4

AWS EKS makes use of their own CNI plugin and there are docs that allow you to install Calico for managing policy. For a number of reasons, I'd like to have Calico manage networking as well.

Based on the installation instructions I can't seem to find a way to do either option:

etcd

Doesn't seem viable as I can't find a way to access the EKS control plane etcd endpoints. If I were to deploy my own etcd pods inside the cluster, I need to use the AWS CNI plugin for those to get an IP address, so that doesn't work. I could bring my own etcd cluster outside of Kubernetes, but that seems a bit ridiculous.

Kubernetes API datastore

This option wants me to change setting to the controller which I don't have access to in the AWS EKS managed control plane.

Valdis R
  • 2,095
  • 1
  • 18
  • 36

1 Answers1

4

The short answer is as of this writing EKS (nor GKE) doesn't give you direct access to any of the control plane components: etcd, kube-apiserver, kube-controller-manager, coredns/kube-dns, kube-scheduler.

They do have some docs on how to install Calico on an EKS cluster, but if you want more control you'll have to set up your own standalone cluster.

They might allow you access to the master components in the future but the bottom line is that EKS is a 'managed' service where they are supposed to take care of all your control plane components.

Rico
  • 58,485
  • 12
  • 111
  • 141