Skip to content

Improve SGPP docs #1153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: mainline
Choose a base branch
from
Open

Improve SGPP docs #1153

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion latest/ug/networking/security-groups-pods-deployment.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,15 @@ aws iam attach-role-policy --policy-arn {arn-aws}iam::aws:policy/AmazonEKSVPCRes
+
[source,bash,subs="verbatim,attributes"]
----
kubectl set env daemonset aws-node -n kube-system ENABLE_POD_ENI=true
kubectl set env daemonset aws-node -n kube-system -c aws-node ENABLE_POD_ENI=true
----
+
The env `ENABLE_POD_ENI` only works for `aws-node` container, if you have set `ENABLE_POD_ENI` to other containers before, you can optionally remove them from the env by the following command.
+
[source,bash,subs="verbatim,attributes"]
----
kubectl set env daemonset aws-node -n kube-system -c aws-vpc-cni-init ENABLE_POD_ENI-
kubectl set env daemonset aws-node -n kube-system -c aws-eks-nodeagent ENABLE_POD_ENI-
----
+
NOTE: The trunk network interface is included in the maximum number of network interfaces supported by the instance type. For a list of the maximum number of network interfaces supported by each instance type, see link:AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI[IP addresses per network interface per instance type,type="documentation"] in the _Amazon EC2 User Guide_. If your node already has the maximum number of standard network interfaces attached to it then the VPC resource controller will reserve a space. You will have to scale down your running Pods enough for the controller to detach and delete a standard network interface, create the trunk network interface, and attach it to the instance.
Expand All @@ -58,6 +66,8 @@ kubectl get cninode -A
+
If you are using VPC CNI versions older than `1.15`, node labels were used instead of the `CNINode` custom resource. You can see which of your nodes have the node label `aws-k8s-trunk-eni` set to `true` with the following command. If `No resources found` is returned, then wait several seconds and try again. The previous step requires restarting the Amazon VPC CNI plugin for Kubernetes Pods, which takes several seconds.
+
To identify the node with trunk ENI while VPC CNI version is older than `1.15`, use the following command,
+
[source,bash,subs="verbatim,attributes"]
----
kubectl get nodes -o wide -l vpc.amazonaws.com/has-trunk-attached=true
Expand Down