feat: Add support for allowing EFA network interfaces (#1980)

2026-01-17 09:07:20 +01:00 · 2022-04-03 05:25:42 -04:00
parent 62124611d2
commit 523144e1d7
3 changed files with 46 additions and 9 deletions
--- a/examples/self_managed_node_group/main.tf
+++ b/examples/self_managed_node_group/main.tf
@@ -146,6 +146,37 @@ module "eks" {
      }
    }
    efa = {
      min_size     = 1
      max_size     = 2
      desired_size = 1
      # aws ec2 describe-instance-types --region eu-west-1 --filters Name=network-info.efa-supported,Values=true --query "InstanceTypes[*].[InstanceType]" --output text | sort
      instance_type = "c5n.9xlarge"
      post_bootstrap_user_data = <<-EOT
      # Install EFA
      curl -O https://efa-installer.amazonaws.com/aws-efa-installer-latest.tar.gz
      tar -xf aws-efa-installer-latest.tar.gz && cd aws-efa-installer
      ./efa_installer.sh -y --minimal
      fi_info -p efa -t FI_EP_RDM
      # Disable ptrace
      sysctl -w kernel.yama.ptrace_scope=0
      EOT
      network_interfaces = [
        {
          description                 = "EFA interface example"
          delete_on_termination       = true
          device_index                = 0
          associate_public_ip_address = false
          interface_type              = "efa"
        }
      ]
    }
    # Complete
    complete = {
      name            = "complete-self-mng"
--- a/modules/eks-managed-node-group/main.tf
+++ b/modules/eks-managed-node-group/main.tf
@@ -38,6 +38,8 @@ locals {
  use_custom_launch_template = var.create_launch_template || var.launch_template_name != ""
  launch_template_name_int = coalesce(var.launch_template_name, "${var.name}-eks-node-group")
  security_group_ids = compact(concat([try(aws_security_group.this[0].id, ""), var.cluster_primary_security_group_id], var.vpc_security_group_ids))
 }
 resource "aws_launch_template" "this" {
@@ -54,7 +56,7 @@ resource "aws_launch_template" "this" {
  key_name  = var.key_name
  user_data = module.user_data.user_data
-  vpc_security_group_ids = compact(concat([try(aws_security_group.this[0].id, ""), var.cluster_primary_security_group_id], var.vpc_security_group_ids))
+  vpc_security_group_ids = length(var.network_interfaces) > 0 ? [] : local.security_group_ids
  default_version         = var.launch_template_default_version
  update_default_version  = var.update_launch_template_default_version
@@ -208,16 +210,17 @@ resource "aws_launch_template" "this" {
      delete_on_termination        = lookup(network_interfaces.value, "delete_on_termination", null)
      description                  = lookup(network_interfaces.value, "description", null)
      device_index                 = lookup(network_interfaces.value, "device_index", null)
-      ipv4_addresses               = lookup(network_interfaces.value, "ipv4_addresses", null) != null ? network_interfaces.value.ipv4_addresses : []
+      interface_type               = lookup(network_interfaces.value, "interface_type", null)
      ipv4_addresses               = try(network_interfaces.value.ipv4_addresses, [])
      ipv4_address_count           = lookup(network_interfaces.value, "ipv4_address_count", null)
-      ipv6_addresses               = lookup(network_interfaces.value, "ipv6_addresses", null) != null ? network_interfaces.value.ipv6_addresses : []
+      ipv6_addresses               = try(network_interfaces.value.ipv6_addresses, [])
      ipv6_address_count           = lookup(network_interfaces.value, "ipv6_address_count", null)
      network_interface_id         = lookup(network_interfaces.value, "network_interface_id", null)
      private_ip_address           = lookup(network_interfaces.value, "private_ip_address", null)
-      security_groups              = lookup(network_interfaces.value, "security_groups", null) != null ? network_interfaces.value.security_groups : []
+      security_groups              = compact(concat(try(network_interfaces.value.security_groups, []), local.security_group_ids))
      # Set on EKS managed node group, will fail if set here
      # https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-basics
-      # subnet_id                    = lookup(network_interfaces.value, "subnet_id", null)
+      # subnet_id                  = lookup(network_interfaces.value, "subnet_id", null)
    }
  }
--- a/modules/self-managed-node-group/main.tf
+++ b/modules/self-managed-node-group/main.tf
@@ -44,6 +44,8 @@ module "user_data" {
 locals {
  launch_template_name_int = coalesce(var.launch_template_name, "${var.name}-node-group")
  security_group_ids = compact(concat([try(aws_security_group.this[0].id, ""), var.cluster_primary_security_group_id], var.vpc_security_group_ids))
 }
 resource "aws_launch_template" "this" {
@@ -59,7 +61,7 @@ resource "aws_launch_template" "this" {
  key_name      = var.key_name
  user_data     = module.user_data.user_data
-  vpc_security_group_ids = compact(concat([try(aws_security_group.this[0].id, ""), var.cluster_primary_security_group_id], var.vpc_security_group_ids))
+  vpc_security_group_ids = length(var.network_interfaces) > 0 ? [] : local.security_group_ids
  default_version                      = var.launch_template_default_version
  update_default_version               = var.update_launch_template_default_version
@@ -203,13 +205,14 @@ resource "aws_launch_template" "this" {
      delete_on_termination        = lookup(network_interfaces.value, "delete_on_termination", null)
      description                  = lookup(network_interfaces.value, "description", null)
      device_index                 = lookup(network_interfaces.value, "device_index", null)
-      ipv4_addresses               = lookup(network_interfaces.value, "ipv4_addresses", null) != null ? network_interfaces.value.ipv4_addresses : []
+      interface_type               = lookup(network_interfaces.value, "interface_type", null)
      ipv4_addresses               = try(network_interfaces.value.ipv4_addresses, [])
      ipv4_address_count           = lookup(network_interfaces.value, "ipv4_address_count", null)
-      ipv6_addresses               = lookup(network_interfaces.value, "ipv6_addresses", null) != null ? network_interfaces.value.ipv6_addresses : []
+      ipv6_addresses               = try(network_interfaces.value.ipv6_addresses, [])
      ipv6_address_count           = lookup(network_interfaces.value, "ipv6_address_count", null)
      network_interface_id         = lookup(network_interfaces.value, "network_interface_id", null)
      private_ip_address           = lookup(network_interfaces.value, "private_ip_address", null)
-      security_groups              = lookup(network_interfaces.value, "security_groups", null) != null ? network_interfaces.value.security_groups : []
+      security_groups              = compact(concat(try(network_interfaces.value.security_groups, []), local.security_group_ids))
      subnet_id                    = lookup(network_interfaces.value, "subnet_id", null)
    }
  }