Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

create eks cluster in aws : I have a problem understanding the subnets we provide when creating the eks are used for what

0

the subnets we provide when creating eks cluster, is where the control plan is created or the master nodes ? where the ENIs are created also, are they created in the control plan subnets or the worker nodes subnets ? Please provide me with resources that shows this, Thanks

I was expecting to be the subnets where the worker nodes and ENIs are created (since the control plan are managed by AWS), but when I tried to test this, I choosed Casablanca wavelenght as an availability zone, at the end, it shows the error that AWS can't create the control plan in Casablanca, so I understood from this message that the subnets we provide is for the control plans

Topics
Networking & Content DeliveryContainers
Tags
Amazon VPCAmazon Elastic Kubernetes Service
Language
English
asked 4 months ago56 views
1 Answer
1
Accepted Answer

When you create an Amazon EKS cluster, you need to understand the architecture involves two VPCs:

  1. An AWS-managed VPC that hosts the Kubernetes control plane (not visible in your account)
  2. Your customer-managed VPC that hosts the worker nodes and other infrastructure

The subnets you specify during cluster creation are used for placing cross-account elastic network interfaces (X-ENIs or EKS Managed ENIs) in your VPC. These ENIs enable communication between the AWS-managed control plane and your worker nodes. EKS places these ENIs in each subnet you specify during cluster creation (also called cluster subnets).

The control plane itself is not created in your subnets - it's created and managed by AWS in their own VPC. However, the ENIs that allow communication with the control plane are placed in your specified subnets.

When worker nodes start up, they need to communicate with the Kubernetes API server (control plane). This communication happens either through:

  • A public endpoint (if you've enabled public access)
  • Through these EKS Managed ENIs within your VPC (for private access)

If you selected a location like Wavelength Zones that isn't supported for EKS control plane connectivity, you'll receive an error because EKS can't establish the necessary ENIs in those subnets to communicate with the control plane.

When you later create node groups, you can specify different subnets for your worker nodes than those used for the cluster ENIs, but those worker nodes still need to be able to communicate with the control plane through the ENIs placed in your cluster subnets.
Sources
How EKS Control Plane is communicate with worker node | AWS re:Post
VPC and Subnet Considerations - Amazon EKS
Updating control plane subnets and security groups - Eksctl User Guide

answered 4 months ago
  • yahya
    4 months ago

    Very clear, based on what you have said, the subnets provided when creating the cluster are the subnets used to place the ENIs so that the worker nodes can communicate with the master nodes, and the subnets where the worker nodes will start up are provided later when creating the worker nodes. but why in eks architectures in google, ENIs are in the same subnet as the worker nodes

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content