Feature Request: Support `enclaveOptions` in EC2NodeClass for AWS Nitro Enclaves

[SantoshK07bec]

Feature Request: Support enclaveOptions in EC2NodeClass for AWS Nitro Enclaves

Description

Karpenter's EC2NodeClass currently has no way to enable AWS Nitro Enclaves on provisioned instances. The EC2 RunInstances / CreateFleet API supports EnclaveOptions: { Enabled: true }, and CloudFormation's AWS::EC2::LaunchTemplate supports EnclaveOptions, but Karpenter's internally-generated launch templates do not expose this setting.

This means it's impossible to use Karpenter-provisioned nodes for Nitro Enclave workloads — the only option is to fall back to managed node groups with custom launch templates.

Use Case

Confidential computing workloads that run sensitive inference (e.g., LLMs processing PHI/PII) inside Nitro Enclaves on EKS. These workloads need:

1. Enclave-capable instance types (c7i, m7i, r7i, inf2, g5, p5, etc.)
2. EnclaveOptions: { Enabled: true } set at instance launch time
3. Userdata to install aws-nitro-enclaves-cli and configure the allocator
4. The Nitro Enclaves K8s device plugin DaemonSet to expose /dev/nitro_enclaves

Steps 1, 3, and 4 are already possible with Karpenter (instance type constraints in NodePool, userData in EC2NodeClass, and DaemonSet). Only step 2 is missing.

Proposed Solution

Add an enclaveOptions field to the EC2NodeClass spec:

apiVersion: karpenter.k8s.aws/v1
kind: EC2NodeClass
metadata:
  name: enclave-nodes
spec:
  enclaveOptions:
    enabled: true    # Maps to EnclaveOptions.Enabled in the launch template
  amiSelectorTerms:
    - alias: al2023@latest
  # ... rest of spec

When enclaveOptions.enabled is true, Karpenter should include EnclaveOptions: { Enabled: true } in the launch template it generates for CreateFleet.

Current Workaround

The only workaround is to use a managed node group with a custom launch template that has EnclaveOptions: Enabled: true, as recommended in the AWS Nitro Enclaves + EKS documentation. This means enclave workloads cannot benefit from Karpenter's just-in-time provisioning, bin-packing, or consolidation.

References

• AWS Nitro Enclaves + EKS User Guide — uses managed node groups, not Karpenter
• EC2 LaunchTemplate EnclaveOptions — the CFN property that needs to be mapped
• aws/aws-nitro-enclaves-with-k8s — official AWS tools for Enclaves on EKS (uses eksctl + managed node groups)
• Nitro Enclaves supported instance types — comprehensive list including GPU (g5, p5) and ML accelerator (inf2, trn2) instances

Impact

Nitro Enclaves are increasingly important for:

• Confidential AI/ML inference (LLMs processing sensitive data inside enclaves)
• Healthcare (PHI processing per HIPAA requirements)
• Financial services (cryptographic key management, transaction signing)
• Multi-party computation (model IP protection + data privacy)

AWS published multiple blog posts in 2024-2025 about running LLM inference inside Nitro Enclaves (Healthcare GenAI blog, Leidos LLM inference blog), but all of these require managed node groups because Karpenter doesn't support enclaveOptions.

Adding this single field would enable the entire Nitro Enclaves + EKS ecosystem to work with Karpenter.