📝 docs(README): add instructions for using multiple subnets

- provide examples for specifying multiple subnet IDs and names
- update documentation to guide users on using multiple subnets with NodeENI

✨ feat(controller): support multiple subnets for ENI creation

- introduce new fields `subnetIDs` and `subnetNames` in CRD
- add logic to select a subnet from provided IDs or names
- enhance flexibility in ENI creation by allowing multiple subnet options

♻️ refactor(controller): extract subnet ID determination logic

- create `determineSubnetID` function for clearer subnet selection process
- improve code readability by separating subnet logic from ENI creation

📝 docs(crds): update CRD documentation for subnet enhancements

- document new `subnetIDs` and `subnetNames` fields in CRD YAML
- clarify usage scenarios for multiple subnets in ENI configuration

✨ feat(samples): add sample configurations for multiple subnets

- include new YAML samples demonstrating usage of multiple subnet IDs and names
- provide practical examples for users to reference when configuring ENIs

Author: johnlam90

README.md

@@ -310,6 +310,50 @@ If you prefer to deploy manually:
      description: "Multus ENI for secondary network interfaces"
    ```
 
+### Using Multiple Subnets
+
+You can specify multiple subnets in your NodeENI resource. The controller will select one of the subnets to create the ENI:
+
+   ```yaml
+   apiVersion: networking.k8s.aws/v1alpha1
+   kind: NodeENI
+   metadata:
+     name: multi-subnet-eni
+   spec:
+     nodeSelector:
+       ng: multi-eni
+     # Specify multiple subnet IDs - one will be selected
+     subnetIDs:
+     - subnet-0f59b4f14737be9ad  # Replace with your subnet ID
+     - subnet-abcdef1234567890  # Replace with your subnet ID
+     securityGroupIDs:
+     - sg-05da196f3314d4af8  # Replace with your security group ID
+     deviceIndex: 1
+     deleteOnTermination: true
+     description: "ENI with multiple subnet options"
+   ```
+
+You can also use subnet names instead of IDs:
+
+   ```yaml
+   apiVersion: networking.k8s.aws/v1alpha1
+   kind: NodeENI
+   metadata:
+     name: multi-subnet-name-eni
+   spec:
+     nodeSelector:
+       ng: multi-eni
+     # Specify multiple subnet names - one will be selected
+     subnetNames:
+     - eks-private-subnet-1
+     - eks-private-subnet-2
+     securityGroupIDs:
+     - sg-05da196f3314d4af8  # Replace with your security group ID
+     deviceIndex: 2
+     deleteOnTermination: true
+     description: "ENI with multiple subnet name options"
+   ```
+
 ### Automatically Bringing Up Secondary Interfaces
 
 When AWS attaches a secondary ENI to an EC2 instance, the interface is visible to the operating system but typically in a DOWN state. To automatically bring these interfaces up:

charts/aws-multi-eni-controller/README.md

@@ -165,3 +165,47 @@ spec:
   deleteOnTermination: true
   description: "Example ENI"
 ```
+
+## Using Multiple Subnets
+
+You can specify multiple subnets to use a single security group across different subnets:
+
+```yaml
+apiVersion: networking.k8s.aws/v1alpha1
+kind: NodeENI
+metadata:
+  name: multi-subnet-eni
+spec:
+  nodeSelector:
+    ng: multi-eni
+  # Specify multiple subnet IDs - one will be selected
+  subnetIDs:
+  - subnet-xxxxxxxx
+  - subnet-yyyyyyyy
+  securityGroupIDs:
+  - sg-xxxxxxxx
+  deviceIndex: 2
+  deleteOnTermination: true
+  description: "ENI with multiple subnet options"
+```
+
+You can also use multiple subnet names:
+
+```yaml
+apiVersion: networking.k8s.aws/v1alpha1
+kind: NodeENI
+metadata:
+  name: multi-subnet-name-eni
+spec:
+  nodeSelector:
+    ng: multi-eni
+  # Specify multiple subnet names - one will be selected
+  subnetNames:
+  - subnet-name-1
+  - subnet-name-2
+  securityGroupIDs:
+  - sg-xxxxxxxx
+  deviceIndex: 2
+  deleteOnTermination: true
+  description: "ENI with multiple subnet name options"
+```

charts/aws-multi-eni-controller/crds/networking.k8s.aws_nodeenis_crd.yaml

@@ -62,9 +62,19 @@ spec:
               subnetID:
                 description: AWS Subnet ID where the ENI should be created
                 type: string
+              subnetIDs:
+                description: List of AWS Subnet IDs where the ENI can be created (one will be selected)
+                items:
+                  type: string
+                type: array
               subnetName:
                 description: AWS Subnet Name where the ENI should be created (used if subnetID is not provided)
                 type: string
+              subnetNames:
+                description: List of AWS Subnet Names where the ENI can be created (one will be selected)
+                items:
+                  type: string
+                type: array
             required:
             - nodeSelector
             type: object

charts/aws-multi-eni-controller/templates/NOTES.txt

@@ -19,6 +19,10 @@ spec:
     ng: multi-eni  # Replace with your node selector
   subnetID: subnet-xxxxxxxx  # Replace with your subnet ID
   # OR use subnetName: your-subnet-name
+  # OR use multiple subnets:
+  # subnetIDs:
+  # - subnet-xxxxxxxx
+  # - subnet-yyyyyyyy
   securityGroupIDs:
   - sg-xxxxxxxx  # Replace with your security group ID
   # OR use securityGroupNames:

deploy/crds/networking.k8s.aws_nodeenis_crd.yaml

@@ -62,9 +62,19 @@ spec:
               subnetID:
                 description: AWS Subnet ID where the ENI should be created
                 type: string
+              subnetIDs:
+                description: List of AWS Subnet IDs where the ENI can be created (one will be selected)
+                items:
+                  type: string
+                type: array
               subnetName:
                 description: AWS Subnet Name where the ENI should be created (used if subnetID is not provided)
                 type: string
+              subnetNames:
+                description: List of AWS Subnet Names where the ENI can be created (one will be selected)
+                items:
+                  type: string
+                type: array
             required:
             - nodeSelector
             type: object

deploy/samples/multi-subnet-claim.yaml

@@ -0,0 +1,34 @@
+apiVersion: networking.k8s.aws/v1alpha1
+kind: NodeENI
+metadata:
+  name: multi-subnet-eni
+spec:
+  nodeSelector:
+    ng: multi-eni
+  # Specify multiple subnet IDs - one will be selected
+  subnetIDs:
+  - subnet-0f59b4f14737be9ad  # Replace with your subnet ID
+  - subnet-abcdef1234567890  # Replace with your subnet ID
+  securityGroupIDs:
+  - sg-05da196f3314d4af8  # Replace with your security group ID
+  deviceIndex: 1
+  deleteOnTermination: true
+  description: "ENI with multiple subnet options"
+---
+# Alternative using subnet names
+apiVersion: networking.k8s.aws/v1alpha1
+kind: NodeENI
+metadata:
+  name: multi-subnet-name-eni
+spec:
+  nodeSelector:
+    ng: multi-eni
+  # Specify multiple subnet names - one will be selected
+  subnetNames:
+  - eks-private-subnet-1
+  - eks-private-subnet-2
+  securityGroupIDs:
+  - sg-05da196f3314d4af8  # Replace with your security group ID
+  deviceIndex: 2
+  deleteOnTermination: true
+  description: "ENI with multiple subnet name options"

pkg/apis/networking/v1alpha1/types.go

@@ -37,6 +37,16 @@ type NodeENISpec struct {
 	// +optional
 	SubnetName string `json:"subnetName,omitempty"`
 
+	// SubnetIDs is a list of AWS Subnet IDs where the ENI can be created
+	// If specified, one subnet will be selected from this list
+	// +optional
+	SubnetIDs []string `json:"subnetIDs,omitempty"`
+
+	// SubnetNames is a list of AWS Subnet Names where the ENI can be created
+	// If SubnetIDs is not provided, SubnetNames will be used to look up the subnets
+	// +optional
+	SubnetNames []string `json:"subnetNames,omitempty"`
+
 	// SecurityGroupIDs are the AWS Security Group IDs to attach to the ENI
 	// +optional
 	SecurityGroupIDs []string `json:"securityGroupIDs,omitempty"`

pkg/controller/nodeeni_controller.go

@@ -466,19 +466,9 @@ func (r *NodeENIReconciler) createENI(ctx context.Context, nodeENI *networkingv1
 	}
 
 	// Determine the subnet ID to use
-	subnetID := nodeENI.Spec.SubnetID
-	if subnetID == "" && nodeENI.Spec.SubnetName != "" {
-		// Look up subnet ID by name
-		var err error
-		subnetID, err = r.AWS.GetSubnetIDByName(ctx, nodeENI.Spec.SubnetName)
-		if err != nil {
-			return "", fmt.Errorf("failed to get subnet ID from name %s: %v", nodeENI.Spec.SubnetName, err)
-		}
-		log.Info("Resolved subnet name to ID", "subnetName", nodeENI.Spec.SubnetName, "subnetID", subnetID)
-	}
-
-	if subnetID == "" {
-		return "", fmt.Errorf("neither subnetID nor subnetName provided")
+	subnetID, err := r.determineSubnetID(ctx, nodeENI, log)
+	if err != nil {
+		return "", err
 	}
 
 	// Determine the security group IDs to use
@@ -527,6 +517,54 @@ func (r *NodeENIReconciler) createENI(ctx context.Context, nodeENI *networkingv1
 	return eniID, nil
 }
 
+// determineSubnetID determines which subnet ID to use for creating an ENI
+func (r *NodeENIReconciler) determineSubnetID(ctx context.Context, nodeENI *networkingv1alpha1.NodeENI, log logr.Logger) (string, error) {
+	// Priority order:
+	// 1. Single SubnetID if specified
+	// 2. Multiple SubnetIDs if specified
+	// 3. Single SubnetName if specified
+	// 4. Multiple SubnetNames if specified
+
+	// Check for single SubnetID (backward compatibility)
+	if nodeENI.Spec.SubnetID != "" {
+		return nodeENI.Spec.SubnetID, nil
+	}
+
+	// Check for multiple SubnetIDs
+	if len(nodeENI.Spec.SubnetIDs) > 0 {
+		// For now, simply use the first subnet in the list
+		// In the future, this could be enhanced with more sophisticated selection logic
+		subnetID := nodeENI.Spec.SubnetIDs[0]
+		log.Info("Selected subnet ID from list", "subnetID", subnetID, "totalSubnets", len(nodeENI.Spec.SubnetIDs))
+		return subnetID, nil
+	}
+
+	// Check for single SubnetName (backward compatibility)
+	if nodeENI.Spec.SubnetName != "" {
+		subnetID, err := r.AWS.GetSubnetIDByName(ctx, nodeENI.Spec.SubnetName)
+		if err != nil {
+			return "", fmt.Errorf("failed to get subnet ID from name %s: %v", nodeENI.Spec.SubnetName, err)
+		}
+		log.Info("Resolved subnet name to ID", "subnetName", nodeENI.Spec.SubnetName, "subnetID", subnetID)
+		return subnetID, nil
+	}
+
+	// Check for multiple SubnetNames
+	if len(nodeENI.Spec.SubnetNames) > 0 {
+		// For now, simply use the first subnet name in the list
+		subnetName := nodeENI.Spec.SubnetNames[0]
+		subnetID, err := r.AWS.GetSubnetIDByName(ctx, subnetName)
+		if err != nil {
+			return "", fmt.Errorf("failed to get subnet ID from name %s: %v", subnetName, err)
+		}
+		log.Info("Resolved subnet name to ID from list", "subnetName", subnetName, "subnetID", subnetID, "totalSubnets", len(nodeENI.Spec.SubnetNames))
+		return subnetID, nil
+	}
+
+	// No subnet information provided
+	return "", fmt.Errorf("no subnet information provided (subnetID, subnetIDs, subnetName, or subnetNames)")
+}
+
 // attachENI attaches an ENI to an EC2 instance
 func (r *NodeENIReconciler) attachENI(ctx context.Context, eniID, instanceID string, deviceIndex int) (string, error) {
 	// Use default device index if not specified