From 4fa4e3b2b511767a522291d140d615f398eb7e2e Mon Sep 17 00:00:00 2001
From: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
Date: Mon, 4 Nov 2024 11:18:06 +0100
Subject: [PATCH] Custom networking

Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
---
 cluster/config-defaults.yaml                  |  4 ++++
 cluster/manifests/01-aws-node/daemonset.yaml  |  6 +++++-
 .../manifests/01-aws-node/pod_subnets.yaml    | 19 +++++++++++++++++++
 3 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 cluster/manifests/01-aws-node/pod_subnets.yaml

diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
index 4aba534235..807bc2ae84 100644
--- a/cluster/config-defaults.yaml
+++ b/cluster/config-defaults.yaml
@@ -1229,6 +1229,10 @@ eks_okta_identity_provider: "true"
 
 # prefix delegation can only be configured for ipv4. For ipv6 it can only be true.
 aws_vpc_cni_prefix_delegation: "false"
+# enable custom networking for the AWS VPC CNI. This assumes that a custom CIDR
+# range is available in the VPC and that there are dedicated subnets for the
+# custom CIDR.
+aws_vpc_cni_custom_networking: "false"
 # enable network policy enforcement in the cluster.
 aws_vpc_cni_enable_network_policy: "false"
 # specify the network policy enforcement mode.
diff --git a/cluster/manifests/01-aws-node/daemonset.yaml b/cluster/manifests/01-aws-node/daemonset.yaml
index d662440328..262d99f995 100644
--- a/cluster/manifests/01-aws-node/daemonset.yaml
+++ b/cluster/manifests/01-aws-node/daemonset.yaml
@@ -55,7 +55,11 @@ spec:
         - name: AWS_VPC_ENI_MTU
           value: "9001"
         - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
-          value: "false"
+          value: "{{ .Cluster.ConfigItems.aws_vpc_cni_custom_networking }}"
+        # {{ if eq .Cluster.ConfigItems.aws_vpc_cni_custom_networking "true" }}
+        - name: ENI_CONFIG_LABEL_DEF
+          value: topology.kubernetes.io/zone
+        # {{ end }}
         - name: AWS_VPC_K8S_CNI_EXTERNALSNAT
           value: "false"
         - name: AWS_VPC_K8S_CNI_LOGLEVEL
diff --git a/cluster/manifests/01-aws-node/pod_subnets.yaml b/cluster/manifests/01-aws-node/pod_subnets.yaml
new file mode 100644
index 0000000000..4b7dd11554
--- /dev/null
+++ b/cluster/manifests/01-aws-node/pod_subnets.yaml
@@ -0,0 +1,19 @@
+# {{ if eq .Cluster.ConfigItems.aws_vpc_cni_custom_networking "true" }}
+# {{ with $data := . }}
+# {{ with $azCount := len $data.Values.availability_zones }}
+# {{ range $az := $data.Values.availability_zones }}
+# {{ with $azID := azID $az }}
+---
+apiVersion : crd.k8s.amazonaws.com/v1alpha1
+kind : ENIConfig
+metadata:
+  name: "{{$az}}"
+spec:
+  securityGroups:
+    - {{ $data.Values.ClusterStackOutputs.EKSWorkerSecurityGroup }}
+  subnet: "{{ index $data.Values.pod_subnets $az }}"
+# {{end}}
+# {{end}}
+# {{end}}
+# {{end}}
+# {{end}}