feat: Pull in EKS APIs

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmachine_types.go

@@ -29,6 +29,16 @@ const (
 
 	// DefaultIgnitionVersion represents default Ignition version generated for machine userdata.
 	DefaultIgnitionVersion = "2.3"
+
+	// DefaultIgnitionStorageType represents the default storage type of Ignition userdata
+	DefaultIgnitionStorageType = IgnitionStorageTypeOptionClusterObjectStore
+
+	// DefaultMachinePoolIgnitionStorageType represents the default storage type of Ignition userdata for machine pools.
+	//
+	// This is only different from DefaultIgnitionStorageType because of backward compatibility. Machine pools used to
+	// default to store Ignition user data directly on the EC2 instance. Since the choice between remote storage (S3)
+	// and direct storage was introduced, the default was kept, but might change in newer API versions.
+	DefaultMachinePoolIgnitionStorageType = IgnitionStorageTypeOptionUnencryptedUserData
 )
 
 // SecretBackend defines variants for backend secret storage.
@@ -64,6 +74,8 @@ const (
 )
 
 // AWSMachineSpec defines the desired state of an Amazon EC2 instance.
+// +kubebuilder:validation:XValidation:rule="!has(self.capacityReservationId) || !has(self.marketType) || self.marketType != 'Spot'",message="capacityReservationId may not be set when marketType is Spot"
+// +kubebuilder:validation:XValidation:rule="!has(self.capacityReservationId) || !has(self.spotMarketOptions)",message="capacityReservationId cannot be set when spotMarketOptions is specified"
 type AWSMachineSpec struct {
 	// ProviderID is the unique identifier as specified by the cloud provider.
 	ProviderID *string `json:"providerID,omitempty"`

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmanagedclustertemplate_types.go

@@ -0,0 +1,56 @@
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// AWSManagedClusterTemplateSpec defines the desired state of AWSManagedClusterTemplate.
+type AWSManagedClusterTemplateSpec struct {
+	Template AWSManagedClusterTemplateResource `json:"template"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=awsmanagedclustertemplates,scope=Namespaced,categories=cluster-api,shortName=amct
+// +kubebuilder:storageversion
+
+// AWSManagedClusterTemplate is the Schema for the AWSManagedClusterTemplates API.
+type AWSManagedClusterTemplate struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec AWSManagedClusterTemplateSpec `json:"spec,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// AWSManagedClusterTemplateList contains a list of AWSManagedClusterTemplates.
+type AWSManagedClusterTemplateList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []AWSManagedClusterTemplate `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&AWSManagedClusterTemplate{}, &AWSManagedClusterTemplateList{})
+}
+
+// AWSManagedClusterTemplateResource describes the data needed to create an AWSManagedCluster from a template.
+type AWSManagedClusterTemplateResource struct {
+	Spec AWSManagedClusterSpec `json:"spec"`
+}

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/network_types.go

@@ -21,8 +21,8 @@ import (
 	"sort"
 	"time"
 
+	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/ec2"
 	"k8s.io/utils/ptr"
 )
 
@@ -207,6 +207,14 @@ type TargetGroupAttribute string
 var (
 	// TargetGroupAttributeEnablePreserveClientIP defines the attribute key for enabling preserve client IP.
 	TargetGroupAttributeEnablePreserveClientIP = "preserve_client_ip.enabled"
+
+	// TargetGroupAttributeEnableConnectionTermination defines the attribute key for terminating
+	// established connections to unhealthy targets.
+	TargetGroupAttributeEnableConnectionTermination = "target_health_state.unhealthy.connection_termination.enabled"
+
+	// TargetGroupAttributeUnhealthyDrainingIntervalSeconds defines the attribute key for the
+	// unhealthy target connection draining interval.
+	TargetGroupAttributeUnhealthyDrainingIntervalSeconds = "target_health_state.unhealthy.draining_interval_seconds"
 )
 
 // LoadBalancerAttribute defines a set of attributes for a V2 load balancer.
@@ -352,6 +360,10 @@ type NetworkSpec struct {
 	// +optional
 	AdditionalControlPlaneIngressRules []IngressRule `json:"additionalControlPlaneIngressRules,omitempty"`
 
+	// AdditionalNodeIngressRules is an optional set of ingress rules to add to every node
+	// +optional
+	AdditionalNodeIngressRules []IngressRule `json:"additionalNodeIngressRules,omitempty"`
+
 	// NodePortIngressRuleCidrBlocks is an optional set of CIDR blocks to allow traffic to nodes' NodePort services.
 	// If none are specified here, all IPs are allowed to connect.
 	// +optional
@@ -655,11 +667,11 @@ func (s *SubnetSpec) IsEdgeWavelength() bool {
 }
 
 // SetZoneInfo updates the subnets with zone information.
-func (s *SubnetSpec) SetZoneInfo(zones []*ec2.AvailabilityZone) error {
-	zoneInfo := func(zoneName string) *ec2.AvailabilityZone {
+func (s *SubnetSpec) SetZoneInfo(zones []types.AvailabilityZone) error {
+	zoneInfo := func(zoneName string) *types.AvailabilityZone {
 		for _, zone := range zones {
 			if aws.StringValue(zone.ZoneName) == zoneName {
-				return zone
+				return &zone
 			}
 		}
 		return nil
@@ -814,7 +826,7 @@ func (s Subnets) GetUniqueZones() []string {
 }
 
 // SetZoneInfo updates the subnets with zone information.
-func (s Subnets) SetZoneInfo(zones []*ec2.AvailabilityZone) error {
+func (s Subnets) SetZoneInfo(zones []types.AvailabilityZone) error {
 	for i := range s {
 		if err := s[i].SetZoneInfo(zones); err != nil {
 			return err

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/tags.go

@@ -195,6 +195,12 @@ const (
 	// of the bootstrap secret that was used to create the user data for the latest launch
 	// template version.
 	LaunchTemplateBootstrapDataSecret = NameAWSProviderPrefix + "bootstrap-data-secret"
+
+	// LaunchTemplateBootstrapDataHash is the tag we use to store the hash of the raw bootstrap data.
+	// If bootstrap data is stored in S3, this hash relates to that data, not to the EC2 instance
+	// user data which only references the S3 object. We store this tag on launch template versions
+	// so that S3 bootstrap data objects can be deleted when they get outdated.
+	LaunchTemplateBootstrapDataHash = NameAWSProviderPrefix + "bootstrap-data-hash"
 )
 
 // ClusterTagKey generates the key for resources associated with a cluster.

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/condition_consts.go

@@ -0,0 +1,50 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta2
+
+import clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+
+// Conditions and condition Reasons for the EKSConfig object
+// FROM: https://github.com/kubernetes-sigs/cluster-api/blob/main/bootstrap/kubeadm/api/v1beta1/condition_consts.go
+
+const (
+	// DataSecretAvailableCondition documents the status of the bootstrap secret generation process.
+	//
+	// NOTE: When the DataSecret generation starts the process completes immediately and within the
+	// same reconciliation, so the user will always see a transition from Wait to Generated without having
+	// evidence that BootstrapSecret generation is started/in progress.
+	DataSecretAvailableCondition clusterv1.ConditionType = "DataSecretAvailable"
+
+	// DataSecretGenerationFailedReason (Severity=Warning) documents a EKSConfig controller detecting
+	// an error while generating a data secret; those kind of errors are usually due to misconfigurations
+	// and user intervention is required to get them fixed.
+	DataSecretGenerationFailedReason = "DataSecretGenerationFailed"
+
+	// WaitingForClusterInfrastructureReason (Severity=Info) document a bootstrap secret generation process
+	// waiting for the cluster infrastructure to be ready.
+	//
+	// NOTE: Having the cluster infrastructure ready is a pre-condition for starting to create machines;
+	// the EKSConfig controller ensure this pre-condition is satisfied.
+	WaitingForClusterInfrastructureReason = "WaitingForClusterInfrastructure"
+
+	// WaitingForControlPlaneInitializationReason (Severity=Info) documents a bootstrap secret generation process
+	// waiting for the control plane to be initialized.
+	//
+	// NOTE: This is a pre-condition for starting to create machines;
+	// the EKSConfig controller ensure this pre-condition is satisfied.
+	WaitingForControlPlaneInitializationReason = "WaitingForControlPlaneInitialization"
+)

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/conversion.go

@@ -0,0 +1,29 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta2
+
+// Hub marks EKSConfig as a conversion hub.
+func (*EKSConfig) Hub() {}
+
+// Hub marks EKSConfigList as a conversion hub.
+func (*EKSConfigList) Hub() {}
+
+// Hub marks EKSConfigTemplate as a conversion hub.
+func (*EKSConfigTemplate) Hub() {}
+
+// Hub marks EKSConfigTemplateList as a conversion hub.
+func (*EKSConfigTemplateList) Hub() {}

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/doc.go

@@ -0,0 +1,21 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1beta2 contains API Schema definitions for the Amazon EKS Bootstrap v1beta2 API group.
+// +gencrdrefdocs:force //nolint: revive
+// +groupName=bootstrap.cluster.x-k8s.io
+// +k8s:conversion-gen=sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta1
+package v1beta2