From c7d530e2a4f69a513b1d7189a39939e5d6984703 Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Tue, 10 Sep 2024 14:48:05 +0200
Subject: [PATCH] eksctl: add note about failing netpol enforcement

---
 eksctl/nmfs-openscapes.jsonnet | 3 +++
 eksctl/template.jsonnet        | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/eksctl/nmfs-openscapes.jsonnet b/eksctl/nmfs-openscapes.jsonnet
index 62889cac2..2325051e9 100644
--- a/eksctl/nmfs-openscapes.jsonnet
+++ b/eksctl/nmfs-openscapes.jsonnet
@@ -91,10 +91,13 @@ local daskNodes = [];
         [
             {
                 name: "vpc-cni",
+                # FIXME: network policy enforcement doesn't work, what's wrong
+                #        isn't clear.
                 # configurationValues ref: https://github.com/aws/amazon-vpc-cni-k8s/blob/HEAD/charts/aws-vpc-cni/values.yaml
                 configurationValues: |||
                     enableNetworkPolicy: "true"
                 |||,
+                attachPolicyARNs: ["arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"],
             },
             { name: "coredns" },
             { name: "kube-proxy" },
diff --git a/eksctl/template.jsonnet b/eksctl/template.jsonnet
index 7a9b83c2c..5837f860d 100644
--- a/eksctl/template.jsonnet
+++ b/eksctl/template.jsonnet
@@ -89,10 +89,13 @@ local daskNodes = [];
         [
             {
                 name: "vpc-cni",
+                # FIXME: network policy enforcement doesn't work, what's wrong
+                #        isn't clear.
                 # configurationValues ref: https://github.com/aws/amazon-vpc-cni-k8s/blob/HEAD/charts/aws-vpc-cni/values.yaml
                 configurationValues: |||
                     enableNetworkPolicy: "true"
                 |||,
+                attachPolicyARNs: ["arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"],
             },
             { name: "coredns" },
             { name: "kube-proxy" },