feat: deploy AWS Load Balancer controller in EKS clusters

charts/cluster-api-runtime-extensions-nutanix/README.md

@@ -46,6 +46,8 @@ A Helm chart for cluster-api-runtime-extensions-nutanix
 | helmRepository.securityContext.fsGroup | int | `65532` |  |
 | helmRepository.securityContext.runAsGroup | int | `65532` |  |
 | helmRepository.securityContext.runAsUser | int | `65532` |  |
+| hooks.addons.awsLoadBalancerController.defaultValueTemplateConfigMap.create | bool | `true` |  |
+| hooks.addons.awsLoadBalancerController.defaultValueTemplateConfigMap.name | string | `"default-aws-load-balancer-controller-helm-values-template"` |  |
 | hooks.ccm.aws.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.ccm.aws.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-aws-ccm-helm-values-template"` |  |
 | hooks.ccm.aws.k8sMinorVersionToCCMVersion."1.30" | string | `"v1.30.8"` |  |

charts/cluster-api-runtime-extensions-nutanix/addons/aws-load-balancer-controller/values-template.yaml

@@ -0,0 +1 @@
+clusterName: "{{ .ControlPlane.spec.eksClusterName }}"

charts/cluster-api-runtime-extensions-nutanix/templates/addons/aws-load-balancer-controller/helm-addon-installation.yaml

@@ -0,0 +1,12 @@
+# Copyright 2025 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.hooks.addons.awsLoadBalancerController.defaultValueTemplateConfigMap.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: '{{ .Values.hooks.addons.awsLoadBalancerController.defaultValueTemplateConfigMap.name }}'
+data:
+  values.yaml: |-
+    {{- .Files.Get "addons/aws-load-balancer-controller/values-template.yaml" | nindent 4 }}
+{{- end -}}

charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml

@@ -15,6 +15,10 @@ data:
     ChartName: aws-ebs-csi-driver
     ChartVersion: 2.48.0
     RepositoryURL: '{{ if .Values.helmRepository.enabled }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://kubernetes-sigs.github.io/aws-ebs-csi-driver{{ end }}'
+  aws-load-balancer-controller: |
+    ChartName: aws-load-balancer-controller
+    ChartVersion: 1.13.4
+    RepositoryURL: '{{ if .Values.helmRepository.enabled }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://aws.github.io/eks-charts{{ end }}'
   cilium: |
     ChartName: cilium
     ChartVersion: 1.18.2

charts/cluster-api-runtime-extensions-nutanix/values.schema.json

@@ -118,6 +118,27 @@
         "hooks": {
             "type": "object",
             "properties": {
+                "addons": {
+                    "type": "object",
+                    "properties": {
+                        "awsLoadBalancerController": {
+                            "type": "object",
+                            "properties": {
+                                "defaultValueTemplateConfigMap": {
+                                    "type": "object",
+                                    "properties": {
+                                        "create": {
+                                            "type": "boolean"
+                                        },
+                                        "name": {
+                                            "type": "string"
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                },
                 "ccm": {
                     "type": "object",
                     "properties": {

charts/cluster-api-runtime-extensions-nutanix/values.yaml

@@ -117,6 +117,12 @@ hooks:
       create: true
       name: default-registry-syncer-helm-values-template
 
+  addons:
+    awsLoadBalancerController:
+      defaultValueTemplateConfigMap:
+        create: true
+        name: default-aws-load-balancer-controller-helm-values-template
+
 helmAddonsConfigMap: default-helm-addons-config
 
 deployDefaultClusterClasses: true

docs/content/addons/aws-load-balancer-controller.md

@@ -0,0 +1,89 @@
++++
+title = "AWS Load Balancer Controller"
+icon = "fa-solid fa-balance-scale"
++++
+
+By leveraging CAPI cluster lifecycle hooks, this handler deploys the [AWS Load Balancer Controller] on the new cluster at the `AfterControlPlaneInitialized` phase.
+
+The AWS Load Balancer Controller manages AWS Application Load Balancers (ALB) and Network Load Balancers (NLB) for Kubernetes services and ingresses.
+
+Deployment of this controller is opt-in via the [provider-specific cluster configuration]({{< ref ".." >}}).
+
+The hook uses the [Cluster API Add-on Provider for Helm] to deploy the AWS Load Balancer Controller resources.
+
+## Prerequisites
+
+- AWS EKS cluster
+- IAM role with necessary permissions for the AWS Load Balancer Controller
+
+## Example
+
+To enable deployment of the AWS Load Balancer Controller on a cluster, specify the following values:
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: <NAME>
+spec:
+  topology:
+    variables:
+      - name: clusterConfig
+        value:
+          addons:
+            # TODO: Define an API
+```
+
+## IAM Permissions
+
+The AWS Load Balancer Controller requires specific IAM permissions to manage load balancers.
+See [AWS Load Balancer IAM Policies] for the full list of permissions.
+The provided configuration assumes the permissions will be attached to the Nodes.
+
+If attaching these policies to the non-default isntance-profile, you may specify the name in the Cluster using the following configuration:
+
+```yaml
+        - name: workerConfig
+          value:
+            eks:
+              ...
+              iamInstanceProfile: custom.nodes.cluster-api-provider-aws.sigs.k8s.io
+```
+
+## Usage
+
+Once deployed, the AWS Load Balancer Controller can be used to:
+
+1. **Create Application Load Balancers (ALB)** for Kubernetes services using the `service.beta.kubernetes.io/aws-load-balancer-type: nlb` annotation
+2. **Create Network Load Balancers (NLB)** for Kubernetes services using the `service.beta.kubernetes.io/aws-load-balancer-type: nlb` annotation
+3. **Manage Ingress resources** with the `kubernetes.io/ingress.class: alb` annotation
+4. **Configure Target Group Bindings** for advanced load balancer configurations
+
+## Example Service
+
+See [AWS Load Balancer NLB Example]
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: my-service
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+spec:
+  type: LoadBalancer
+  loadBalancerClass: service.k8s.aws/nlb
+  ports:
+  - port: 80
+    targetPort: 8080
+  selector:
+    app: my-app
+```
+
+See other examples in [AWS Load Balancer Example] docs.
+
+[AWS Load Balancer Controller]: https://kubernetes-sigs.github.io/aws-load-balancer-controller/
+[Cluster API Add-on Provider for Helm]: https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm
+[AWS Load Balancer IAM Policies]: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/installation/#option-b-attach-iam-policies-to-nodes
+[AWS Load Balancer NLB Example]: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/nlb/
+[AWS Load Balancer Example]: https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/

hack/addons/helm-chart-bundler/repos.yaml

@@ -16,6 +16,11 @@ repositories:
     charts:
       aws-ebs-csi-driver:
       - 2.48.0
+  aws-load-balancer-controller:
+    repoURL: https://aws.github.io/eks-charts
+    charts:
+      aws-load-balancer-controller:
+      - 1.13.4
   cilium:
     repoURL: https://helm.cilium.io/
     charts:

hack/addons/kustomize/aws-load-balancer-controller/kustomization.yaml.tmpl

@@ -0,0 +1,17 @@
+# Copyright 2025 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+metadata:
+  name: aws-load-balancer-controller
+
+helmCharts:
+- name: aws-load-balancer-controller
+  namespace: kube-system
+  repo: https://aws.github.io/eks-charts
+  releaseName: aws-load-balancer-controller
+  version: ${AWS_LOAD_BALANCER_CONTROLLER_CHART_VERSION}
+  includeCRDs: true
+  skipTests: true

hack/tools/fetch-images/main.go

@@ -381,6 +381,27 @@ func getValuesFileForChartIfNeeded(chartName, carenChartDirectory string) (strin
 			return "", fmt.Errorf("failed to execute helm values template %w", err)
 		}
 
+		return tempFile.Name(), nil
+	case "aws-load-balancer-controller":
+		f := filepath.Join(carenChartDirectory, "addons", "aws-load-balancer-controller", defaultHelmAddonFilename)
+		tempFile, err := os.CreateTemp("", "")
+		if err != nil {
+			return "", fmt.Errorf("failed to create temp file: %w", err)
+		}
+
+		templateInput := map[string]interface{}{
+			"InfraCluster": map[string]interface{}{
+				"spec": map[string]interface{}{
+					"eksClusterName": "tmplCluster",
+				},
+			},
+		}
+
+		err = template.Must(template.New(defaultHelmAddonFilename).ParseFiles(f)).Execute(tempFile, &templateInput)
+		if err != nil {
+			return "", fmt.Errorf("failed to execute helm values template %w", err)
+		}
+
 		return tempFile.Name(), nil
 	default:
 		return "", nil

make/addons.mk

@@ -18,6 +18,8 @@ export AWS_CCM_VERSION_131 := v1.31.5
 export AWS_CCM_VERSION_132 := v1.32.1
 export AWS_CCM_VERSION_133 := v1.33.0
 
+export AWS_LOAD_BALANCER_CONTROLLER_CHART_VERSION := 1.13.4
+
 export NUTANIX_CCM_CHART_VERSION := 0.5.2
 
 export KUBE_VIP_VERSION := v0.9.1

pkg/handlers/lifecycle/awsloadbalancercontroller/doc.go

@@ -0,0 +1,12 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Package awsloadbalancercontroller provides lifecycle handlers for deploying the AWS Load Balancer Controller addon.
+//
+// The AWS Load Balancer Controller manages AWS Application Load Balancers (ALB) and Network Load Balancers (NLB)
+// for Kubernetes services and ingresses. This package provides handlers that deploy the controller using
+// the Cluster API Add-on Provider for Helm (CAAPH).
+//
+// The handler automatically installs the AWS Load Balancer Controller during the AfterControlPlaneInitialized
+// lifecycle phase, ensuring the controller is available for managing load balancer resources.
+package awsloadbalancercontroller