Sharing of subnets across multiple EKS clusters

Question

I am setting up two EKS clusters in one VPC.

Is it possible to share the subnets among these two clusters? Is there any problem with that approach?

I was thinking of creating three private subnets that could be shared between these two EKS clusters.

Answer 1

A VPC per cluster is probably considered best practice owing to VPC IP address constraints and deployment best practices as well. You may have your reasons to adopt multiple EKS clusters per subnet however a common generic Kubernetes pattern is to have clusters separated for environments (e.g. dev/test/qa/staging/prod/etc) and namespaces to separate teams/devs within a given environment.
Multiple EKS Clusters on a shared VPC is not a great idea as you will easily run out of IP ranges. Check this info on IP networking

Answer 2

It's possible, in this case don't forget to add as many tags as necessary on your subnets (1 for each EKS cluster), such as:

kubernetes.io/cluster/cluster1: shared
kubernetes.io/cluster/cluster2: shared
...
kubernetes.io/cluster/clusterN: shared

This way, you will ensure the automatic subnet discovery by load balancers and ingress controllers.

Answer 3

I was a little research about this topic and the official doc of EKS don't say anything about avoid this approach.

In summary AWS recommend you this about subnets/vpc networking:

• Make sure about the size of your subnets (if you have insufficient IP addresses available, your pods will not get an IP address)
• Prefer use private subnets for your workers node & public subnets for Load Balancers

Reference: https://aws.github.io/aws-eks-best-practices/reliability/docs/networkmanagement/#recommendations_1

Btw, for a better security you can implement network policies, encryption in transit (load balancers, add a service mesh), please read this doc for more details: https://aws.github.io/aws-eks-best-practices/security/docs/network/#network-security