Custom networking

Signed-off-by: Mikkel Oscar Lyderik Larsen <[email protected]>

cluster/config-defaults.yaml

@@ -1229,6 +1229,10 @@ eks_okta_identity_provider: "true"
 
 # prefix delegation can only be configured for ipv4. For ipv6 it can only be true.
 aws_vpc_cni_prefix_delegation: "false"
+# enable custom networking for the AWS VPC CNI. This assumes that a custom CIDR
+# range is available in the VPC and that there are dedicated subnets for the
+# custom CIDR.
+aws_vpc_cni_custom_networking: "false"
 # enable network policy enforcement in the cluster.
 aws_vpc_cni_enable_network_policy: "false"
 # specify the network policy enforcement mode.

cluster/manifests/01-aws-node/daemonset.yaml

@@ -55,7 +55,11 @@ spec:
         - name: AWS_VPC_ENI_MTU
           value: "9001"
         - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
-          value: "false"
+          value: "{{ .Cluster.ConfigItems.aws_vpc_cni_custom_networking }}"
+        # {{ if eq .Cluster.ConfigItems.aws_vpc_cni_custom_networking "true" }}
+        - name: ENI_CONFIG_LABEL_DEF
+          value: topology.kubernetes.io/zone
+        # {{ end }}
         - name: AWS_VPC_K8S_CNI_EXTERNALSNAT
           value: "false"
         - name: AWS_VPC_K8S_CNI_LOGLEVEL

cluster/manifests/01-aws-node/pod_subnets.yaml

@@ -0,0 +1,19 @@
+# {{ if eq .Cluster.ConfigItems.aws_vpc_cni_custom_networking "true" }}
+# {{ with $data := . }}
+# {{ with $azCount := len $data.Values.availability_zones }}
+# {{ range $az := $data.Values.availability_zones }}
+# {{ with $azID := azID $az }}
+---
+apiVersion : crd.k8s.amazonaws.com/v1alpha1
+kind : ENIConfig
+metadata:
+  name: "{{$az}}"
+spec:
+  securityGroups:
+    - {{ $data.Values.ClusterStackOutputs.EKSWorkerSecurityGroup }}
+  subnet: "{{ index $data.Values.pod_subnets $az }}"
+# {{end}}
+# {{end}}
+# {{end}}
+# {{end}}
+# {{end}}