kubernetes-sigs · afarbos · Jul 31, 2025 · serngawy · Oct 1, 2025 · afarbos
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_awsmanagedmachinepools.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_awsmanagedmachinepools.yaml
@@ -987,6 +987,17 @@ spec:
                   - name
                   type: object
                 type: array
+              nodeRepairConfig:
+                description: NodeRepairConfig specifies the node auto repair configuration
+                  for the managed node group.
+                properties:
+                  enabled:
+                    default: false
+                    description: |-
+                      Enabled specifies whether node auto repair is enabled for the node group.
+                      When enabled, EKS will automatically repair unhealthy nodes by replacing them.
+                    type: boolean
+                type: object
               providerIDList:
                 description: |-
                   ProviderIDList are the provider IDs of instances in the

diff --git a/exp/api/v1beta1/conversion.go b/exp/api/v1beta1/conversion.go
@@ -149,6 +149,10 @@ func (src *AWSManagedMachinePool) ConvertTo(dstRaw conversion.Hub) error {
 	dst.Spec.RolePath = restored.Spec.RolePath
 	dst.Spec.RolePermissionsBoundary = restored.Spec.RolePermissionsBoundary
 
+	if restored.Spec.NodeRepairConfig != nil {
+		dst.Spec.NodeRepairConfig = restored.Spec.NodeRepairConfig
+	}
+
 	return nil
 }
 

diff --git a/exp/api/v1beta1/zz_generated.conversion.go b/exp/api/v1beta1/zz_generated.conversion.go
diff --git a/exp/api/v1beta2/awsmanagedmachinepool_types.go b/exp/api/v1beta2/awsmanagedmachinepool_types.go
@@ -214,6 +214,10 @@ type AWSManagedMachinePoolSpec struct {
 	// AWSLifecycleHooks specifies lifecycle hooks for the managed node group.
 	// +optional
 	AWSLifecycleHooks []AWSLifecycleHook `json:"lifecycleHooks,omitempty"`
+
+	// NodeRepairConfig specifies the node auto repair configuration for the managed node group.
+	// +optional
+	NodeRepairConfig *NodeRepairConfig `json:"nodeRepairConfig,omitempty"`
 }
 
 // ManagedMachinePoolScaling specifies scaling options.
@@ -297,6 +301,15 @@ type AWSManagedMachinePoolStatus struct {
 	Conditions clusterv1.Conditions `json:"conditions,omitempty"`
 }
 
+// NodeRepairConfig defines the node auto repair configuration for managed node groups.
+type NodeRepairConfig struct {
+	// Enabled specifies whether node auto repair is enabled for the node group.
+	// When enabled, EKS will automatically repair unhealthy nodes by replacing them.
+	// +optional
+	// +kubebuilder:default=false
+	Enabled *bool `json:"enabled,omitempty"`
+}
+
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:path=awsmanagedmachinepools,scope=Namespaced,categories=cluster-api,shortName=awsmmp
 // +kubebuilder:storageversion

diff --git a/exp/api/v1beta2/zz_generated.deepcopy.go b/exp/api/v1beta2/zz_generated.deepcopy.go
diff --git a/pkg/cloud/converters/eks.go b/pkg/cloud/converters/eks.go
@@ -217,6 +217,20 @@ func NodegroupUpdateconfigFromSDK(ngUpdateConfig *ekstypes.NodegroupUpdateConfig
 	return converted
 }
 
+// NodeRepairConfigToSDK is used to convert a CAPA NodeRepairConfig to AWS SDK NodeRepairConfig.
+func NodeRepairConfigToSDK(repairConfig *expinfrav1.NodeRepairConfig) *ekstypes.NodeRepairConfig {
+	if repairConfig == nil {
+		// Default to disabled if not specified to avoid behavior changes
+		return &ekstypes.NodeRepairConfig{
+			Enabled: aws.Bool(false),
+		}
+	}
+
+	return &ekstypes.NodeRepairConfig{
+		Enabled: repairConfig.Enabled,
+	}
+}
+
 // AMITypeToSDK converts a CAPA ManagedMachineAMIType to AWS SDK AMIType.
 func AMITypeToSDK(amiType expinfrav1.ManagedMachineAMIType) ekstypes.AMITypes {
 	switch amiType {

diff --git a/pkg/cloud/converters/eks_test.go b/pkg/cloud/converters/eks_test.go
@@ -0,0 +1,65 @@
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package converters
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	ekstypes "github.com/aws/aws-sdk-go-v2/service/eks/types"
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
+
+	expinfrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/exp/api/v1beta2"
+)
+
+func TestNodeRepairConfigToSDK(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    *expinfrav1.NodeRepairConfig
+		expected *ekstypes.NodeRepairConfig
+	}{
+		{
+			name:     "nil input returns default disabled",
+			input:    nil,
+			expected: &ekstypes.NodeRepairConfig{Enabled: aws.Bool(false)},
+		},
+		{
+			name: "enabled repair config",
+			input: &expinfrav1.NodeRepairConfig{
+				Enabled: aws.Bool(true),
+			},
+			expected: &ekstypes.NodeRepairConfig{Enabled: aws.Bool(true)},
+		},
+		{
+			name: "disabled repair config",
+			input: &expinfrav1.NodeRepairConfig{
+				Enabled: aws.Bool(false),
+			},
+			expected: &ekstypes.NodeRepairConfig{Enabled: aws.Bool(false)},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := NodeRepairConfigToSDK(tt.input)
+			if !cmp.Equal(result, tt.expected, cmpopts.IgnoreUnexported(ekstypes.NodeRepairConfig{})) {
+				t.Errorf("NodeRepairConfigToSDK() diff (-want +got):\n%s", cmp.Diff(tt.expected, result, cmpopts.IgnoreUnexported(ekstypes.NodeRepairConfig{})))
+			}
+		})
+	}
+}
diff --git a/pkg/cloud/services/eks/nodegroup.go b/pkg/cloud/services/eks/nodegroup.go
@@ -28,6 +28,7 @@ import (
 	ekstypes "github.com/aws/aws-sdk-go-v2/service/eks/types"
 	iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
 	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/pkg/errors"
 	"k8s.io/apimachinery/pkg/util/version"
 
@@ -119,6 +120,11 @@ func (s *NodegroupService) updateConfig() (*ekstypes.NodegroupUpdateConfig, erro
 	return converters.NodegroupUpdateconfigToSDK(updateConfig)
 }
 
+func (s *NodegroupService) nodeRepairConfig() *ekstypes.NodeRepairConfig {
+	repairConfig := s.scope.ManagedMachinePool.Spec.NodeRepairConfig
+	return converters.NodeRepairConfigToSDK(repairConfig)
+}
+
 func (s *NodegroupService) roleArn(ctx context.Context) (*string, error) {
 	var role *iamtypes.Role
 	if s.scope.RoleName() != "" {
@@ -249,6 +255,9 @@ func (s *NodegroupService) createNodegroup(ctx context.Context) (*ekstypes.Nodeg
 			Version: s.scope.ManagedMachinePool.Status.LaunchTemplateVersion,
 		}
 	}
+	if managedPool.NodeRepairConfig != nil {
+		input.NodeRepairConfig = s.nodeRepairConfig()
+	}
 
 	out, err := s.EKSClient.CreateNodegroup(ctx, input)
 	if err != nil {
@@ -480,6 +489,14 @@ func (s *NodegroupService) reconcileNodegroupConfig(ctx context.Context, ng *eks
 		input.UpdateConfig = updatedConfig
 		needsUpdate = true
 	}
+
+	specRepairConfig := s.nodeRepairConfig()
+	if !cmp.Equal(ng.NodeRepairConfig, specRepairConfig, cmpopts.IgnoreUnexported(ekstypes.NodeRepairConfig{})) {
+		s.Debug("Nodegroup repair configuration differs from spec, updating the nodegroup repair config", "nodegroup", ng.NodegroupName)
+		input.NodeRepairConfig = specRepairConfig
+		needsUpdate = true
+	}
+
 	if !needsUpdate {
 		s.Debug("node group config update not needed", "cluster", eksClusterName, "name", *ng.NodegroupName)
 		return nil

diff --git a/test/e2e/data/eks/cluster-template-eks-managed-machinepool-only.yaml b/test/e2e/data/eks/cluster-template-eks-managed-machinepool-only.yaml
@@ -25,3 +25,5 @@ spec:
     maxSize: 2
   updateConfig:
     maxUnavailable: 2
+  nodeRepairConfig:
+    enabled: false