Correction on Subnet Requirements

[dumlutimuralp]

The guidance about the available IPs, mentioned in the Subnet requirements and considerations section of the Amazon EKS VPC and subnet requirements and considerations page of the EKS User guide, is confusing. It also does not match the explanation made on the same topic in the Networking section of the EKS Best Practices Guide.

• As I understand,

When an EKS cluster gets created, the EKS service picks two subnets from the list of subnets that the user specifies during the cluster standup and then a single control plane ENI gets provisioned in two subnets (from that list, i.e. Subnet1 in AZ1 and Subnet2 in AZ2) to make the API resilient. If the control plane needs to scale out then the number of ENIs can go up to four (in those two subnets). During upgrades 4 x new ENIs get created and then the current ENIs get deleted. So you would need 4 + 4 = 8 x IPs for the EKS use. Considering the default network/gateway/dns/reserved/broadcast IPs in a given subnet that makes the required IP address space of at least 8 + 5 = 13 x IPs; which means having to use a /28 subnet.

• In light of the above, I propose the following update on the EKS User Guide :

The subnets must each have at least two IP addresses available for use by Amazon EKS. However, considering scale out and upgrade events we recommend at least eight IP addresses. Adding the reserved IPs, mentioned in the Subnet sizing section of the Amazon VPC User Guide, you need a /28 netmask for each subnet.

[joshbean]

Closing this issue or pull request in advance of archiving this repo. For more information about the decision to archive this repo (and others in the 'awsdocs' org), see the announcement on the AWS News Blog.