feat: Add support for allowing EFA network interfaces (#1980)

2026-01-17 00:57:28 +01:00 · 2022-04-03 05:25:42 -04:00
parent 62124611d2
commit 523144e1d7
3 changed files with 46 additions and 9 deletions
--- a/examples/self_managed_node_group/main.tf
+++ b/examples/self_managed_node_group/main.tf
@@ -146,6 +146,37 @@ module "eks" {
      }
    }

+    efa = {
+      min_size     = 1
+      max_size     = 2
+      desired_size = 1
+
+      # aws ec2 describe-instance-types --region eu-west-1 --filters Name=network-info.efa-supported,Values=true --query "InstanceTypes[*].[InstanceType]" --output text | sort
+      instance_type = "c5n.9xlarge"
+
+      post_bootstrap_user_data = <<-EOT
+
+      # Install EFA
+      curl -O https://efa-installer.amazonaws.com/aws-efa-installer-latest.tar.gz
+      tar -xf aws-efa-installer-latest.tar.gz && cd aws-efa-installer
+      ./efa_installer.sh -y --minimal
+      fi_info -p efa -t FI_EP_RDM
+
+      # Disable ptrace
+      sysctl -w kernel.yama.ptrace_scope=0
+      EOT
+
+      network_interfaces = [
+        {
+          description                 = "EFA interface example"
+          delete_on_termination       = true
+          device_index                = 0
+          associate_public_ip_address = false
+          interface_type              = "efa"
+        }
+      ]
+    }
+
    # Complete
    complete = {
      name            = "complete-self-mng"
--- a/modules/eks-managed-node-group/main.tf
+++ b/modules/eks-managed-node-group/main.tf
@@ -38,6 +38,8 @@ locals {
  use_custom_launch_template = var.create_launch_template || var.launch_template_name != ""

  launch_template_name_int = coalesce(var.launch_template_name, "${var.name}-eks-node-group")
+
+  security_group_ids = compact(concat([try(aws_security_group.this[0].id, ""), var.cluster_primary_security_group_id], var.vpc_security_group_ids))
 }

 resource "aws_launch_template" "this" {
@@ -54,7 +56,7 @@ resource "aws_launch_template" "this" {
  key_name  = var.key_name
  user_data = module.user_data.user_data

-  vpc_security_group_ids = compact(concat([try(aws_security_group.this[0].id, ""), var.cluster_primary_security_group_id], var.vpc_security_group_ids))
+  vpc_security_group_ids = length(var.network_interfaces) > 0 ? [] : local.security_group_ids

  default_version         = var.launch_template_default_version
  update_default_version  = var.update_launch_template_default_version
@@ -208,16 +210,17 @@ resource "aws_launch_template" "this" {
      delete_on_termination        = lookup(network_interfaces.value, "delete_on_termination", null)
      description                  = lookup(network_interfaces.value, "description", null)
      device_index                 = lookup(network_interfaces.value, "device_index", null)
-      ipv4_addresses               = lookup(network_interfaces.value, "ipv4_addresses", null) != null ? network_interfaces.value.ipv4_addresses : []
+      interface_type               = lookup(network_interfaces.value, "interface_type", null)
+      ipv4_addresses               = try(network_interfaces.value.ipv4_addresses, [])
      ipv4_address_count           = lookup(network_interfaces.value, "ipv4_address_count", null)
-      ipv6_addresses               = lookup(network_interfaces.value, "ipv6_addresses", null) != null ? network_interfaces.value.ipv6_addresses : []
+      ipv6_addresses               = try(network_interfaces.value.ipv6_addresses, [])
      ipv6_address_count           = lookup(network_interfaces.value, "ipv6_address_count", null)
      network_interface_id         = lookup(network_interfaces.value, "network_interface_id", null)
      private_ip_address           = lookup(network_interfaces.value, "private_ip_address", null)
-      security_groups              = lookup(network_interfaces.value, "security_groups", null) != null ? network_interfaces.value.security_groups : []
+      security_groups              = compact(concat(try(network_interfaces.value.security_groups, []), local.security_group_ids))
      # Set on EKS managed node group, will fail if set here
      # https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-basics
-      # subnet_id                    = lookup(network_interfaces.value, "subnet_id", null)
+      # subnet_id                  = lookup(network_interfaces.value, "subnet_id", null)
    }
  }

--- a/modules/self-managed-node-group/main.tf
+++ b/modules/self-managed-node-group/main.tf
@@ -44,6 +44,8 @@ module "user_data" {

 locals {
  launch_template_name_int = coalesce(var.launch_template_name, "${var.name}-node-group")
+
+  security_group_ids = compact(concat([try(aws_security_group.this[0].id, ""), var.cluster_primary_security_group_id], var.vpc_security_group_ids))
 }

 resource "aws_launch_template" "this" {
@@ -59,7 +61,7 @@ resource "aws_launch_template" "this" {
  key_name      = var.key_name
  user_data     = module.user_data.user_data

-  vpc_security_group_ids = compact(concat([try(aws_security_group.this[0].id, ""), var.cluster_primary_security_group_id], var.vpc_security_group_ids))
+  vpc_security_group_ids = length(var.network_interfaces) > 0 ? [] : local.security_group_ids

  default_version                      = var.launch_template_default_version
  update_default_version               = var.update_launch_template_default_version
@@ -203,13 +205,14 @@ resource "aws_launch_template" "this" {
      delete_on_termination        = lookup(network_interfaces.value, "delete_on_termination", null)
      description                  = lookup(network_interfaces.value, "description", null)
      device_index                 = lookup(network_interfaces.value, "device_index", null)
-      ipv4_addresses               = lookup(network_interfaces.value, "ipv4_addresses", null) != null ? network_interfaces.value.ipv4_addresses : []
+      interface_type               = lookup(network_interfaces.value, "interface_type", null)
+      ipv4_addresses               = try(network_interfaces.value.ipv4_addresses, [])
      ipv4_address_count           = lookup(network_interfaces.value, "ipv4_address_count", null)
-      ipv6_addresses               = lookup(network_interfaces.value, "ipv6_addresses", null) != null ? network_interfaces.value.ipv6_addresses : []
+      ipv6_addresses               = try(network_interfaces.value.ipv6_addresses, [])
      ipv6_address_count           = lookup(network_interfaces.value, "ipv6_address_count", null)
      network_interface_id         = lookup(network_interfaces.value, "network_interface_id", null)
      private_ip_address           = lookup(network_interfaces.value, "private_ip_address", null)
-      security_groups              = lookup(network_interfaces.value, "security_groups", null) != null ? network_interfaces.value.security_groups : []
+      security_groups              = compact(concat(try(network_interfaces.value.security_groups, []), local.security_group_ids))
      subnet_id                    = lookup(network_interfaces.value, "subnet_id", null)
    }
  }