Preparing EKS Nodes

$ kubectl label nodes [AWS Nitro-capable node name] \
      "anjuna-nitro-device-manager=enabled"

#!/bin/bash

export NITRO_RESERVED_CPU=2
export NITRO_RESERVED_MEM_MB=4196


# Create a group for accessing the AWS Nitro Enclaves hardware and set a static GID to it
sudo groupadd --gid 75 --system ne

# Install dependencies
sudo amazon-linux-extras install -y aws-nitro-enclaves-cli
sudo yum install -y aws-nitro-enclaves-cli-devel jq openssl11-libs

# Add the current user to the Nitro Enclaves and Docker groups

sudo usermod -aG ne "${USER}"
sudo usermod -aG docker "${USER}"

# Automatically load the device drivers needed for communicating with the AWS Nitro Enclaves hardware
echo 'KERNEL=="vsock", MODE="660", GROUP="ne"' | sudo tee /usr/lib/udev/rules.d/99-vsock.rules
echo 'KERNEL=="nitro_enclaves", MODE="660", GROUP="ne"' | sudo tee /usr/lib/udev/rules.d/99-nitro_enclaves.rules

sudo udevadm control --reload-rules
sudo udevadm trigger

# Configure the Nitro Allocator Service
cat <<EOF | sudo install -D --mode 0644 /dev/stdin /etc/nitro_enclaves/allocator.yaml
. . .
cpu_count: ${NITRO_RESERVED_CPU}
# keep memory_mib under 1GB to force usage of 2MB hugepage
memory_mib: 512
EOF

# Start the Nitro Allocator Service
sudo systemctl daemon-reload
sudo systemctl enable nitro-enclaves-allocator.service
sudo systemctl start nitro-enclaves-allocator.service


# Find out number of pages (2MB in size) required to allocate
RES_PAGES=$(( ${NITRO_RESERVED_MEM_MB} / 2 ))

# If the requested memory is odd number, add one more page
REMAINDER=$(( ${NITRO_RESERVED_MEM_MB} % 2 ))
if [[ ${REMAINDER} == "1" ]]; then
    RES_PAGES=$(( ${RES_PAGES} + 1 ))
fi

# Set the number of hugepages to reflect the reserved memory for AWS Nitro Enclaves
sudo sysctl -w vm.nr_hugepages=${RES_PAGES}
# Automatically set the number of hugepages
echo vm.nr_hugepages = ${RES_PAGES} | sudo tee /etc/sysctl.d/99-anjuna.conf