search

terraform-aws-modules / terraform-aws-eks

Terraform module to create Amazon Elastic Kubernetes (EKS) resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws
Apache License 2.0
4.46k stars 4.08k forks source link

Add Support for Nitro Enclaves #1182

Closed x46085 closed 3 years ago

x46085 commented 3 years ago

I have issues

I'm submitting a...

What is the current behavior?

The current dependency is on the aws module version 3.21, which is just one version shy of the newly added support for Nitro Enclaves announced at AWS re:Invent. In order to support Nitro enclaves, a worker node must be launched with the required flag "--enclave-options 'Enabled=true'". This appears to be supported in aws module 3.22 as seen here in the docs: https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/launch_template#enclave_options

If this is a bug, how to reproduce? Please include a code sample if relevant.

Nitro Enclave device driver location on a freshly launched EC2 instance using the latest Amazon Linux 2 ami's:

ls -l /usr/lib/modules/$(uname -r)/kernel/drivers/virt/nitro_enclaves/nitro_enclaves.ko

To see if the devices are loaded:

sudo lspci -v -s 00:02.0 && sudo lspci -v -s 00:02.1 && lsmod | grep nitro_enclaves

To test further with the Nitro-CLI:

sudo amazon-linux-extras install aws-nitro-enclaves-cli && sudo usermod -aG ne $USER && logout
systemctl start nitro-enclaves-allocator.service
systemctl status nitro-enclaves-allocator.service

If the status reports successful, you are good to go

Any other relevant info

I'm attempting some changes that might work, will include a reference to this issue if successful

Thanks for all the work you do! We appreciate it.

FYI @spkane @akhilles

x46085 commented 3 years ago

I just saw this is a duplicate of this issue: https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1181

But I'll leave this here as I have some useful test info in this issue; feel free to consolidate.

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.