Skip to content

CNI Providers

CNI Providers

CNI providers help to create a framework for configuring the appropriate network configuration and resources when provisioning/de-provisioning containers. The CNI spec outlines a plugin interface for container runtimes to coordinate with plugins to configure networking. The two CNI providers are AWS and Calico

AWS

AWS uses Amazon VPC Container Network Interface (CNI) plugin for the pod networking in EKS clusters provisioned by the controller. AWS CNI is the default CNI Provider. AWS VPC ensures that CNI plugin daemons are scheduled on all nodes in a cluster and adds elastic network interface (ENI) resource tagging

Calico

Calico is a popular networking solution used to interconnect virtual machines or Linux containers with the help of virtual routers. Calico provides a Cluster Network Interface (CNI) plugin that can be used for integration with Kubernetes. Users who prefer flexible IP address management capabilities can select the Calico CNI provider. On selecting Calico, all the pods related to Calico gets installed


CNI Providers in Controller

During EKS Cluster provisioning, user must select a CNI Provider from the CNI Providers drop-down available in Advance Settings. If none of the CNI is selected, AWS is set as the default CNI provider

CNI Provider in Controller


CNI Providers through CLI

Post Cluster provisioning, users can change the CNI Provider from AWS to Calico through CLI. Modifying the CNI Provider from Calico to AWS is not supported

  • Download the Cluster Config Yaml file of the provisioned cluster
  • Open the downloaded Yaml file and modify the parameter cniprovider from aws to Calico along with the version

CNI Provider in CLI

  • Use the below command in the terminal to apply the changes
./rctl apply -f <filename>

Important

  • Set hostNetwork to true to enable Drift Detection when using Calico CNI provider
  • All the pods that implement admission webhooks should have hostnetwork to true when using Calico CNI provider.
  • If hostnetwork is not set to true when using Calico CNI, webhook (example: ingress-nginx) fails. To resolve this, change the port in the deployment, so that the webhook uses a different port other than 443