Use unreserved IP address for pod ENI

[alam0rt]

Problem:

We use ENABLE_POD_ENI=true and ENABLE_PREFIX_DELEGATION=true to create a secondary ENI attached to our nodes in a dedicated subnet.

These subnets also have a number of CIDR reservations which we use for pods.

The issue we face is that randomly the primary address of the secondary ENI falls within the reserved CIDR ranges. This means more fragmentation of the subnet and wasted IP space. I am pretty sure that the reservation range that the primary address falls in becomes unusable for pods.

A solution?:

Looking at the code in

amazon-vpc-cni-k8s/pkg/awsutils/awsutils.go

Lines 891 to 910 in 0703d03

	input := &ec2.CreateNetworkInterfaceInput{}
	if cache.enablePrefixDelegation {
	input = &ec2.CreateNetworkInterfaceInput{
	Description: aws.String(eniDescription),
	Groups: aws.StringSlice(cache.securityGroups.SortedList()),
	SubnetId: aws.String(cache.subnetID),
	TagSpecifications: tagSpec,
	Ipv4PrefixCount: aws.Int64(int64(needIPs)),
	}
	} else {
	input = &ec2.CreateNetworkInterfaceInput{
	Description: aws.String(eniDescription),
	Groups: aws.StringSlice(cache.securityGroups.SortedList()),
	SubnetId: aws.String(cache.subnetID),
	TagSpecifications: tagSpec,
	SecondaryPrivateIpAddressCount: aws.Int64(int64(needIPs)),
	}
	}

I can see that it doesn't request a specific address. Is it possible / a good idea to allow selecting a primary address from a range that is outside of any CIDR reservation?

[alam0rt]

Closing as #2313 is identical

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.