Amazon EKS networking add-ons - Amazon EKS
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon EKS networking add-ons

Several networking add-ons are available for your Amazon EKS cluster.

Built-in add-ons

Note

If you create clusters in any way except by using the console, each cluster comes with the self-managed versions of the built-in add-ons. The self-managed versions can't be managed from the Amazon Web Services Management Console, Amazon Command Line Interface, or SDKs. You manage the configuration and upgrades of self-managed add-ons.

We recommend adding the Amazon EKS type of the add-on to your cluster instead of using the self-managed type of the add-on. If you create clusters in the console, the Amazon EKS type of these add-ons is installed.

Amazon VPC CNI plugin for Kubernetes

This CNI add-on creates elastic network interfaces and attaches them to your Amazon EC2 nodes. The add-on also assigns a private IPv4 or IPv6 address from your VPC to each Pod and service. This add-on is installed, by default, on your cluster. For more information, see Working with the Amazon VPC CNI plugin for Kubernetes Amazon EKS add-on.

CoreDNS

CoreDNS is a flexible, extensible DNS server that can serve as the Kubernetes cluster DNS. CoreDNS provides name resolution for all Pods in the cluster. This add-on is installed, by default, on your cluster. For more information, see Working with the CoreDNS Amazon EKS add-on.

kube-proxy

This add-on maintains network rules on your Amazon EC2 nodes and enables network communication to your Pods. This add-on is installed, by default, on your cluster. For more information, see Updating the Kubernetes kube-proxy self-managed add-on.

Optional Amazon networking add-ons

Amazon Load Balancer Controller

When you deploy Kubernetes service objects of type loadbalancer, the controller creates Amazon Network Load Balancers . When you create Kubernetes ingress objects, the controller creates Amazon Application Load Balancers. We recommend using this controller to provision Network Load Balancers, rather than using the legacy Cloud Provider controller built-in to Kubernetes. For more information, see the Amazon Load Balancer Controller documentation.

Amazon Gateway API Controller

This controller lets you connect services across multiple Kubernetes clusters using the Kubernetes gateway API. The controller connects Kubernetes services running on Amazon EC2 instances, containers, and serverless functions by using the Amazon VPC Lattice service. For more information, see the Amazon Gateway API Controller documentation.

Additional networking add-ons

Calico network policy engine

This add-on is a network policy engine for Kubernetes. With Calico network policy enforcement, you can implement network segmentation and tenant isolation. This is useful in multi-tenant environments where you must isolate tenants from each other or when you want to create separate environments for development, staging, and production. For more information, see Installing the Calico network policy engine add-on.

For more information about add-ons, see Amazon EKS add-ons.