Alternate compatible CNI plugins - Amazon EKS
Alternate compatible network policy plugins

Help improve this page

Want to contribute to this user guide? Scroll to the bottom of this page and select Edit this page on GitHub. Your contributions will help make our user guide better for everyone.

Alternate compatible CNI plugins

The Amazon VPC CNI plugin for Kubernetes is the only CNI plugin supported by Amazon EKS. Amazon EKS runs upstream Kubernetes, so you can install alternate compatible CNI plugins to Amazon EC2 nodes in your cluster. If you have Fargate nodes in your cluster, the Amazon VPC CNI plugin for Kubernetes is already on your Fargate nodes. It's the only CNI plugin you can use with Fargate nodes. An attempt to install an alternate CNI plugin on Fargate nodes fails.

If you plan to use an alternate CNI plugin on Amazon EC2 nodes, we recommend that you obtain commercial support for the plugin or have the in-house expertise to troubleshoot and contribute fixes to the CNI plugin project.

Amazon EKS maintains relationships with a network of partners that offer support for alternate compatible CNI plugins. For details about the versions, qualifications, and testing performed, see the following partner documentation.

Partner

Product

Documentation

Tigera

Calico

Installation instructions
Isovalent

Cilium

Installation instructions
Juniper

Cloud-Native Contrail Networking (CN2)

Installation instructions

VMware

Antrea

Installation instructions

Amazon EKS aims to give you a wide selection of options to cover all use cases.

Alternate compatible network policy plugins

Calico is a widely adopted solution for container networking and security. Using Calico on EKS provides a fully compliant network policy enforcement for your EKS clusters. Additionally, you can opt to use Calico's networking, which conserve IP addresses from your underlying VPC. Calico Cloud enhances the features of Calico Open Source, providing advanced security and observability capabilities.