[Draft] EFA daemonset changes for Neuron instances

[Pavani-Panakanti]

Issue

Update daemonset config changes required for neuron instances

Description of changes

1. Dual DaemonSet Architecture

• Split into two DaemonSets: regular and privileged
• Regular DaemonSet: targets standard EFA instances with restricted security context
• Privileged DaemonSet: targets inf/trn instances with privileged security context
• Mutually exclusive node targeting ensures no conflicts

2. Security Context Differentiation

• Added privilegedSecurityContext in values.yaml for neuron instances
• privileged: true, allowPrivilegeEscalation: true, runAsUser: 0
• Existing securityContext unchanged for backward compatibility

3. Instance Type Lists

• Added privilegedSupportedInstanceLabels for neuron instances (inf1.24xlarge, trn1.32xlarge, etc.)
• Existing supportedInstanceLabels excludes privileged instances
• Lists are mutually exclusive by design

4. Neuron-Specific Volume Mounts

• Added /opt/aws/neuron/ volume mount only to privileged DaemonSet
• Required for neuron tooling access on inf/trn instances

Backward compatible

Testing

Will update

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.