chore: update

maxnovawind · maxnovawind · commit 25d7e5552873 · 2025-10-01T19:10:48.000+02:00
Signed-off-by: Ghislain Cheng &lt;ghislain.cheng@zama.ai&gt;
diff --git a/modules/mpc-party/main.tf b/modules/mpc-party/main.tf
@@ -558,38 +558,81 @@ module "eks_managed_node_group" {
     } : {}
   )
 
+  # --- NodeConfig for AL2023/nodeadm + optional Nitro Enclaves pre-script ---
+  cloudinit_pre_nodeadm = concat(
+    [
+      {
+        # IMPORTANT: exact content-type string; do not add charset or quotes
+        content_type = "application/node.eks.aws"
+        filename     = "10-nodeconfig.yaml"
+        content      = <<-YAML
+          ---
+          apiVersion: node.eks.aws/v1alpha1
+          kind: NodeConfig
+          spec:
+            cluster:
+              name: ${var.cluster_name}
+              apiServerEndpoint: ${data.aws_eks_cluster.cluster.endpoint}
+              certificateAuthority: ${data.aws_eks_cluster.cluster.certificate_authority[0].data}
+              cidr: ${data.aws_eks_cluster.cluster.kubernetes_network_config[0].service_ipv4_cidr}
+        YAML
+      }
+    ],
+    var.kms_enabled_nitro_enclaves && var.nodegroup_enable_nitro_enclaves ? [
+      {
+        content_type = "text/x-shellscript"
+        filename     = "20-nitro-enclaves.sh"
+        content      = <<-EOT
+          #!/usr/bin/env bash
+          # Node resources that will be allocated for Nitro Enclaves
+          readonly CPU_COUNT=${local.node_group_nitro_enclaves_cpu_count}
+          readonly MEMORY_MIB=${local.node_group_nitro_enclaves_memory_mib}
+          readonly NE_ALLOCATOR_SPEC_PATH="/etc/nitro_enclaves/allocator.yaml"
+
+          dnf install -y aws-nitro-enclaves-cli
+
+          sed -i "s/cpu_count:.*/cpu_count: $CPU_COUNT/g" $NE_ALLOCATOR_SPEC_PATH
+          sed -i "s/memory_mib:.*/memory_mib: $MEMORY_MIB/g" $NE_ALLOCATOR_SPEC_PATH
+
+          systemctl enable nitro-enclaves-allocator.service
+          systemctl restart nitro-enclaves-allocator.service
+          echo "NE user data script finished."
+        EOT
+      }
+    ] : []
+  )
 
   # This script configures and launches the Nitro enclave allocator. The
   # CPU_COUNT and MEMORY_MIB variables indicate the resources available to
   # all enclaves running on the node. A rule of thumb for the kms-core is to
   # allocate 75% of the underlying instance capacity.
-  cloudinit_pre_nodeadm = local.node_group_nitro_enclaves_enabled ? [{
-    content_type = "text/x-shellscript; charset=\"us-ascii\""
-    content      = <<-EOT
-        #!/usr/bin/env bash
+  //cloudinit_pre_nodeadm = local.node_group_nitro_enclaves_enabled ? [{
+  //  content_type = "text/x-shellscript; charset=\"us-ascii\""
+  //  content      = <<-EOT
+  //      #!/usr/bin/env bash
 
-        # Node resources that will be allocated for Nitro Enclaves
-        readonly CPU_COUNT=${local.node_group_nitro_enclaves_cpu_count}
-        readonly MEMORY_MIB=${local.node_group_nitro_enclaves_memory_mib}
+  //      # Node resources that will be allocated for Nitro Enclaves
+  //      readonly CPU_COUNT=${local.node_group_nitro_enclaves_cpu_count}
+  //      readonly MEMORY_MIB=${local.node_group_nitro_enclaves_memory_mib}
 
-        readonly NE_ALLOCATOR_SPEC_PATH="/etc/nitro_enclaves/allocator.yaml"
+  //      readonly NE_ALLOCATOR_SPEC_PATH="/etc/nitro_enclaves/allocator.yaml"
 
-        # This step below is needed to install nitro-enclaves-allocator service.
-        dnf install aws-nitro-enclaves-cli -y
+  //      # This step below is needed to install nitro-enclaves-allocator service.
+  //      dnf install aws-nitro-enclaves-cli -y
 
-        # Update enclave's allocator specification: allocator.yaml
-        sed -i "s/cpu_count:.*/cpu_count: $CPU_COUNT/g" $NE_ALLOCATOR_SPEC_PATH
-        sed -i "s/memory_mib:.*/memory_mib: $MEMORY_MIB/g" $NE_ALLOCATOR_SPEC_PATH
+  //      # Update enclave's allocator specification: allocator.yaml
+  //      sed -i "s/cpu_count:.*/cpu_count: $CPU_COUNT/g" $NE_ALLOCATOR_SPEC_PATH
+  //      sed -i "s/memory_mib:.*/memory_mib: $MEMORY_MIB/g" $NE_ALLOCATOR_SPEC_PATH
 
-        # Enable the nitro-enclaves-allocator service on boot
-        systemctl enable nitro-enclaves-allocator.service
+  //      # Enable the nitro-enclaves-allocator service on boot
+  //      systemctl enable nitro-enclaves-allocator.service
 
-        # Restart the nitro-enclaves-allocator service to take changes effect.
-        systemctl restart nitro-enclaves-allocator.service
+  //      # Restart the nitro-enclaves-allocator service to take changes effect.
+  //      systemctl restart nitro-enclaves-allocator.service
 
-        echo "NE user data script has finished successfully."
-      EOT
-  }] : null
+  //      echo "NE user data script has finished successfully."
+  //    EOT
+  //}] : null
 
   # Cluster service CIDR for user data
   cluster_service_cidr = data.aws_eks_cluster.cluster.kubernetes_network_config[0].service_ipv4_cidr
