Allow disabling controllers

Start with "unmanaged", or non-hosted control planes.

Other controllers that can be optional, such as the EKS, ROSA, and
MachinePool ones, are currently managed with feature flags. When they
graudate, they should be controlled by the `--disable-controllers` flag.

Author: nrb

controllers/disabled_controllers.go

@@ -0,0 +1,65 @@
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+	"fmt"
+	"strings"
+)
+
+// TODO: EKS and ROSA are excluded from this list for the time being because they are behind feature gates.
+// They should be added to this list when they graduate.
+const (
+	Unmanaged = "unmanaged"
+)
+
+// disabledControllers tracks which controllers are disabled.
+// A value of `false` (default) means a controller is _enabled_.
+var disabledControllers = map[string]bool{
+	Unmanaged: false,
+}
+
+var notValidErr = "%q is not a valid controller name"
+
+// IsDisabled checks if a controller is disabled.
+// If the name provided is not in the map, this will return 'false'.
+func IsDisabled(name string) bool {
+	return disabledControllers[name]
+}
+
+// GetValidNames returns a list of controller names that are valid to disable.
+func GetValidNames() []string {
+	ret := make([]string, 0, len(disabledControllers))
+	for name := range disabledControllers {
+		ret = append(ret, name)
+	}
+	return ret
+}
+
+// ValidateNamesAndDisable validates a list of controller names against the known set, and disables valid names.
+func ValidateNamesAndDisable(names []string) error {
+	// This list is not de-deduplicated, so in someone could specify valid names multiple times.
+	for _, n := range names {
+		// Make sure we're doing a case-insensitive comaparison
+		name := strings.ToLower(n)
+		if _, ok := disabledControllers[name]; !ok {
+			return fmt.Errorf(notValidErr, name)
+		}
+		disabledControllers[name] = true
+	}
+	return nil
+}

controllers/disabled_controllers_unit_test.go

@@ -0,0 +1,84 @@
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+	"slices"
+	"testing"
+
+	. "github.com/onsi/gomega"
+)
+
+func TestIsDisabled(t *testing.T) {
+	g := NewWithT(t)
+	defer resetDefaults()
+
+	// Valid names default to false
+	g.Expect(IsDisabled(Unmanaged)).To(BeFalse(), "unmanaged should default to false")
+
+	// Invalid names are also false
+	g.Expect(IsDisabled("eks")).To(BeFalse(), "invalid controller name eks should report disabled")
+	g.Expect(IsDisabled("rosa")).To(BeFalse(), "invalid controller name rosa should report disabled")
+
+	// Disable the known names
+	disabledControllers = map[string]bool{
+		Unmanaged: true,
+	}
+
+	// Valid names
+	g.Expect(IsDisabled(Unmanaged)).To(BeTrue(), "unmanaged should have been disabled")
+
+	// Invalid names are still false
+	g.Expect(IsDisabled("eks")).To(BeFalse(), "invalid controller name eks should report disabled")
+	g.Expect(IsDisabled("rosa")).To(BeFalse(), "invalid controller name rosa should report disabled")
+}
+
+func TestGetValidNames(t *testing.T) {
+	g := NewWithT(t)
+	defer resetDefaults()
+
+	actual := GetValidNames()
+	// Make sure we have a stable order for testing
+	slices.Sort(actual)
+
+	g.Expect(actual).To(Equal([]string{
+		Unmanaged,
+	}), "should only have 1 name")
+}
+
+func TestValidateNames(t *testing.T) {
+	g := NewWithT(t)
+	defer resetDefaults()
+
+	// Valid set of names. Will mutate the map.
+	err := ValidateNamesAndDisable([]string{Unmanaged})
+	g.Expect(err).To(BeNil())
+	g.Expect(disabledControllers[Unmanaged]).To(BeTrue(), "should disable valid name unmanaged")
+
+	// TODO: This test should fail and require updating when EKS and ROSA controllers graduate.
+	err = ValidateNamesAndDisable([]string{"eks", "rosa"})
+	g.Expect(err.Error()).To(ContainSubstring("eks"), "should error on first invalid entry")
+	g.Expect(disabledControllers[Unmanaged]).To(BeTrue(), "should not change existing key unmanaged")
+	g.Expect(disabledControllers["eks"]).To(BeFalse(), "eks should not be in the default map")
+}
+
+// resetDefaults returns the disabledControllers map to expected default state.
+func resetDefaults() {
+	disabledControllers = map[string]bool{
+		Unmanaged: false,
+	}
+}

docs/proposal/20250314-optional-controllers.md

@@ -0,0 +1,75 @@
+# Problem
+
+EKS and ROSA are implemented in (relatively) standalone sets of controllers. These are currently grouped with the associated feature gates.
+
+However, the feature gate mechanism has no specifier for GA, meaning that both implementations have stayed in beta.
+
+This proposal supercedes `docs/proposal/20250314-optional-controllers.md`.
+
+# Background
+
+Cluster API Provider for AWS offers a `--feature-flags` argument to manage introduction of new features.
+
+This allows features to move through `alpha` and `beta` phases, but there is not currently a defined path to general availability.
+
+Specifically of interest is controllers for the `EKS` and ROSA`, which offer optional features to the program.
+
+This proposal focuses on how these controllers could be grouped in order to remain optional, while also giving a path to GA.
+
+## Goals
+
+ - Allow features spanning groups of controllers to graduate, while also remaining optional
+
+## Non-goals
+
+ - Provide a generalized path to general availbility
+
+
+## Proposed solution
+
+Introduce a new argument, `--disable-controllers`, which allows controllers to be logically grouped as feature sets and turned on and off independently.
+
+The groups and their disabled status will be tracked in a map within a private module, and can be queried via exposed functions.
+
+The map's structure and functions would be as follows.
+
+```go
+var disabledControllers = map[string]bool{
+    ControllerGroupName: false,
+}
+
+// IsDisabled checks if a controller is disabled.
+// If the name provided is not in the map, this will return 'false'.
+func IsDisabled(name string) bool
+
+// GetValidNames returns a list of controller names that are valid to disable.
+// Note: these are the entries in the `disabledControllers` variable.
+// Used for error and help messages 
+func GetValidNames() []string
+
+// ValidateNamesAndDisable validates a list of controller names against the known set, and disables valid names.
+func ValidateNamesAndDisable(names []string) error
+```
+
+Within `main.go`, `ValidateNamesAndDisable` will check against the contents of the `--disable-controllers` slice.
+Valid entires will then be marked as `true`, indicating they are disabled.
+
+Before initializing a controller or group of controllers, `IsDisabled` can be checked to determine whether or not they should register with the manager and start.
+
+If a controller is disabled, a log message indicating it is disabled should be emitted.
+This will aid users in troubleshooting, should the deployment behave unexpectedly.
+
+## Logical groups
+
+EKS and ROSA are currently behind feature gate checks.
+These checks can be updated to instead use `IsDisabled` and entries within the `disabledControllers` map can be made.
+
+## Core controllers and alternatives
+
+The proposal `2025-01-07-aws-self-managed-feature-gates.md` was merged and planned to add `AWSMachine` and `AWSCluster` feature gates.
+This merged with lazy concensus and the implementation was proposed in [PR #5284](https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/5284).
+
+However, maintainers were opposed to moving these core controllers into feature gates, which would have put them into a permanent pre-GA phase.
+This leads to a conflict between the implementation and the proposal, which was indeed accepted.
+
+This current proposal includes the ability to disable `AWSMachine` and `AWSCluster` as a compromise, using the `unmanaged` set; it achieves the goals of the original proposal, while addressing the objections to the proposed implementation.

main.go

@@ -25,6 +25,7 @@ import (
 	"net/http"
 	_ "net/http/pprof"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/spf13/pflag"
@@ -109,6 +110,7 @@ var (
 	webhookCertDir              string
 	healthAddr                  string
 	serviceEndpoints            string
+	disabledControllers         []string
 
 	// maxEKSSyncPeriod is the maximum allowed duration for the sync-period flag when using EKS. It is set to 10 minutes
 	// because during resync it will create a new AWS auth token which can a maximum life of 15 minutes and this ensures
@@ -130,6 +132,11 @@ func main() {
 	pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
 	pflag.Parse()
 
+	if err := controllers.ValidateNamesAndDisable(disabledControllers); err != nil {
+		setupLog.Error(err, "unable to validate disabled controller names")
+		os.Exit(1)
+	}
+
 	if err := v1.ValidateAndApply(logOptions, nil); err != nil {
 		setupLog.Error(err, "unable to validate and apply log options")
 		os.Exit(1)
@@ -298,29 +305,36 @@ func main() {
 func setupReconcilersAndWebhooks(ctx context.Context, mgr ctrl.Manager, awsServiceEndpoints []scope.ServiceEndpoint,
 	externalResourceGC, alternativeGCStrategy bool,
 ) {
-	if err := (&controllers.AWSMachineReconciler{
-		Client:                       mgr.GetClient(),
-		Log:                          ctrl.Log.WithName("controllers").WithName("AWSMachine"),
-		Recorder:                     mgr.GetEventRecorderFor("awsmachine-controller"),
-		Endpoints:                    awsServiceEndpoints,
-		WatchFilterValue:             watchFilterValue,
-		TagUnmanagedNetworkResources: feature.Gates.Enabled(feature.TagUnmanagedNetworkResources),
-	}).SetupWithManager(ctx, mgr, controller.Options{MaxConcurrentReconciles: awsMachineConcurrency, RecoverPanic: ptr.To[bool](true)}); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "AWSMachine")
-		os.Exit(1)
-	}
+	// Default case - unmanaged controllers are enabled.
+	if !controllers.IsDisabled(controllers.Unmanaged) {
+		if err := (&controllers.AWSMachineReconciler{
+			Client:                       mgr.GetClient(),
+			Log:                          ctrl.Log.WithName("controllers").WithName("AWSMachine"),
+			Recorder:                     mgr.GetEventRecorderFor("awsmachine-controller"),
+			Endpoints:                    awsServiceEndpoints,
+			WatchFilterValue:             watchFilterValue,
+			TagUnmanagedNetworkResources: feature.Gates.Enabled(feature.TagUnmanagedNetworkResources),
+		}).SetupWithManager(ctx, mgr, controller.Options{MaxConcurrentReconciles: awsMachineConcurrency, RecoverPanic: ptr.To[bool](true)}); err != nil {
+			setupLog.Error(err, "unable to create controller", "controller", "AWSMachine")
+			os.Exit(1)
+		}
+		setupLog.Info("controller disabled", "controller", "AWSMachine", "congrollerGroup", controllers.Unmanaged)
 
-	if err := (&controllers.AWSClusterReconciler{
-		Client:                       mgr.GetClient(),
-		Recorder:                     mgr.GetEventRecorderFor("awscluster-controller"),
-		Endpoints:                    awsServiceEndpoints,
-		WatchFilterValue:             watchFilterValue,
-		ExternalResourceGC:           externalResourceGC,
-		AlternativeGCStrategy:        alternativeGCStrategy,
-		TagUnmanagedNetworkResources: feature.Gates.Enabled(feature.TagUnmanagedNetworkResources),
-	}).SetupWithManager(ctx, mgr, controller.Options{MaxConcurrentReconciles: awsClusterConcurrency, RecoverPanic: ptr.To[bool](true)}); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "AWSCluster")
-		os.Exit(1)
+		if err := (&controllers.AWSClusterReconciler{
+			Client:                       mgr.GetClient(),
+			Recorder:                     mgr.GetEventRecorderFor("awscluster-controller"),
+			Endpoints:                    awsServiceEndpoints,
+			WatchFilterValue:             watchFilterValue,
+			ExternalResourceGC:           externalResourceGC,
+			AlternativeGCStrategy:        alternativeGCStrategy,
+			TagUnmanagedNetworkResources: feature.Gates.Enabled(feature.TagUnmanagedNetworkResources),
+		}).SetupWithManager(ctx, mgr, controller.Options{MaxConcurrentReconciles: awsClusterConcurrency, RecoverPanic: ptr.To[bool](true)}); err != nil {
+			setupLog.Error(err, "unable to create controller", "controller", "AWSCluster")
+			os.Exit(1)
+		}
+	} else {
+		setupLog.Info("controller disabled", "controller", "AWSMachine", "congrollerGroup", controllers.Unmanaged)
+		setupLog.Info("controller disabled", "controller", "AWSCluster", "controller-group", controllers.Unmanaged)
 	}
 
 	if feature.Gates.Enabled(feature.MachinePool) {
@@ -594,7 +608,7 @@ func initFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&serviceEndpoints,
 		"service-endpoints",
 		"",
-		"Set custom AWS service endpoins in semi-colon separated format: ${SigningRegion1}:${ServiceID1}=${URL},${ServiceID2}=${URL};${SigningRegion2}...",
+		"Set custom AWS service endpoints in semi-colon separated format: ${SigningRegion1}:${ServiceID1}=${URL},${ServiceID2}=${URL};${SigningRegion2}...",
 	)
 
 	fs.StringVar(
@@ -604,6 +618,13 @@ func initFlags(fs *pflag.FlagSet) {
 		fmt.Sprintf("Label value that the controller watches to reconcile cluster-api objects. Label key is always %s. If unspecified, the controller watches for all cluster-api objects.", clusterv1.WatchLabel),
 	)
 
+	fs.StringSliceVar(
+		&disabledControllers,
+		"disable-controllers",
+		nil,
+		fmt.Sprintf("Sets of controllers that should be disabled for this instance of the controller manager in a comma-separated list. Options are: %q", strings.Join(controllers.GetValidNames(), ",")),
+	)
+
 	logs.AddFlags(fs, logs.SkipLoggingConfigurationFlags())
 	v1.AddFlags(logOptions, fs)