Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request
The recent release of C8i, M8i, and R8i instance types introduced support for nested virtualization on non-bare-metal instances. However, this capability is not exposed through EKS managed nodegroups. Nested virtualization is disabled by default when creating a managed nodegroup, and attempts to enable it via a launch template's CPU options are silently ignored and the resulting instances are provisioned without nested virtualization enabled.
Which service(s) is this request for?
EKS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
We operate multi-tenant clusters where workloads require strong isolation, which we enforce using Kata Containers. Because Kata depends on nested virtualization, we have been constrained to bare-metal instances, which carry significant cost overhead.
Supporting nested virtualization on non-bare-metal instance types such as C8i, M8i, and R8i would allow us to meet the same isolation requirements at lower cost.
Are you currently working around this issue?
No workaround has been identified at this time; we are currently exploring options.
Community Note
Tell us about your request
The recent release of C8i, M8i, and R8i instance types introduced support for nested virtualization on non-bare-metal instances. However, this capability is not exposed through EKS managed nodegroups. Nested virtualization is disabled by default when creating a managed nodegroup, and attempts to enable it via a launch template's CPU options are silently ignored and the resulting instances are provisioned without nested virtualization enabled.
Which service(s) is this request for?
EKS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
We operate multi-tenant clusters where workloads require strong isolation, which we enforce using Kata Containers. Because Kata depends on nested virtualization, we have been constrained to bare-metal instances, which carry significant cost overhead.
Supporting nested virtualization on non-bare-metal instance types such as C8i, M8i, and R8i would allow us to meet the same isolation requirements at lower cost.
Are you currently working around this issue?
No workaround has been identified at this time; we are currently exploring options.