Skip to content

Commit e8d4e67

Browse files
CharlieR-o-o-tCharlieR-o-o-t
committed
✨ Add ability to control "EKS Auto Mode" for EKS clusters
Signed-off-by: Siarhei Rasiukevich <[email protected]>
1 parent e906ef4 commit e8d4e67

12 files changed

+1303
-209
lines changed

config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2298,6 +2298,15 @@ spec:
22982298
AssociateOIDCProvider can be enabled to automatically create an identity
22992299
provider for the controller for use with IAM roles for service accounts
23002300
type: boolean
2301+
autoMode:
2302+
default: false
2303+
description: |-
2304+
autoMode indicates the EKS Auto Mode state for control-plane.
2305+
If you set this value to false, the following params will be disabled for EKS:
2306+
AWS::EKS::Cluster KubernetesNetworkConfig ElasticLoadBalancing Enabled -> false.
2307+
AWS::EKS::Cluster StorageConfig blockStorage Enabled -> false.
2308+
AWS::EKS::Cluster ComputeConfig Enabled -> false.
2309+
type: boolean
23012310
bastion:
23022311
description: Bastion contains options to configure the bastion host.
23032312
properties:
@@ -3339,6 +3348,8 @@ spec:
33393348
type: object
33403349
type: array
33413350
type: object
3351+
required:
3352+
- autoMode
33423353
type: object
33433354
status:
33443355
description: AWSManagedControlPlaneStatus defines the observed state of

config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanetemplates.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,15 @@ spec:
107107
AssociateOIDCProvider can be enabled to automatically create an identity
108108
provider for the controller for use with IAM roles for service accounts
109109
type: boolean
110+
autoMode:
111+
default: false
112+
description: |-
113+
autoMode indicates the EKS Auto Mode state for control-plane.
114+
If you set this value to false, the following params will be disabled for EKS:
115+
AWS::EKS::Cluster KubernetesNetworkConfig ElasticLoadBalancing Enabled -> false.
116+
AWS::EKS::Cluster StorageConfig blockStorage Enabled -> false.
117+
AWS::EKS::Cluster ComputeConfig Enabled -> false.
118+
type: boolean
110119
bastion:
111120
description: Bastion contains options to configure the bastion
112121
host.
@@ -1166,6 +1175,8 @@ spec:
11661175
type: object
11671176
type: array
11681177
type: object
1178+
required:
1179+
- autoMode
11691180
type: object
11701181
required:
11711182
- spec

controlplane/eks/api/v1beta1/conversion.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,7 @@ func (r *AWSManagedControlPlane) ConvertTo(dstRaw conversion.Hub) error {
121121
dst.Spec.RolePermissionsBoundary = restored.Spec.RolePermissionsBoundary
122122
dst.Status.Version = restored.Status.Version
123123
dst.Spec.BootstrapSelfManagedAddons = restored.Spec.BootstrapSelfManagedAddons
124+
dst.Spec.AutoMode = restored.Spec.AutoMode
124125
return nil
125126
}
126127

controlplane/eks/api/v1beta1/zz_generated.conversion.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

controlplane/eks/api/v1beta2/awsmanagedcontrolplane_types.go

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -200,7 +200,15 @@ type AWSManagedControlPlaneSpec struct { //nolint: maligned
200200
// bare EKS cluster without EKS default networking addons
201201
// If you set this value to false when creating a cluster, the default networking add-ons will not be installed
202202
// +kubebuilder:default=true
203-
BootstrapSelfManagedAddons bool `json:"bootstrapSelfManagedAddons,omitempty"`
203+
BootstrapSelfManagedAddons *bool `json:"bootstrapSelfManagedAddons,omitempty"`
204+
205+
// autoMode indicates the EKS Auto Mode state for control-plane.
206+
// If you set this value to false, the following params will be disabled for EKS:
207+
// AWS::EKS::Cluster KubernetesNetworkConfig ElasticLoadBalancing Enabled -> false.
208+
// AWS::EKS::Cluster StorageConfig blockStorage Enabled -> false.
209+
// AWS::EKS::Cluster ComputeConfig Enabled -> false.
210+
// +kubebuilder:default=false
211+
AutoMode *bool `json:"autoMode"`
204212

205213
// RestrictPrivateSubnets indicates that the EKS control plane should only use private subnets.
206214
// +kubebuilder:default=false

controlplane/eks/api/v1beta2/awsmanagedcontrolplane_webhook.go

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ import (
2222
"net"
2323

2424
"github.com/apparentlymart/go-cidr/cidr"
25+
"github.com/aws/aws-sdk-go-v2/aws"
2526
"github.com/pkg/errors"
2627
apierrors "k8s.io/apimachinery/pkg/api/errors"
2728
"k8s.io/apimachinery/pkg/runtime"
@@ -572,6 +573,13 @@ func (*awsManagedControlPlaneWebhook) Default(_ context.Context, obj runtime.Obj
572573
infrav1.SetDefaults_NetworkSpec(&r.Spec.NetworkSpec)
573574

574575
// Set default value for BootstrapSelfManagedAddons
575-
r.Spec.BootstrapSelfManagedAddons = true
576+
if r.Spec.BootstrapSelfManagedAddons == nil {
577+
r.Spec.BootstrapSelfManagedAddons = aws.Bool(true)
578+
}
579+
580+
// Set default value for AutoMode
581+
if r.Spec.AutoMode == nil {
582+
r.Spec.AutoMode = aws.Bool(false)
583+
}
576584
return nil
577585
}

controlplane/eks/api/v1beta2/awsmanagedcontrolplane_webhook_test.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -85,52 +85,52 @@ func TestDefaultingWebhook(t *testing.T) {
8585
resourceName: "cluster1",
8686
resourceNS: "default",
8787
expectHash: false,
88-
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
88+
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: aws.Bool(true), AutoMode: aws.Bool(true)},
8989
},
9090
{
9191
name: "less than 100 chars, dot in name",
9292
resourceName: "team1.cluster1",
9393
resourceNS: "default",
9494
expectHash: false,
95-
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_team1_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
95+
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_team1_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: aws.Bool(true), AutoMode: aws.Bool(true)},
9696
},
9797
{
9898
name: "more than 100 chars",
9999
resourceName: "abcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcde",
100100
resourceNS: "default",
101101
expectHash: true,
102-
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "capi_", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
102+
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "capi_", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: aws.Bool(true), AutoMode: aws.Bool(true)},
103103
},
104104
{
105105
name: "with patch",
106106
resourceName: "cluster1",
107107
resourceNS: "default",
108108
expectHash: false,
109109
spec: AWSManagedControlPlaneSpec{Version: &vV1_17_1},
110-
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", Version: &vV1_17_1, IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
110+
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", Version: &vV1_17_1, IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: aws.Bool(true), AutoMode: aws.Bool(true)},
111111
},
112112
{
113113
name: "with allowed ip on bastion",
114114
resourceName: "cluster1",
115115
resourceNS: "default",
116116
expectHash: false,
117117
spec: AWSManagedControlPlaneSpec{Bastion: infrav1.Bastion{AllowedCIDRBlocks: []string{"100.100.100.100/0"}}},
118-
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: infrav1.Bastion{AllowedCIDRBlocks: []string{"100.100.100.100/0"}}, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
118+
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: infrav1.Bastion{AllowedCIDRBlocks: []string{"100.100.100.100/0"}}, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: aws.Bool(true), AutoMode: aws.Bool(true)},
119119
},
120120
{
121121
name: "with CNI on network",
122122
resourceName: "cluster1",
123123
resourceNS: "default",
124124
expectHash: false,
125125
spec: AWSManagedControlPlaneSpec{NetworkSpec: infrav1.NetworkSpec{CNI: &infrav1.CNISpec{}}},
126-
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: infrav1.NetworkSpec{CNI: &infrav1.CNISpec{}, VPC: defaultVPCSpec}, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
126+
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: infrav1.NetworkSpec{CNI: &infrav1.CNISpec{}, VPC: defaultVPCSpec}, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: aws.Bool(true), AutoMode: aws.Bool(true)},
127127
},
128128
{
129129
name: "secondary CIDR",
130130
resourceName: "cluster1",
131131
resourceNS: "default",
132132
expectHash: false,
133-
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, SecondaryCidrBlock: nil, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
133+
expectSpec: AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, SecondaryCidrBlock: nil, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: aws.Bool(true), AutoMode: aws.Bool(true)},
134134
},
135135
}
136136

controlplane/eks/api/v1beta2/zz_generated.deepcopy.go

Lines changed: 10 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)