[PLT-3962] Add MachinePool support for EKS in cloud-provisioner

pkg/cluster/internal/create/actions/createworker/createworker.go

@@ -168,9 +168,21 @@ func (a *action) Execute(ctx *actions.ActionContext) error {
 	}
 
 	awsEKSEnabled := a.keosCluster.Spec.InfraProvider == "aws" && a.keosCluster.Spec.ControlPlane.Managed
-	isMachinePool := a.keosCluster.Spec.InfraProvider != "aws" && a.keosCluster.Spec.ControlPlane.Managed
 	gcpGKEEnabled := a.keosCluster.Spec.InfraProvider == "gcp" && a.keosCluster.Spec.ControlPlane.Managed
 
+	hasMachinePool := a.keosCluster.Spec.InfraProvider != "aws" && a.keosCluster.Spec.ControlPlane.Managed
+	hasMachineDeployment := false
+	if awsEKSEnabled {
+		for _, wn := range a.keosCluster.Spec.WorkerNodes {
+			if wn.NodeImage != "" {
+				hasMachineDeployment = true
+			} else {
+				hasMachinePool = true
+			}
+		}
+	}
+	isMachinePool := hasMachinePool && !hasMachineDeployment
+
 	var privateParams PrivateParams
 	if a.clusterConfig != nil {
 		privateParams = PrivateParams{
@@ -691,7 +703,7 @@ spec:
 			}
 		}
 
-		if isMachinePool {
+		if hasMachinePool {
 			// Wait for all the machine pools to be ready
 			c = "kubectl -n " + capiClustersNamespace + " wait --for=condition=Ready --timeout=15m --all mp"
 			_, err = commons.ExecuteCommand(n, c, 5, 3)
@@ -704,7 +716,8 @@ spec:
 			if err != nil {
 				return errors.Wrap(err, "failed to wait for container metrics to be available")
 			}
-		} else {
+		}
+		if hasMachineDeployment {
 			// Wait for all the machine deployments to be ready
 			c = "kubectl -n " + capiClustersNamespace + " wait --for=condition=Ready --timeout=15m --all md"
 
@@ -1020,7 +1033,7 @@ spec:
 		ctx.Status.End(true) // End Installing StorageClass in workload cluster
 
 		if !a.clusterConfig.Spec.GitOpsEnabled {
-			if a.keosCluster.Spec.DeployAutoscaler && !isMachinePool {
+			if a.keosCluster.Spec.DeployAutoscaler && (!isMachinePool || awsEKSEnabled) {
 				ctx.Status.Start("Installing cluster-autoscaler in workload cluster 💻")
 				defer ctx.Status.End(false)
 

pkg/cluster/internal/create/actions/createworker/templates/aws/32/aws-load-balancer-controller-helm-values.tmpl

@@ -1,3 +1,5 @@
+replicaCount: 1
+
 image:
   repository: {{ if $.Private }}{{ $.KeosRegUrl }}{{ else }}public.ecr.aws{{ end }}/eks/aws-load-balancer-controller
   #tag: v2.14.1

pkg/cluster/internal/create/actions/createworker/templates/common/autoscaler_rbac.tmpl

@@ -9,7 +9,12 @@ rules:
   - apiGroups:
     - infrastructure.cluster.x-k8s.io
     resources:
+    {{- if and (eq $.Spec.InfraProvider "aws") $.Spec.ControlPlane.Managed }}
+    - awsmanagedmachinepools
+    - awsmachinetemplates
+    {{- else }}
     - {{ $.Spec.InfraProvider }}machinetemplates
+    {{- end }}
     verbs:
     - get
     - list

pkg/cluster/internal/providers/docker/stratio/Dockerfile

@@ -3,6 +3,8 @@ FROM kindest/node:v1.34.0
 # Init feature gates
 ENV CLUSTER_TOPOLOGY=true
 ENV CLUSTERCTL_DISABLE_VERSIONCHECK=true
+ENV EXP_MACHINE_POOL=true
+ENV CAPA_EKS_ADD_ROLES=true
 
 # Core tool/version args
 ARG CLUSTERCTL=v1.10.8

pkg/cluster/internal/validate/aws.go

@@ -177,6 +177,12 @@ func validateAWS(spec commons.KeosSpec, providerSecrets map[string]string) error
 				return errors.New("spec.worker_nodes." + wn.Name + ": \"node_image\": must have the format " + AWSNodeImageFormat)
 			}
 		}
+		if wn.AmiType != "" && wn.NodeImage != "" {
+			return errors.New("spec.worker_nodes." + wn.Name + ": ami_type and node_image are mutually exclusive")
+		}
+		if wn.AmiType != "" && !spec.ControlPlane.Managed {
+			return errors.New("spec.worker_nodes." + wn.Name + ": ami_type is only valid for EKS managed clusters")
+		}
 		if wn.AZ != "" {
 			if len(azs) > 0 {
 				if !commons.Contains(azs, wn.AZ) {

pkg/commons/cluster.go

@@ -295,6 +295,7 @@ type Security struct {
 type WorkerNodes []struct {
 	Name             string            `yaml:"name" validate:"required"`
 	NodeImage        string            `yaml:"node_image,omitempty"`
+	AmiType          string            `yaml:"ami_type,omitempty" validate:"omitempty,oneof=BOTTLEROCKET_x86_64"`
 	Quantity         *int              `yaml:"quantity" validate:"required,numeric,gte=0"`
 	Size             string            `yaml:"size" validate:"required"`
 	ZoneDistribution string            `yaml:"zone_distribution,omitempty" validate:"omitempty,oneof='balanced' 'unbalanced'"`

stratio-docs/en/modules/ROOT/assets/attachments/stratio-eks-policy.json

@@ -114,12 +114,45 @@
               "iam:TagOpenIDConnectProvider",
               "iam:ListAttachedRolePolicies",
               "iam:CreateRole",
-              "iam:TagRole"
+              "iam:TagRole",
+              "iam:UntagRole"
           ],
           "Resource": [
               "arn:aws:iam::${AWS_ACCOUNT_ID}:role/*",
               "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/*"
           ]
+      },
+      {
+          "Sid": "CAPALaunchTemplates",
+          "Effect": "Allow",
+          "Action": [
+              "ec2:CreateLaunchTemplate",
+              "ec2:CreateLaunchTemplateVersion",
+              "ec2:DescribeLaunchTemplates",
+              "ec2:DescribeLaunchTemplateVersions",
+              "ec2:DeleteLaunchTemplate",
+              "ec2:DeleteLaunchTemplateVersions",
+              "ec2:DescribeKeyPairs",
+              "eks:TagResource",
+              "eks:UntagResource",
+              "eks:UpdateNodegroupConfig",
+              "iam:TagRole",
+              "iam:UntagRole"
+          ],
+          "Resource": "*"
+      },
+      {
+          "Sid": "CAPAAutoScalingGroups",
+          "Effect": "Allow",
+          "Action": [
+              "autoscaling:CreateAutoScalingGroup",
+              "autoscaling:UpdateAutoScalingGroup",
+              "autoscaling:CreateOrUpdateTags",
+              "autoscaling:StartInstanceRefresh",
+              "autoscaling:DeleteAutoScalingGroup",
+              "autoscaling:DeleteTags"
+          ],
+          "Resource": "arn:aws:autoscaling:*:${AWS_ACCOUNT_ID}:autoScalingGroup:*:autoScalingGroupName/*"
       }
   ]
 }

stratio-docs/en/modules/operations-manual/assets/attachments/stratio-eks-policy.json

@@ -114,12 +114,45 @@
               "iam:TagOpenIDConnectProvider",
               "iam:ListAttachedRolePolicies",
               "iam:CreateRole",
-              "iam:TagRole"
+              "iam:TagRole",
+              "iam:UntagRole"
           ],
           "Resource": [
               "arn:aws:iam::${AWS_ACCOUNT_ID}:role/*",
               "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/*"
           ]
+      },
+      {
+          "Sid": "CAPALaunchTemplates",
+          "Effect": "Allow",
+          "Action": [
+              "ec2:CreateLaunchTemplate",
+              "ec2:CreateLaunchTemplateVersion",
+              "ec2:DescribeLaunchTemplates",
+              "ec2:DescribeLaunchTemplateVersions",
+              "ec2:DeleteLaunchTemplate",
+              "ec2:DeleteLaunchTemplateVersions",
+              "ec2:DescribeKeyPairs",
+              "eks:TagResource",
+              "eks:UntagResource",
+              "eks:UpdateNodegroupConfig",
+              "iam:TagRole",
+              "iam:UntagRole"
+          ],
+          "Resource": "*"
+      },
+      {
+          "Sid": "CAPAAutoScalingGroups",
+          "Effect": "Allow",
+          "Action": [
+              "autoscaling:CreateAutoScalingGroup",
+              "autoscaling:UpdateAutoScalingGroup",
+              "autoscaling:CreateOrUpdateTags",
+              "autoscaling:StartInstanceRefresh",
+              "autoscaling:DeleteAutoScalingGroup",
+              "autoscaling:DeleteTags"
+          ],
+          "Resource": "arn:aws:autoscaling:*:${AWS_ACCOUNT_ID}:autoScalingGroup:*:autoScalingGroupName/*"
       }
   ]
 }

stratio-docs/en/modules/operations-manual/pages/installation.adoc

@@ -1107,6 +1107,7 @@ $ cat << EOF > policy.json
 				"ec2:DescribeSecurityGroups",
 				"ec2:DescribeSubnets",
 				"elasticloadbalancing:DescribeListeners",
+				"elasticloadbalancing:DescribeListenerAttributes",
 				"elasticloadbalancing:DescribeLoadBalancers",
 				"elasticloadbalancing:DescribeLoadBalancerAttributes",
 				"elasticloadbalancing:DescribeRules",

stratio-docs/es/modules/ROOT/assets/attachments/stratio-eks-policy.json

@@ -114,12 +114,45 @@
               "iam:TagOpenIDConnectProvider",
               "iam:ListAttachedRolePolicies",
               "iam:CreateRole",
-              "iam:TagRole"
+              "iam:TagRole",
+              "iam:UntagRole"
           ],
           "Resource": [
               "arn:aws:iam::${AWS_ACCOUNT_ID}:role/*",
               "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/*"
           ]
+      },
+      {
+          "Sid": "CAPALaunchTemplates",
+          "Effect": "Allow",
+          "Action": [
+              "ec2:CreateLaunchTemplate",
+              "ec2:CreateLaunchTemplateVersion",
+              "ec2:DescribeLaunchTemplates",
+              "ec2:DescribeLaunchTemplateVersions",
+              "ec2:DeleteLaunchTemplate",
+              "ec2:DeleteLaunchTemplateVersions",
+              "ec2:DescribeKeyPairs",
+              "eks:TagResource",
+              "eks:UntagResource",
+              "eks:UpdateNodegroupConfig",
+              "iam:TagRole",
+              "iam:UntagRole"
+          ],
+          "Resource": "*"
+      },
+      {
+          "Sid": "CAPAAutoScalingGroups",
+          "Effect": "Allow",
+          "Action": [
+              "autoscaling:CreateAutoScalingGroup",
+              "autoscaling:UpdateAutoScalingGroup",
+              "autoscaling:CreateOrUpdateTags",
+              "autoscaling:StartInstanceRefresh",
+              "autoscaling:DeleteAutoScalingGroup",
+              "autoscaling:DeleteTags"
+          ],
+          "Resource": "arn:aws:autoscaling:*:${AWS_ACCOUNT_ID}:autoScalingGroup:*:autoScalingGroupName/*"
       }
   ]
 }

stratio-docs/es/modules/operations-manual/assets/attachments/stratio-eks-policy.json

@@ -114,12 +114,45 @@
               "iam:TagOpenIDConnectProvider",
               "iam:ListAttachedRolePolicies",
               "iam:CreateRole",
-              "iam:TagRole"
+              "iam:TagRole",
+              "iam:UntagRole"
           ],
           "Resource": [
               "arn:aws:iam::${AWS_ACCOUNT_ID}:role/*",
               "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/*"
           ]
+      },
+      {
+          "Sid": "CAPALaunchTemplates",
+          "Effect": "Allow",
+          "Action": [
+              "ec2:CreateLaunchTemplate",
+              "ec2:CreateLaunchTemplateVersion",
+              "ec2:DescribeLaunchTemplates",
+              "ec2:DescribeLaunchTemplateVersions",
+              "ec2:DeleteLaunchTemplate",
+              "ec2:DeleteLaunchTemplateVersions",
+              "ec2:DescribeKeyPairs",
+              "eks:TagResource",
+              "eks:UntagResource",
+              "eks:UpdateNodegroupConfig",
+              "iam:TagRole",
+              "iam:UntagRole"
+          ],
+          "Resource": "*"
+      },
+      {
+          "Sid": "CAPAAutoScalingGroups",
+          "Effect": "Allow",
+          "Action": [
+              "autoscaling:CreateAutoScalingGroup",
+              "autoscaling:UpdateAutoScalingGroup",
+              "autoscaling:CreateOrUpdateTags",
+              "autoscaling:StartInstanceRefresh",
+              "autoscaling:DeleteAutoScalingGroup",
+              "autoscaling:DeleteTags"
+          ],
+          "Resource": "arn:aws:autoscaling:*:${AWS_ACCOUNT_ID}:autoScalingGroup:*:autoScalingGroupName/*"
       }
   ]
 }

stratio-docs/es/modules/operations-manual/pages/installation.adoc

@@ -1107,6 +1107,7 @@ $ cat << EOF > policy.json
 				"ec2:DescribeSecurityGroups",
 				"ec2:DescribeSubnets",
 				"elasticloadbalancing:DescribeListeners",
+				"elasticloadbalancing:DescribeListenerAttributes",
 				"elasticloadbalancing:DescribeLoadBalancers",
 				"elasticloadbalancing:DescribeLoadBalancerAttributes",
 				"elasticloadbalancing:DescribeRules",