How It Works
VPC-CNI is a container network capability provided by TKE based on CNIs and VPC ENIs. It is suitable for scenarios with high latency requirements. In this network mode, containers and nodes are located on the same network plane, and container IP addresses are ENI IP addresses allocated by the IPAMD component.
The VPC-CNI mode includes the shared and exclusive ENI modes for different scenarios, which can be selected as needed.
Exclusive ENI mode: Each Pod has an exclusive ENI for higher performance. The number of ENIs that can be used by nodes differs by model. The number is smaller for Pods on a single node. Use Limits
We don't recommend subnets in VPC-CNI mode be used by other Tencent Cloud resources such as CVM and CLB instances.
The nodes in the cluster need to be in the same AZ as the subnet, otherwise, the Pod cannot be scheduled.
In VPC-CNI mode, the number of Pods that can be scheduled on a node is subject to the maximum number of IP addresses that can be bound to the node ENI and the number of ENIs. The higher the specifications of the node, the more ENIs can be inserted, which can be checked by viewing the Allocatable of the node.
Applications
Compared with Global Router, VPC-CNI has the following strengths and use cases:
It has one layer fewer bridge and 10% higher network forwarding performance and is suitable for latency-sensitive scenarios.
It supports static Pod IP addresses and is suitable for scenarios that rely on static container IP addresses, for example, migrating a traditional architecture to a container platform and performing security policy restrictions on IP addresses.
It supports CLB-to-Pod direct connect.