Document encap mode installation for EKS

[jianjuns]

Signed-off-by: Jianjun Shen [email protected]

Closes #867

[codecov-commenter]

Codecov Report

Merging #2929 (d0ac51d) into main (8336f7a) will decrease coverage by 20.99%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##             main    #2929       +/-   ##
===========================================
- Coverage   61.59%   40.59%   -21.00%     
===========================================
  Files         283      158      -125     
  Lines       23644    19950     -3694     
===========================================
- Hits        14563     8099     -6464     
- Misses       7512    11080     +3568     
+ Partials     1569      771      -798     

Flag	Coverage Δ
kind-e2e-tests	?
unit-tests	40.59% <ø> (-0.25%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/ovs/openflow/default.go	0.00% <0.00%> (-100.00%)	⬇️
pkg/util/runtime/runtime.go	0.00% <0.00%> (-100.00%)	⬇️
pkg/agent/cniserver/pod_configuration_linux.go	0.00% <0.00%> (-100.00%)	⬇️
pkg/ovs/openflow/logs.go	9.52% <0.00%> (-90.48%)	⬇️
pkg/apis/controlplane/register.go	0.00% <0.00%> (-90.00%)	⬇️
pkg/agent/nodeportlocal/k8s/annotations.go	0.00% <0.00%> (-83.88%)	⬇️
pkg/agent/agent_linux.go	0.00% <0.00%> (-80.00%)	⬇️
pkg/agent/client.go	0.00% <0.00%> (-77.42%)	⬇️
pkg/ovs/ovsconfig/ovs_client_linux.go	0.00% <0.00%> (-76.93%)	⬇️
pkg/flowaggregator/certificate.go	0.00% <0.00%> (-76.58%)	⬇️
... and 233 more

[antoninbas]

thanks for validating this, it will be very useful to have that as a reference

do you want to also mention

1. the advantages of using encap mode (more Pods per Node, encryption)
2. what won't work anymore, notably aggregation

[jianjuns]

1. the advantages of using encap mode (more Pods per Node, encryption)

Makes sense. Add some description in eks-installation.md.

2. what won't work anymore, notably aggregation

I found aggregation is working! Might be some changes in EKS.

[antoninbas]

I found aggregation is working! Might be some changes in EKS.

I think aggregation for Antrea APIs work fine, but I'm not sure how aggregation to a regular Pod (not hostNetwork) can work. Did you check with the metrics server? What's the packet path in that case?

[jianjuns]

I think aggregation for Antrea APIs work fine, but I'm not sure how aggregation to a regular Pod (not hostNetwork) can work. Did you check with the metrics server? What's the packet path in that case?

Ah, you must be right. Let me check, and I can add that if it does not work. Do you have any other issues in mind?

[antoninbas]

@jianjuns you may want to test, but I think the built-in apiserver proxy doesn't work either because it relies on the apiserver being able to connect direcly to Pods: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#manually-constructing-apiserver-proxy-urls. So trying to use the proxy to connect to a Service or Pod should fail.

I can't think of anything else.

[jianjuns]

@antoninbas : added description about the control plane -> Pod connection issue.

[antoninbas]

I don't think you need the "-" here

[jianjuns]

Removed it.

[antoninbas]

Suggested change

	can be created on a Node is decided by the on the maximum number of elastic
	that can be created on a Node is decided by the maximum number of elastic

[jianjuns]

Thanks!

[antoninbas]

the number of Pods per Node

[jianjuns]

Done.

[antoninbas]

the number

[jianjuns]

Done.

[antoninbas]

as a general limitation when using custom CNIs with EKS, Antrea...

[jianjuns]

Done.

[antoninbas]

that require control plane to Pod connections

[jianjuns]

Done.

[jianjuns]

/skip-all

[jianjuns]

/skip-all