `aws-k8s-cni.yaml`:
- Change all mentions of `us-west-2` to your region
- Update the manifest following the `kubectl` instructions in
https://docs.aws.amazon.com/eks/latest/userguide/cni-network-policy.html
- Add `enable-network-policy-controller: "true"` to the `aws-node` ConfigMap
- Set `--enable-network-policy=true` in the `aws-node` DaemonSet `aws-network-policy-agent` container
4. Apply:
```
kubectl apply -f cni/aws-k8s-cni.yaml
```
Loading

0 comments on commit 66eb7e5

Please sign in to comment.