[EC2] [request]: Expose ENI trunking APIs to EC2 for non-EKS control planes

[adammw]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request Expose ENI trunking APIs that https://github.com/aws/amazon-vpc-resource-controller-k8s uses for EC2 instances running outside of EKS.

Which service(s) is this request for? EC2

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We run our own control plane running on EC2 with the public https://github.com/aws/amazon-vpc-cni-k8s CNI plugin, however we are unable to use the per-pod security groups feature which requires ENI trunking because it is a private API only available to EKS.

Are you currently working around this issue? Currently we must dedicate entire nodes and configure the individual ENIs using the ENIConfig CRD which is wasteful and cumbersome.

[dzoeteman]

Additional use case for this would be other CNIs that manage ENIs, like cilium/cilium#18833