fix: addresses review commnets

faiq · faiq · commit 2d348f8f64f7 · 2025-12-01T10:12:38.000-08:00
diff --git a/bootstrap/eks/internal/userdata/utils.go b/bootstrap/eks/internal/userdata/utils.go
@@ -50,16 +50,16 @@ func templateToYAML(r *runtime.RawExtension) (string, error) {
 		}
 		return string(b), nil
 	}
-	if len(r.Raw) > 0 {
-		if yb, err := yaml.JSONToYAML(r.Raw); err == nil {
-			return string(yb), nil
-		}
-		var temp interface{}
-		err := yaml.Unmarshal(r.Raw, &temp)
-		if err == nil {
-			return string(r.Raw), nil
-		}
-		return "", fmt.Errorf("runtime object raw is neither json nor yaml %s", string(r.Raw))
+	if len(r.Raw) == 0 {
+		return "", nil
+	}
+	if yb, err := yaml.JSONToYAML(r.Raw); err == nil {
+		return string(yb), nil
+	}
+	var temp interface{}
+	err := yaml.Unmarshal(r.Raw, &temp)
+	if err == nil {
+		return string(r.Raw), nil
 	}
-	return "", nil
+	return "", fmt.Errorf("runtime object raw is neither json nor yaml %s", string(r.Raw))
 }
diff --git a/docs/book/src/topics/eks/creating-a-cluster.md b/docs/book/src/topics/eks/creating-a-cluster.md
@@ -35,6 +35,11 @@ The provider you must use depends on the Amazon Machine Image (AMI) and Kubernet
 
 When you generate a cluster, you will need to ensure your `MachineDeployment` or `MachinePool` references the correct bootstrap template `kind`.
 
+NOTE:
+
+- [The EKS team stopped publishing Al2 AMIs for Kubernetes versions 1.33 and higher.](https://awslabs.github.io/amazon-eks-ami/usage/al2/)
+- [Amazon Linux 2 end of support date (End of Life, or EOL) will be on 2026-06-30.](https://aws.amazon.com/amazon-linux-2/faqs/)
+
 **For AL2 / K8s $\le$ v1.32, use `EKSConfigTemplate`:**
 ```yaml
 apiVersion: cluster.x-k8s.io/v1beta1
@@ -54,7 +59,9 @@ spec:
 
 ### Secrets Manager
 
-Amazon Linux 2023 does not have the proper tooling to use the secrets manager flow for bootstrapping. Therefore, whenever creating `AWSMachineTemplate` objects  `insecureSkipSecretsManager` must be set to false
+Amazon Linux 2023 does not have the proper tooling to use the secrets manager flow for bootstrapping. CAPA uses a [custom cloud-init datasource](https://github.com/kubernetes-sigs/image-builder/pull/1583) to fetch the secure contents like the `kubeadm` tokens from secrets manager. Crucially, there is no current support for publishing CAPA-compatible AL2023 AMIs that include this necessary custom cloud-init datasource.
+
+Therefore, whenever creating `AWSMachineTemplate` objects  `insecureSkipSecretsManager` must be set to true.
 
 ```yaml
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
