From d65dc82869047d36461bc9ba61aeecc97b8dbc1b Mon Sep 17 00:00:00 2001 From: Jens-Uwe Walther Date: Thu, 4 Dec 2025 12:09:27 +0100 Subject: [PATCH] Update "Use Network Policies with EKS Auto Mode" --- latest/ug/automode/auto-net-pol.adoc | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/latest/ug/automode/auto-net-pol.adoc b/latest/ug/automode/auto-net-pol.adoc index e9611415c..4a39e5cea 100644 --- a/latest/ug/automode/auto-net-pol.adoc +++ b/latest/ug/automode/auto-net-pol.adoc @@ -9,6 +9,17 @@ include::../attributes.txt[] Network policies allow you to control traffic flow at the IP address or port level within your Amazon EKS cluster. This topic explains how to enable and use network policies with EKS Auto Mode. +Auto Mode supports two Network Policies modes, which can be configured in a custom `NodeClass` attribute `spec.networkPolicy`: + +* `networkPolicy: DefaultAllow` which is equal in behaviour to AWS VPC CNI `NETWORK_POLICY_ENFORCING_MODE: standard` +* `networkPolicy: DefaultDeny` which is equal in behaviour to AWS VPC CNI `NETWORK_POLICY_ENFORCING_MODE: strict` + +See AWS VPC CNI attribute link:https://github.com/aws/amazon-vpc-cni-k8s?tab=readme-ov-file#network_policy_enforcing_mode-v1171["NETWORK_POLICY_ENFORCING_MODE"] for reference. + +EKS Auto Mode does not support alternate CNI plugins in chaining mode for Network Policies. + + + == Prerequisites * An Amazon EKS cluster with EKS Auto Mode enabled @@ -69,4 +80,4 @@ Once your nodes are using this Node Class, they will be able to enforce network == Step 3: Create and test network policies -Your EKS Auto Mode cluster is now configured to support Kubernetes network policies. You can test this with the <>. \ No newline at end of file +Your EKS Auto Mode cluster is now configured to support Kubernetes network policies. You can test this with the <>.