{"id":2105,"date":"2026-02-25T07:47:19","date_gmt":"2026-02-25T07:47:19","guid":{"rendered":"https:\/\/www.rajeshkumar.xyz\/blog\/?p=2105"},"modified":"2026-02-25T08:16:25","modified_gmt":"2026-02-25T08:16:25","slug":"evaluation-of-amazon-eks-auto-mode-compute-options-for-high-availability-and-operational-ownership","status":"publish","type":"post","link":"https:\/\/www.rajeshkumar.xyz\/blog\/evaluation-of-amazon-eks-auto-mode-compute-options-for-high-availability-and-operational-ownership\/","title":{"rendered":"Evaluation of Amazon EKS Auto Mode Compute Options for High Availability and Operational Ownership"},"content":{"rendered":"\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Area<\/th><th><strong>1) EKS-provided NodeClass + EKS built-in NodePools<\/strong> (<code>system<\/code>, <code>general-purpose<\/code>)<\/th><th><strong>2) EKS-provided NodeClass + Custom NodePool(s)<\/strong><\/th><th><strong>3) Custom NodeClass + Custom NodePool(s)<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>What you get (big wins)<\/strong><\/td><td><strong>Fastest + simplest<\/strong> \u201cproduction-ready baseline.\u201d Built-ins give you: <code>system<\/code> pool isolation for critical add-ons (CriticalAddonsOnly taint) and a general-purpose pool. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td><strong>Compute control without touching networking:<\/strong> you can tune AZs\/arch\/Spot vs On-Demand\/instance categories, set CPU+memory limits, and define disruption policies using NodePool. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/create-node-pool.html\">AWS Documentation<\/a>)<\/td><td><strong>Full infra policy control<\/strong> (within Auto Mode): customize networking placement, SG selection, SNAT policy, network policy defaults, event logging, pod subnet isolation, plus storage\/tagging knobs via NodeClass. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/auto-networking.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>What you lose \/ constraints<\/strong><\/td><td>Least flexibility: built-ins are fixed. Both built-ins are <strong>On-Demand only<\/strong>, <strong>C\/M\/R families<\/strong>, <strong>gen\u22655<\/strong>, and <code>general-purpose<\/code> is <strong>amd64-only<\/strong>. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td>You still inherit default NodeClass networking choices. If you need custom subnets\/SGs\/pod-subnet isolation, you can\u2019t do it here. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/auto-networking.html\">AWS Documentation<\/a>)<\/td><td>Highest complexity. More chances to misconfigure (subnet tags\/AZ mismatch, SG selection, IAM\/access-entry gaps). Also, still cannot choose AMI (AWS-managed). (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/automode-learn-instances.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>NodeClass availability \/ dependency<\/strong><\/td><td>Default NodeClass is automatically provisioned when built-ins are enabled. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td><strong>Important:<\/strong> Default NodeClass exists only if at least one built-in pool is enabled. Practically, most teams keep <code>system<\/code> enabled. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td>If you disable all built-ins, you <strong>must<\/strong> create your NodeClass + NodePool. Also, AWS says do <strong>not<\/strong> name your custom NodeClass <code>default<\/code>. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/create-node-class.html?utm_source=chatgpt.com\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>HA posture (cluster add-ons)<\/strong><\/td><td>Strong default: <code>system<\/code> NodePool is designed to isolate critical add-ons using <code>CriticalAddonsOnly<\/code> taint; many add-ons tolerate it. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td>You can keep the same HA posture by leaving <code>system<\/code> enabled and moving apps to custom pools. (Common \u201cbest of both worlds.\u201d) (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td>If you disable built-ins, you must recreate the \u201csystem isolation\u201d pattern yourself (taints\/tolerations + capacity plan). Otherwise cluster add-ons and apps compete for the same pool. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>Networking\/security control (big differentiator)<\/strong><\/td><td>Minimal (defaults).<\/td><td>Minimal (still defaults).<\/td><td><strong>Maximum<\/strong> (within Auto Mode): NodeClass can select node SGs, node subnets, SNAT policy, network policy defaults\/logging, and pod subnet isolation. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/auto-networking.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>Compute\/cost tuning<\/strong><\/td><td>Limited to AWS defaults (On-Demand only, fixed family\/arch constraints). (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td>Strong: NodePool lets you constrain instance types\/categories, AZs, arch, Spot\/On-Demand, and set CPU\/memory limits. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/create-node-pool.html\">AWS Documentation<\/a>)<\/td><td>Strongest overall: same as option 2 plus the ability to align networking\/security posture to cost\/scale requirements (e.g., pod subnet isolation for IP exhaustion scenarios). (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/auto-networking.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>Upgrades &amp; maintenance (who does what)<\/strong><\/td><td>AWS patches nodes + rolls AMIs; you mainly ensure workloads tolerate disruption (PDBs\/topology spread). (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/automode-learn-instances.html\">AWS Documentation<\/a>)<\/td><td>Same AWS responsibility for patching; <strong>you<\/strong> additionally manage NodePool policies (limits, consolidation timing, disruption budgets) to control upgrade impact. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/create-node-pool.html\">AWS Documentation<\/a>)<\/td><td>Same AWS patching; <strong>you<\/strong> also own NodeClass lifecycle (network\/storage\/tagging changes) + any required IAM\/access-entry work for custom roles. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/auto-networking.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>DevOps workload (ongoing)<\/strong><\/td><td><strong>Low<\/strong>: mostly app HA policies + observing events\/node health. Node health monitoring\/auto-repair capabilities exist and the monitoring agent is included for Auto Mode clusters. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/node-health.html?utm_source=chatgpt.com\">AWS Documentation<\/a>)<\/td><td><strong>Medium<\/strong>: everything in option 1 plus managing one or more NodePools (requirements, limits, disruption windows\/budgets) and avoiding over-constraint. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/create-node-pool.html\">AWS Documentation<\/a>)<\/td><td><strong>High<\/strong>: everything in option 2 plus NodeClass governance (subnets\/SG\/SNAT\/pod-subnet isolation, storage\/KMS\/tagging) and IAM\/access-entry associations for node roles. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/auto-networking.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>Typical fit<\/strong><\/td><td>Teams optimizing for <strong>simplicity<\/strong>, fastest time-to-production, and standard workloads.<\/td><td>Most common \u201centerprise sweet spot\u201d: keep AWS defaults for networking, but add NodePools for <strong>HA + cost + workload segmentation<\/strong>.<\/td><td>Regulated \/ complex networking environments: <strong>explicit subnet\/SG policy<\/strong>, IP management requirements, pod subnet isolation, stricter infra governance. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/auto-networking.html\">AWS Documentation<\/a>)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Below is the <strong>built-in NodePool comparison<\/strong> you get with \u201cfull\u201d EKS Auto Mode: <strong><code>system<\/code><\/strong> and <strong><code>general-purpose<\/code><\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Topic<\/th><th><code>system<\/code> (built-in)<\/th><th><code>general-purpose<\/code> (built-in)<\/th><\/tr><\/thead><tbody><tr><td><strong>Primary purpose<\/strong><\/td><td>Dedicated capacity for <strong>cluster-critical add-ons<\/strong> to improve stability\/isolation. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/critical-workload.html\">AWS Documentation<\/a>)<\/td><td>Default pool for <strong>general workloads<\/strong> (microservices, web apps, etc.) with \u201creasonable defaults.\u201d (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/automode-workload.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>How pods get scheduled onto it<\/strong><\/td><td>Nodes have a <strong><code>CriticalAddonsOnly<\/code> taint<\/strong> \u2192 pods must have a matching <strong>toleration<\/strong> (and typically select the pool) to run here. Example uses <code>nodeSelector: karpenter.sh\/nodepool: system<\/code> + toleration. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/critical-workload.html\">AWS Documentation<\/a>)<\/td><td>Typical workloads just target Auto Mode nodes with <code>eks.amazonaws.com\/compute-type: auto<\/code>; unless you explicitly target another pool, this is the \u201cdefault\u201d place most apps land. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/automode-workload.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>Who should run here (allowed use)<\/strong><\/td><td>CoreDNS and other critical add-ons that tolerate <code>CriticalAddonsOnly<\/code>, plus any <strong>custom critical components<\/strong> you want isolated (monitoring\/ingress controllers, etc.)\u2014if they can tolerate the taint. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td>Application workloads and services that don\u2019t need \u201csystem-only\u201d isolation. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>Main limitation (behavioral)<\/strong><\/td><td>Regular app pods <strong>won\u2019t schedule here<\/strong> unless you add the toleration (by design). (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/critical-workload.html\">AWS Documentation<\/a>)<\/td><td>No built-in isolation; system add-ons and apps can compete unless you keep <code>system<\/code> enabled and schedule critical add-ons there. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>CPU architecture support<\/strong><\/td><td><strong>amd64 + arm64<\/strong> (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td><strong>amd64 only<\/strong> (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>Capacity type<\/strong><\/td><td><strong>On-Demand only<\/strong> (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td><strong>On-Demand only<\/strong> (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>Instance families &amp; generations<\/strong><\/td><td><strong>C\/M\/R families<\/strong>, <strong>gen 5+<\/strong> (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td><strong>C\/M\/R families<\/strong>, <strong>gen 5+<\/strong> (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>NodeClass used<\/strong><\/td><td>Uses the <strong>default EKS NodeClass<\/strong> (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td>Uses the <strong>default EKS NodeClass<\/strong> (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>Can you edit\/customize it?<\/strong><\/td><td><strong>No<\/strong> (you can only enable\/disable). For customization you must create your own NodePool(s). (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/create-node-pool.html\">AWS Documentation<\/a>)<\/td><td><strong>No<\/strong> (you can only enable\/disable). For customization you must create your own NodePool(s). (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/create-node-pool.html\">AWS Documentation<\/a>)<\/td><\/tr><tr><td><strong>Operational dependency note<\/strong><\/td><td>If you disable <strong>all<\/strong> built-in pools, EKS won\u2019t automatically provision the <strong><code>default<\/code> NodeClass<\/strong>\u2014you must create a custom NodeClass + NodePool. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><td>Same dependency note. (<a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/set-builtin-node-pools.html\">AWS Documentation<\/a>)<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Area 1) EKS-provided NodeClass + EKS built-in NodePools (system, general-purpose) 2) EKS-provided NodeClass + Custom NodePool(s) 3) Custom NodeClass + [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2105","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.rajeshkumar.xyz\/blog\/wp-json\/wp\/v2\/posts\/2105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rajeshkumar.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rajeshkumar.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rajeshkumar.xyz\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rajeshkumar.xyz\/blog\/wp-json\/wp\/v2\/comments?post=2105"}],"version-history":[{"count":2,"href":"https:\/\/www.rajeshkumar.xyz\/blog\/wp-json\/wp\/v2\/posts\/2105\/revisions"}],"predecessor-version":[{"id":2107,"href":"https:\/\/www.rajeshkumar.xyz\/blog\/wp-json\/wp\/v2\/posts\/2105\/revisions\/2107"}],"wp:attachment":[{"href":"https:\/\/www.rajeshkumar.xyz\/blog\/wp-json\/wp\/v2\/media?parent=2105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rajeshkumar.xyz\/blog\/wp-json\/wp\/v2\/categories?post=2105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rajeshkumar.xyz\/blog\/wp-json\/wp\/v2\/tags?post=2105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}