kubernetes-sigs
diff --git a/‎config/crd/bases/infrastructure.cluster.x-k8s.io_awsmachinepools.yaml‎
Lines changed: 49 additions & 0 deletions b/‎config/crd/bases/infrastructure.cluster.x-k8s.io_awsmachinepools.yaml‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎config/crd/bases/infrastructure.cluster.x-k8s.io_awsmanagedmachinepools.yaml‎
Lines changed: 49 additions & 0 deletions b/‎config/crd/bases/infrastructure.cluster.x-k8s.io_awsmanagedmachinepools.yaml‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎exp/api/v1beta1/conversion.go‎
Lines changed: 6 additions & 0 deletions b/‎exp/api/v1beta1/conversion.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎exp/api/v1beta1/zz_generated.conversion.go‎
Lines changed: 2 additions & 0 deletions b/‎exp/api/v1beta1/zz_generated.conversion.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎exp/api/v1beta2/awsmachinepool_types.go‎
Lines changed: 4 additions & 0 deletions b/‎exp/api/v1beta2/awsmachinepool_types.go‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎exp/api/v1beta2/awsmachinepool_webhook.go‎
Lines changed: 34 additions & 1 deletion b/‎exp/api/v1beta2/awsmachinepool_webhook.go‎
Lines changed: 34 additions & 1 deletion
diff --git a/‎exp/api/v1beta2/awsmachinepool_webhook_test.go‎
Lines changed: 28 additions & 0 deletions b/‎exp/api/v1beta2/awsmachinepool_webhook_test.go‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎exp/api/v1beta2/awsmanagedmachinepool_types.go‎
Lines changed: 4 additions & 0 deletions b/‎exp/api/v1beta2/awsmanagedmachinepool_types.go‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎exp/api/v1beta2/awsmanagedmachinepool_webhook.go‎
Lines changed: 10 additions & 0 deletions b/‎exp/api/v1beta2/awsmanagedmachinepool_webhook.go‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎exp/api/v1beta2/conditions_consts.go‎
Lines changed: 11 additions & 0 deletions b/‎exp/api/v1beta2/conditions_consts.go‎
Lines changed: 11 additions & 0 deletions
@@ -883,6 +883,55 @@ spec:
                   after it enters the InService state.
                   If no value is supplied by user a default value of 300 seconds is set
                 type: string
+              lifecycleHooks:
+                description: AWSLifecycleHooks specifies lifecycle hooks for the autoscaling
+                  group.
+                items:
+                  description: AWSLifecycleHook describes an AWS lifecycle hook
+                  properties:
+                    defaultResult:
+                      description: The default result for the lifecycle hook. The
+                        possible values are CONTINUE and ABANDON.
+                      enum:
+                      - CONTINUE
+                      - ABANDON
+                      type: string
+                    heartbeatTimeout:
+                      description: |-
+                        The maximum time, in seconds, that an instance can remain in a Pending:Wait or
+                        Terminating:Wait state. The maximum is 172800 seconds (48 hours) or 100 times
+                        HeartbeatTimeout, whichever is smaller.
+                      format: duration
+                      type: string
+                    lifecycleTransition:
+                      description: The state of the EC2 instance to which to attach
+                        the lifecycle hook.
+                      enum:
+                      - autoscaling:EC2_INSTANCE_LAUNCHING
+                      - autoscaling:EC2_INSTANCE_TERMINATING
+                      type: string
+                    name:
+                      description: The name of the lifecycle hook.
+                      type: string
+                    notificationMetadata:
+                      description: Contains additional metadata that will be passed
+                        to the notification target.
+                      type: string
+                    notificationTargetARN:
+                      description: |-
+                        The ARN of the notification target that Amazon EC2 Auto Scaling uses to
+                        notify you when an instance is in the transition state for the lifecycle hook.
+                      type: string
+                    roleARN:
+                      description: |-
+                        The ARN of the IAM role that allows the Auto Scaling group to publish to the
+                        specified notification target.
+                      type: string
+                  required:
+                  - lifecycleTransition
+                  - name
+                  type: object
+                type: array
               maxSize:
                 default: 1
                 description: MaxSize defines the maximum size of the group.
 
@@ -890,6 +890,55 @@ spec:
                   type: string
                 description: Labels specifies labels for the Kubernetes node objects
                 type: object
+              lifecycleHooks:
+                description: AWSLifecycleHooks specifies lifecycle hooks for the managed
+                  node group.
+                items:
+                  description: AWSLifecycleHook describes an AWS lifecycle hook
+                  properties:
+                    defaultResult:
+                      description: The default result for the lifecycle hook. The
+                        possible values are CONTINUE and ABANDON.
+                      enum:
+                      - CONTINUE
+                      - ABANDON
+                      type: string
+                    heartbeatTimeout:
+                      description: |-
+                        The maximum time, in seconds, that an instance can remain in a Pending:Wait or
+                        Terminating:Wait state. The maximum is 172800 seconds (48 hours) or 100 times
+                        HeartbeatTimeout, whichever is smaller.
+                      format: duration
+                      type: string
+                    lifecycleTransition:
+                      description: The state of the EC2 instance to which to attach
+                        the lifecycle hook.
+                      enum:
+                      - autoscaling:EC2_INSTANCE_LAUNCHING
+                      - autoscaling:EC2_INSTANCE_TERMINATING
+                      type: string
+                    name:
+                      description: The name of the lifecycle hook.
+                      type: string
+                    notificationMetadata:
+                      description: Contains additional metadata that will be passed
+                        to the notification target.
+                      type: string
+                    notificationTargetARN:
+                      description: |-
+                        The ARN of the notification target that Amazon EC2 Auto Scaling uses to
+                        notify you when an instance is in the transition state for the lifecycle hook.
+                      type: string
+                    roleARN:
+                      description: |-
+                        The ARN of the IAM role that allows the Auto Scaling group to publish to the
+                        specified notification target.
+                      type: string
+                  required:
+                  - lifecycleTransition
+                  - name
+                  type: object
+                type: array
               providerIDList:
                 description: |-
                   ProviderIDList are the provider IDs of instances in the
 
@@ -52,6 +52,9 @@ func (src *AWSMachinePool) ConvertTo(dstRaw conversion.Hub) error {
 	if restored.Spec.AvailabilityZoneSubnetType != nil {
 		dst.Spec.AvailabilityZoneSubnetType = restored.Spec.AvailabilityZoneSubnetType
 	}
+	if restored.Spec.AWSLifecycleHooks != nil {
+		dst.Spec.AWSLifecycleHooks = restored.Spec.AWSLifecycleHooks
+	}
 
 	if restored.Spec.AWSLaunchTemplate.PrivateDNSName != nil {
 		dst.Spec.AWSLaunchTemplate.PrivateDNSName = restored.Spec.AWSLaunchTemplate.PrivateDNSName
@@ -113,6 +116,9 @@ func (src *AWSManagedMachinePool) ConvertTo(dstRaw conversion.Hub) error {
 	if restored.Spec.AvailabilityZoneSubnetType != nil {
 		dst.Spec.AvailabilityZoneSubnetType = restored.Spec.AvailabilityZoneSubnetType
 	}
+	if restored.Spec.AWSLifecycleHooks != nil {
+		dst.Spec.AWSLifecycleHooks = restored.Spec.AWSLifecycleHooks
+	}
 
 	return nil
 }
 
@@ -101,6 +101,10 @@ type AWSMachinePoolSpec struct {
 	// SuspendProcesses defines a list of processes to suspend for the given ASG. This is constantly reconciled.
 	// If a process is removed from this list it will automatically be resumed.
 	SuspendProcesses *SuspendProcessesTypes `json:"suspendProcesses,omitempty"`
+
+	// AWSLifecycleHooks specifies lifecycle hooks for the autoscaling group.
+	// +optional
+	AWSLifecycleHooks []AWSLifecycleHook `json:"lifecycleHooks,omitempty"`
 }
 
 // SuspendProcessesTypes contains user friendly auto-completable values for suspended process names.
 
@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta2
 
 import (
+	"fmt"
 	"time"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -133,7 +134,6 @@ func (r *AWSMachinePool) validateAdditionalSecurityGroups() field.ErrorList {
 	}
 	return allErrs
 }
-
 func (r *AWSMachinePool) validateSpotInstances() field.ErrorList {
 	var allErrs field.ErrorList
 	if r.Spec.AWSLaunchTemplate.SpotMarketOptions != nil && r.Spec.MixedInstancesPolicy != nil {
@@ -162,6 +162,37 @@ func (r *AWSMachinePool) validateRefreshPreferences() field.ErrorList {
 	return allErrs
 }
 
+func (r *AWSMachinePool) validateLifecycleHooks() field.ErrorList {
+	return validateLifecycleHooks(r.Spec.AWSLifecycleHooks)
+}
+
+func validateLifecycleHooks(hooks []AWSLifecycleHook) field.ErrorList {
+	var allErrs field.ErrorList
+
+	for _, hook := range hooks {
+		if hook.Name == "" {
+			allErrs = append(allErrs, field.Required(field.NewPath("spec.lifecycleHooks.name"), "Name is required"))
+		}
+		if hook.NotificationTargetARN != nil && hook.RoleARN == nil {
+			allErrs = append(allErrs, field.Required(field.NewPath("spec.lifecycleHooks.roleARN"), "RoleARN is required if NotificationTargetARN is provided"))
+		}
+		if hook.RoleARN != nil && hook.NotificationTargetARN == nil {
+			allErrs = append(allErrs, field.Required(field.NewPath("spec.lifecycleHooks.notificationTargetARN"), "NotificationTargetARN is required if RoleARN is provided"))
+		}
+		if hook.LifecycleTransition != LifecycleTransitionInstanceLaunch && hook.LifecycleTransition != LifecycleTransitionInstanceTerminate {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec.lifecycleHooks.lifecycleTransition"), hook.LifecycleTransition, fmt.Sprintf("LifecycleTransition must be either %q or %q", LifecycleTransitionInstanceLaunch, LifecycleTransitionInstanceTerminate)))
+		}
+		if hook.DefaultResult != nil && (*hook.DefaultResult != DefaultResultContinue && *hook.DefaultResult != DefaultResultAbandon) {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec.lifecycleHooks.defaultResult"), *hook.DefaultResult, "DefaultResult must be either CONTINUE or ABANDON"))
+		}
+		if hook.HeartbeatTimeout != nil && (hook.HeartbeatTimeout.Seconds() < float64(30) || hook.HeartbeatTimeout.Seconds() > float64(172800)) {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec.lifecycleHooks.heartbeatTimeout"), *hook.HeartbeatTimeout, "HeartbeatTimeout must be between 30 and 172800 seconds"))
+		}
+	}
+
+	return allErrs
+}
+
 // ValidateCreate will do any extra validation when creating a AWSMachinePool.
 func (r *AWSMachinePool) ValidateCreate() (admission.Warnings, error) {
 	log.Info("AWSMachinePool validate create", "machine-pool", klog.KObj(r))
@@ -176,6 +207,7 @@ func (r *AWSMachinePool) ValidateCreate() (admission.Warnings, error) {
 	allErrs = append(allErrs, r.validateAdditionalSecurityGroups()...)
 	allErrs = append(allErrs, r.validateSpotInstances()...)
 	allErrs = append(allErrs, r.validateRefreshPreferences()...)
+	allErrs = append(allErrs, r.validateLifecycleHooks()...)
 
 	if len(allErrs) == 0 {
 		return nil, nil
@@ -198,6 +230,7 @@ func (r *AWSMachinePool) ValidateUpdate(_ runtime.Object) (admission.Warnings, e
 	allErrs = append(allErrs, r.validateAdditionalSecurityGroups()...)
 	allErrs = append(allErrs, r.validateSpotInstances()...)
 	allErrs = append(allErrs, r.validateRefreshPreferences()...)
+	allErrs = append(allErrs, r.validateLifecycleHooks()...)
 
 	if len(allErrs) == 0 {
 		return nil, nil
 
@@ -19,6 +19,7 @@ package v1beta2
 import (
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	. "github.com/onsi/gomega"
@@ -174,6 +175,33 @@ func TestAWSMachinePoolValidateCreate(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "Should fail if either roleARN or notifcationARN is set but not both",
+			pool: &AWSMachinePool{
+				Spec: AWSMachinePoolSpec{
+					AWSLifecycleHooks: []AWSLifecycleHook{
+						{
+							RoleARN: aws.String("role-arn"),
+						},
+					},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "Should fail if the heartbeat timeout is less than 30 seconds",
+			pool: &AWSMachinePool{
+				Spec: AWSMachinePoolSpec{
+					AWSLifecycleHooks: []AWSLifecycleHook{
+						{
+							RoleARN:          aws.String("role-arn"),
+							HeartbeatTimeout: &metav1.Duration{Duration: 29 * time.Second},
+						},
+					},
+				},
+			},
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 
@@ -159,6 +159,10 @@ type AWSManagedMachinePoolSpec struct {
 	// are prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html).
 	// +optional
 	AWSLaunchTemplate *AWSLaunchTemplate `json:"awsLaunchTemplate,omitempty"`
+
+	// AWSLifecycleHooks specifies lifecycle hooks for the managed node group.
+	// +optional
+	AWSLifecycleHooks []AWSLifecycleHook `json:"lifecycleHooks,omitempty"`
 }
 
 // ManagedMachinePoolScaling specifies scaling options.
 
@@ -138,6 +138,10 @@ func (r *AWSManagedMachinePool) validateLaunchTemplate() field.ErrorList {
 	return allErrs
 }
 
+func (r *AWSManagedMachinePool) validateLifecycleHooks() field.ErrorList {
+	return validateLifecycleHooks(r.Spec.AWSLifecycleHooks)
+}
+
 // ValidateCreate will do any extra validation when creating a AWSManagedMachinePool.
 func (r *AWSManagedMachinePool) ValidateCreate() (admission.Warnings, error) {
 	mmpLog.Info("AWSManagedMachinePool validate create", "managed-machine-pool", klog.KObj(r))
@@ -159,6 +163,9 @@ func (r *AWSManagedMachinePool) ValidateCreate() (admission.Warnings, error) {
 	if errs := r.validateLaunchTemplate(); len(errs) > 0 {
 		allErrs = append(allErrs, errs...)
 	}
+	if errs := r.validateLifecycleHooks(); len(errs) > 0 {
+		allErrs = append(allErrs, errs...)
+	}
 
 	allErrs = append(allErrs, r.Spec.AdditionalTags.Validate()...)
 
@@ -196,6 +203,9 @@ func (r *AWSManagedMachinePool) ValidateUpdate(old runtime.Object) (admission.Wa
 	if errs := r.validateLaunchTemplate(); len(errs) > 0 {
 		allErrs = append(allErrs, errs...)
 	}
+	if errs := r.validateLifecycleHooks(); len(errs) > 0 {
+		allErrs = append(allErrs, errs...)
+	}
 
 	if len(allErrs) == 0 {
 		return nil, nil
 
@@ -54,6 +54,17 @@ const (
 	InstanceRefreshNotReadyReason = "InstanceRefreshNotReady"
 	// InstanceRefreshFailedReason used to report when there instance refresh is not initiated.
 	InstanceRefreshFailedReason = "InstanceRefreshFailed"
+
+	// LifecycleHookReadyCondition reports on the status of the lifecycle hook.
+	LifecycleHookReadyCondition clusterv1.ConditionType = "LifecycleHookReady"
+	// LifecycleHookNotFoundReason used when the lifecycle hook couldn't be retrieved.
+	LifecycleHookNotFoundReason = "LifecycleHookNotFound"
+	// LifecycleHookCreationFailedReason used for failures during lifecycle hook creation.
+	LifecycleHookCreationFailedReason = "LifecycleHookCreationFailed"
+	// LifecycleHookUpdateFailedReason used for failures during lifecycle hook update.
+	LifecycleHookUpdateFailedReason = "LifecycleHookUpdateFailed"
+	// LifecycleHookDeletionFailedReason used for failures during lifecycle hook deletion.
+	LifecycleHookDeletionFailedReason = "LifecycleHookDeletionFailed"
 )
 
 const (
Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,9 @@ func (src *AWSMachinePool) ConvertTo(dstRaw conversion.Hub) error {`
`52`	`52`	`if restored.Spec.AvailabilityZoneSubnetType != nil {`
`53`	`53`	`dst.Spec.AvailabilityZoneSubnetType = restored.Spec.AvailabilityZoneSubnetType`
`54`	`54`	`}`
	`55`	`+ if restored.Spec.AWSLifecycleHooks != nil {`
	`56`	`+ dst.Spec.AWSLifecycleHooks = restored.Spec.AWSLifecycleHooks`
	`57`	`+ }`
`55`	`58`
`56`	`59`	`if restored.Spec.AWSLaunchTemplate.PrivateDNSName != nil {`
`57`	`60`	`dst.Spec.AWSLaunchTemplate.PrivateDNSName = restored.Spec.AWSLaunchTemplate.PrivateDNSName`
`@@ -113,6 +116,9 @@ func (src *AWSManagedMachinePool) ConvertTo(dstRaw conversion.Hub) error {`
`113`	`116`	`if restored.Spec.AvailabilityZoneSubnetType != nil {`
`114`	`117`	`dst.Spec.AvailabilityZoneSubnetType = restored.Spec.AvailabilityZoneSubnetType`
`115`	`118`	`}`
	`119`	`+ if restored.Spec.AWSLifecycleHooks != nil {`
	`120`	`+ dst.Spec.AWSLifecycleHooks = restored.Spec.AWSLifecycleHooks`
	`121`	`+ }`
`116`	`122`
`117`	`123`	`return nil`
`118`	`124`	`}`