Staff Writer

Otterize Amplifies AWS EKS Networking

Amazon Web Services (AWS) recently unveiled built-in support for enforcing Kubernetes network policies for its native VPC CNI, a move that has been eagerly anticipated by the developer community. This enhancement paves the way for more secure and streamlined pod-to-pod communications within Kubernetes clusters.

Otterize, in their recent post, sheds light on the significance of this development. Kubernetes, by default, permits unrestricted communication between all pods. The introduction of Kubernetes network policies empowers developers to curtail traffic, ushering in a zero-trust environment for workloads within a cluster.

Previously, the norm was to deploy an external network policy controller or to overhaul the CNI entirely. Such measures, especially for pre-existing clusters, often led to intricate challenges. The ideal scenario for many is to utilize the VPC CNI, ensuring direct communication between Kubernetes pods and other workloads within the VPC network.

Yet, implementing network policies is no walk in the park. The Otterize team candidly discusses the hurdles:

  • The process is binary - permitting one client inadvertently blocks others unless explicitly allowed.
  • Policies are typically applied to servers, but it's the clients who are privy to their connection targets.
  • Synchronizing labels across myriad services is daunting, more so when different teams manage these services. A single misstep can lead to blocked access.
  • An abundance of network policies on a single node can degrade performance due to the multitude of rules evaluated for each packet.
  • Predicting the impact of a network policy on workloads is akin to gazing into a murky crystal ball.

Otterize offers a solution in the form of their open-source intents operator and network mapper. These tools address the aforementioned challenges and extend their capabilities to manage other access controls, including Kafka ACLs, Istio authorization policies, and the soon-to-be-released AWS RDS PostgreSQL and AWS IAM policies.

The Otterize team suggests a novel approach:

  1. Clear Ownership: By declaring ClientIntents in the same namespace as the client, teams can manage their resources without meddling with network policies of servers managed by other teams.
  2. Automatic Intent Generation: The network mapper can auto-generate client intents based on real-time traffic, streamlining the deployment process.
  3. Visual Insights: By connecting the intents operator and network mapper to Otterize Cloud, teams can visualize cluster access patterns, discerning between permitted and blocked connections.
  4. Gradual Implementation: Otterize champions a phased approach. Their shadow mode for the intents operator doesn't enforce network policies immediately but provides insights into potential impacts.

For those eager to dive in, Otterize has curated a comprehensive tutorial on AWS EKS CNI. This guide ensures that users can seamlessly navigate the new features and integrations.

In essence, while AWS lays the foundational infrastructure, Otterize offers tools that refine and enhance the Kubernetes networking experience. As Kubernetes solidifies its position in the container orchestration domain, these advancements signal a shift towards more secure and efficient application communications. With AWS's infrastructure enhancements and Otterize's innovative solutions, the tech community stands to gain immensely.

Have questions or comments about this article? Reach out to us here.

Banner Image Credits: Attendees at Great International Developer Summit

See Highlights

Hear What Attendees Say


“Once again Saltmarch has knocked it out of the park with interesting speakers, engaging content and challenging ideas. No jetlag fog at all, which counts for how interesting the whole thing was."

Cybersecurity Lead, PwC


“Very much looking forward to next year. I will be keeping my eye out for the date so I can make sure I lock it in my calendar."

Software Engineering Specialist, Intuit


“Best conference I have ever been to with lots of insights and information on next generation technologies and those that are the need of the hour."

Software Architect, GroupOn

Hear What Speakers & Sponsors Say

Scott Davis

“Happy to meet everyone who came from near and far. Glad to know you've discovered some great lessons here, and glad you joined us for all the discoveries great and small."

Web Architect & Principal Engineer, Scott Davis

Dr. Venkat Subramaniam

“Wonderful set of conferences, well organized, fantastic speakers, and an amazingly interactive set of audience. Thanks for having me at the events!"

Founder of Agile Developer Inc., Dr. Venkat Subramaniam

Oracle Corp.

“What a buzz! The events have been instrumental in bringing the whole software community together. There has been something for everyone from developers to architects to business to vendors. Thanks everyone!"

Voltaire Yap, Global Events Manager, Oracle Corp.