Learn how to use custom subnets for pods in Amazon Elastic Kubernetes Service (EKS) to meet compliance requirements and enable secure pod communication within a VPC.
Table of Contents
Question
A company is migrating an application from an on-premises location to Amazon Elastic Kubernetes Service (Amazon EKS). The company must use a custom subnet for pods that are in the company’s VPC to comply with requirements. The company also needs to ensure that the pods can communicate securely within the pods’ VPC.
Which solution will meet these requirements?
A. Configure AWS Transit Gateway to directly manage custom subnet configurations for the pods in Amazon EKS.
B. Create an AWS Direct Connect connection from the company’s on-premises IP address ranges to the EKS pods.
C. Use the Amazon VPC CNI plugin for Kubernetes. Define custom subnets in the VPC cluster for the pods to use.
D. Implement a Kubernetes network policy that has pod anti-affinity rules to restrict pod placement to specific nodes that are within custom subnets.
Answer
C. Use the Amazon VPC CNI plugin for Kubernetes. Define custom subnets in the VPC cluster for the pods to use.
Explanation
The Amazon VPC Container Network Interface (CNI) plugin for Kubernetes allows Amazon EKS pods to have the same IP addresses inside the pod as they do on the VPC network. This plugin offers the most pod network integration and flexibility.
By using the Amazon VPC CNI plugin, you can:
- Assign custom subnets from within your VPC to the EKS pods
- Ensure pods can communicate securely with each other inside the VPC using their pod IP addresses
- Meet compliance requirements by using custom subnet ranges that you specify
The other options are incorrect:
- A: AWS Transit Gateway cannot directly manage custom subnets for EKS pods. It is used more for connecting VPCs and on-premises networks.
- B: An AWS Direct Connect connection is for establishing a dedicated network connection from on-premises to AWS. It does not configure custom subnets for EKS pods.
- D: Kubernetes network policies and anti-affinity rules are used to restrict which pods can communicate with each other and where pods are scheduled. They do not assign custom subnets to pods.
Therefore, using the Amazon VPC CNI plugin and defining custom pod subnets in the VPC is the best solution to meet the stated requirements around custom subnets and secure pod communication within the VPC for the company’s Amazon EKS deployment.
Amazon AWS Certified Solutions Architect – Associate SAA-C03 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Associate SAA-C03 exam and earn Amazon AWS Certified Solutions Architect – Associate SAA-C03 certification.