Enable Prefix Delegation on Bare metal instances

README.md

@@ -457,7 +457,7 @@ Setting ENABLE_PREFIX_DELEGATION to true will not increase the density of branch
 
 Please refer to [VPC CNI Feature Matrix](https://github.com/aws/amazon-vpc-cni-k8s#vpc-cni-feature-matrix) section below for additional information around using Prefix delegation with Custom Networking and Security Groups Per Pod features.
 
-**Note:** `ENABLE_PREFIX_DELEGATION` needs to be set to `true` when VPC CNI is configured to operate in IPv6 mode (supported in v1.10.0+).
+**Note:** `ENABLE_PREFIX_DELEGATION` needs to be set to `true` when VPC CNI is configured to operate in IPv6 mode (supported in v1.10.0+). Prefix Delegation in IPv4 and IPv6 modes is supported on Nitro based Bare Metal instances as well from v1.11+. If you're using Prefix Delegation feature on Bare Metal instances, downgrading to an earlier version of VPC CNI from v1.11+ will be disruptive and not supported.
 
 ---
 

misc/eni-max-pods.txt

@@ -11,7 +11,7 @@
 # express or implied. See the License for the specific language governing
 # permissions and limitations under the License.
 #
-# This file was generated at 2022-02-15T18:47:49Z
+# This file was generated at 2022-03-20T00:58:08-07:00
 #
 # The regions queried were:
 # - ap-northeast-1
@@ -522,6 +522,16 @@ x2gd.large 29
 x2gd.medium 8
 x2gd.metal 737
 x2gd.xlarge 58
+x2idn.16xlarge 737
+x2idn.24xlarge 737
+x2idn.32xlarge 737
+x2iedn.16xlarge 737
+x2iedn.24xlarge 737
+x2iedn.2xlarge 58
+x2iedn.32xlarge 737
+x2iedn.4xlarge 234
+x2iedn.8xlarge 234
+x2iedn.xlarge 58
 x2iezn.12xlarge 737
 x2iezn.2xlarge 58
 x2iezn.4xlarge 234

pkg/awsutils/awsutils.go

@@ -200,6 +200,8 @@ type APIs interface {
 
 	// FetchInstanceTypeLimits Verify if the InstanceNetworkingLimits has the ENI limits else make EC2 call to fill cache.
 	FetchInstanceTypeLimits() error
+
+	IsPrefixDelegationSupported() bool
 }
 
 // EC2InstanceMetadataCache caches instance metadata
@@ -264,6 +266,7 @@ type InstanceTypeLimits struct {
 	ENILimit       int
 	IPv4Limit      int
 	HypervisorType string
+	IsBareMetal    bool
 }
 
 // PrimaryIPv4Address returns the primary IPv4 address of this node
@@ -1352,13 +1355,16 @@ func (cache *EC2InstanceMetadataCache) FetchInstanceTypeLimits() error {
 	eniLimit := int(aws.Int64Value(info.NetworkInfo.MaximumNetworkInterfaces))
 	ipv4Limit := int(aws.Int64Value(info.NetworkInfo.Ipv4AddressesPerInterface))
 	hypervisorType := aws.StringValue(info.Hypervisor)
+	isBareMetalInstance := aws.BoolValue(info.BareMetal)
 	//Not checking for empty hypervisorType since have seen certain instances not getting this filled.
 	if instanceType != "" && eniLimit > 0 && ipv4Limit > 0 {
 		eniLimits = InstanceTypeLimits{
 			ENILimit:       eniLimit,
 			IPv4Limit:      ipv4Limit,
 			HypervisorType: hypervisorType,
+			IsBareMetal:    isBareMetalInstance,
 		}
+
 		InstanceNetworkingLimits[instanceType] = eniLimits
 	} else {
 		return errors.New(fmt.Sprintf("%s: %s", UnknownInstanceType, cache.instanceType))
@@ -1379,18 +1385,35 @@ func (cache *EC2InstanceMetadataCache) GetENILimit() int {
 	return eniLimits.ENILimit
 }
 
-// GetInstanceHypervisorFamily return hypervior of EC2 instance type
+// GetInstanceHypervisorFamily returns hypervisor of EC2 instance type
 func (cache *EC2InstanceMetadataCache) GetInstanceHypervisorFamily() string {
 	eniLimits, _ := InstanceNetworkingLimits[cache.instanceType]
 	log.Debugf("Instance hypervisor family %s", eniLimits.HypervisorType)
 	return eniLimits.HypervisorType
 }
 
+// IsInstanceBareMetal derives bare metal value of the instance
+func (cache *EC2InstanceMetadataCache) IsInstanceBareMetal() bool {
+	instanceProperties, _ := InstanceNetworkingLimits[cache.instanceType]
+	log.Debugf("Bare Metal Instance %s", instanceProperties.IsBareMetal)
+	return instanceProperties.IsBareMetal
+}
+
 // GetInstanceType return EC2 instance type
 func (cache *EC2InstanceMetadataCache) GetInstanceType() string {
 	return cache.instanceType
 }
 
+// IsPrefixDelegationSupported return true if the instance type supports Prefix Assignment/Delegation
+func (cache *EC2InstanceMetadataCache) IsPrefixDelegationSupported() bool {
+	log.Debugf("Check if instance supports Prefix Delegation")
+	if cache.GetInstanceHypervisorFamily() == "nitro" || cache.IsInstanceBareMetal() {
+		log.Debugf("Instance supports Prefix Delegation")
+		return true
+	}
+	return false
+}
+
 // AllocIPAddresses allocates numIPs of IP address on an ENI
 func (cache *EC2InstanceMetadataCache) AllocIPAddresses(eniID string, numIPs int) error {
 	var needIPs = numIPs