From d70fff18cd0d750bb65bc98852f262b8bd29e1dc Mon Sep 17 00:00:00 2001 From: Tibi <110664232+TiberiuGC@users.noreply.github.com> Date: Tue, 8 Oct 2024 17:15:57 +0300 Subject: [PATCH] Disallow `overrideBootstrapCommand` and `preBootstrapCommands` for MNG AL2023 (#7990) disallow overrideBootstrapCommand and preBootstrapCommands for MNG AL2023 --- pkg/apis/eksctl.io/v1alpha5/validation.go | 23 ++++++--- .../eksctl.io/v1alpha5/validation_test.go | 51 ++++++++++++------- 2 files changed, 50 insertions(+), 24 deletions(-) diff --git a/pkg/apis/eksctl.io/v1alpha5/validation.go b/pkg/apis/eksctl.io/v1alpha5/validation.go index 1ac66eab99..cd8212afc8 100644 --- a/pkg/apis/eksctl.io/v1alpha5/validation.go +++ b/pkg/apis/eksctl.io/v1alpha5/validation.go @@ -687,6 +687,22 @@ func validateNodeGroupBase(np NodePool, path string, controlPlaneOnOutposts bool } } + if ng.AMIFamily == NodeImageFamilyAmazonLinux2023 { + fieldNotSupported := func(field string) error { + return &unsupportedFieldError{ + ng: ng, + path: path, + field: field, + } + } + if ng.PreBootstrapCommands != nil { + return fieldNotSupported("preBootstrapCommands") + } + if ng.OverrideBootstrapCommand != nil { + return fieldNotSupported("overrideBootstrapCommand") + } + } + if ng.CapacityReservation != nil { if ng.CapacityReservation.CapacityReservationPreference != nil { if ng.CapacityReservation.CapacityReservationTarget != nil { @@ -871,13 +887,6 @@ func ValidateNodeGroup(i int, ng *NodeGroup, cfg *ClusterConfig) error { if ng.KubeletExtraConfig != nil { return fieldNotSupported("kubeletExtraConfig") } - } else if ng.AMIFamily == NodeImageFamilyAmazonLinux2023 { - if ng.PreBootstrapCommands != nil { - return fieldNotSupported("preBootstrapCommands") - } - if ng.OverrideBootstrapCommand != nil { - return fieldNotSupported("overrideBootstrapCommand") - } } else if ng.AMIFamily == NodeImageFamilyBottlerocket { if ng.KubeletExtraConfig != nil { return fieldNotSupported("kubeletExtraConfig") diff --git a/pkg/apis/eksctl.io/v1alpha5/validation_test.go b/pkg/apis/eksctl.io/v1alpha5/validation_test.go index a34a1880d2..1fa4b2eed1 100644 --- a/pkg/apis/eksctl.io/v1alpha5/validation_test.go +++ b/pkg/apis/eksctl.io/v1alpha5/validation_test.go @@ -171,14 +171,6 @@ var _ = Describe("ClusterConfig validation", func() { errMsg := fmt.Sprintf("overrideBootstrapCommand is required when using a custom AMI based on %s", ng0.AMIFamily) Expect(api.ValidateNodeGroup(0, ng0, cfg)).To(MatchError(ContainSubstring(errMsg))) }) - It("should not require overrideBootstrapCommand if ami is set and type is AmazonLinux2023", func() { - cfg := api.NewClusterConfig() - ng0 := cfg.NewNodeGroup() - ng0.Name = "node-group" - ng0.AMI = "ami-1234" - ng0.AMIFamily = api.NodeImageFamilyAmazonLinux2023 - Expect(api.ValidateNodeGroup(0, ng0, cfg)).To(Succeed()) - }) It("should not require overrideBootstrapCommand if ami is set and type is Bottlerocket", func() { cfg := api.NewClusterConfig() ng0 := cfg.NewNodeGroup() @@ -204,15 +196,6 @@ var _ = Describe("ClusterConfig validation", func() { ng0.OverrideBootstrapCommand = aws.String("echo 'yo'") Expect(api.ValidateNodeGroup(0, ng0, cfg)).To(Succeed()) }) - It("should throw an error if overrideBootstrapCommand is set and type is AmazonLinux2023", func() { - cfg := api.NewClusterConfig() - ng0 := cfg.NewNodeGroup() - ng0.Name = "node-group" - ng0.AMI = "ami-1234" - ng0.AMIFamily = api.NodeImageFamilyAmazonLinux2023 - ng0.OverrideBootstrapCommand = aws.String("echo 'yo'") - Expect(api.ValidateNodeGroup(0, ng0, cfg)).To(MatchError(ContainSubstring(fmt.Sprintf("overrideBootstrapCommand is not supported for %s nodegroups", api.NodeImageFamilyAmazonLinux2023)))) - }) It("should throw an error if overrideBootstrapCommand is set and type is Bottlerocket", func() { cfg := api.NewClusterConfig() ng0 := cfg.NewNodeGroup() @@ -2104,6 +2087,40 @@ var _ = Describe("ClusterConfig validation", func() { err := api.ValidateManagedNodeGroup(0, ng) Expect(err).To(MatchError(ContainSubstring("eksctl does not support configuring maxPodsPerNode EKS-managed nodes"))) }) + It("returns an error when setting preBootstrapCommands for self-managed nodegroups", func() { + cfg := api.NewClusterConfig() + ng := cfg.NewNodeGroup() + ng.Name = "node-group" + ng.AMI = "ami-1234" + ng.AMIFamily = api.NodeImageFamilyAmazonLinux2023 + ng.PreBootstrapCommands = []string{"echo 'rubarb'"} + Expect(api.ValidateNodeGroup(0, ng, cfg)).To(MatchError(ContainSubstring(fmt.Sprintf("preBootstrapCommands is not supported for %s nodegroups", api.NodeImageFamilyAmazonLinux2023)))) + }) + It("returns an error when setting overrideBootstrapCommand for self-managed nodegroups", func() { + cfg := api.NewClusterConfig() + ng := cfg.NewNodeGroup() + ng.Name = "node-group" + ng.AMI = "ami-1234" + ng.AMIFamily = api.NodeImageFamilyAmazonLinux2023 + ng.OverrideBootstrapCommand = aws.String("echo 'rubarb'") + Expect(api.ValidateNodeGroup(0, ng, cfg)).To(MatchError(ContainSubstring(fmt.Sprintf("overrideBootstrapCommand is not supported for %s nodegroups", api.NodeImageFamilyAmazonLinux2023)))) + }) + It("returns an error when setting preBootstrapCommands for EKS-managed nodegroups", func() { + ng := api.NewManagedNodeGroup() + ng.Name = "node-group" + ng.AMI = "ami-1234" + ng.AMIFamily = api.NodeImageFamilyAmazonLinux2023 + ng.PreBootstrapCommands = []string{"echo 'rubarb'"} + Expect(api.ValidateManagedNodeGroup(0, ng)).To(MatchError(ContainSubstring(fmt.Sprintf("preBootstrapCommands is not supported for %s nodegroups", api.NodeImageFamilyAmazonLinux2023)))) + }) + It("returns an error when setting overrideBootstrapCommand for EKS-managed nodegroups", func() { + ng := api.NewManagedNodeGroup() + ng.Name = "node-group" + ng.AMI = "ami-1234" + ng.AMIFamily = api.NodeImageFamilyAmazonLinux2023 + ng.OverrideBootstrapCommand = aws.String("echo 'rubarb'") + Expect(api.ValidateManagedNodeGroup(0, ng)).To(MatchError(ContainSubstring(fmt.Sprintf("overrideBootstrapCommand is not supported for %s nodegroups", api.NodeImageFamilyAmazonLinux2023)))) + }) }) Describe("Windows node groups", func() {