support Al2023 on outposts (#8599)

NicholasBlaskey · Nikolay Kvetsinski · web-flow · commit 030ff255d093 · 2025-11-26T14:36:49.000-08:00
---------

Co-authored-by: Nikolay Kvetsinski &lt;kvetsins@amazon.com&gt;
diff --git a/pkg/apis/eksctl.io/v1alpha5/outposts_validation_test.go b/pkg/apis/eksctl.io/v1alpha5/outposts_validation_test.go
@@ -199,12 +199,13 @@ var _ = Describe("Outposts validation", func() {
 			},
 		}, clusterConfig)
 		if shouldFail {
-			Expect(err).To(MatchError("only AmazonLinux2 is supported on local clusters"))
+			Expect(err).To(MatchError("only AmazonLinux2 and AmazonLinux2023 is supported on local clusters"))
 		} else {
 			Expect(err).NotTo(HaveOccurred())
 		}
 	},
 		Entry("AmazonLinux2", api.NodeImageFamilyAmazonLinux2, false),
+		Entry("AmazonLinux2023", api.NodeImageFamilyAmazonLinux2, false),
 		Entry("Bottlerocket", api.NodeImageFamilyBottlerocket, true),
 		Entry("Ubuntu2004", api.NodeImageFamilyUbuntu2004, true),
 		Entry("UbuntuPro2004", api.NodeImageFamilyUbuntuPro2004, true),
diff --git a/pkg/apis/eksctl.io/v1alpha5/validation.go b/pkg/apis/eksctl.io/v1alpha5/validation.go
@@ -757,8 +757,8 @@ func validateNodeGroupBase(np NodePool, path string, controlPlaneOnOutposts bool
 			}
 			return fmt.Errorf("AMI Family %s is not supported - use one of: %s", ng.AMIFamily, strings.Join(SupportedAMIFamilies(), ", "))
 		}
-		if controlPlaneOnOutposts && ng.AMIFamily != NodeImageFamilyAmazonLinux2 {
-			return fmt.Errorf("only %s is supported on local clusters", NodeImageFamilyAmazonLinux2)
+		if controlPlaneOnOutposts && (ng.AMIFamily != NodeImageFamilyAmazonLinux2 && ng.AMIFamily != NodeImageFamilyAmazonLinux2023) {
+			return fmt.Errorf("only %s and %s is supported on local clusters", NodeImageFamilyAmazonLinux2, NodeImageFamilyAmazonLinux2023)
 		}
 	}
 
diff --git a/pkg/nodebootstrap/al2023.go b/pkg/nodebootstrap/al2023.go
@@ -133,18 +133,24 @@ func (m *AL2023) createMinimalNodeConfig() (*nodeadm.NodeConfig, error) {
 		serviceCIDR = clusterStatus.KubernetesNetworkConfig.ServiceIPv4CIDR
 	}
 
+	clusterDetails := nodeadm.ClusterDetails{
+		Name:                 m.cfg.Metadata.Name,
+		APIServerEndpoint:    clusterStatus.Endpoint,
+		CertificateAuthority: clusterStatus.CertificateAuthorityData,
+		CIDR:                 serviceCIDR,
+	}
+	if m.cfg.IsControlPlaneOnOutposts() {
+		clusterDetails.ID = m.cfg.ID()
+		clusterDetails.EnableOutpost = ptr(true)
+	}
+
 	return &nodeadm.NodeConfig{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       nodeadmapi.KindNodeConfig,
 			APIVersion: nodeadm.GroupVersion.String(),
 		},
 		Spec: nodeadm.NodeConfigSpec{
-			Cluster: nodeadm.ClusterDetails{
-				Name:                 m.cfg.Metadata.Name,
-				APIServerEndpoint:    clusterStatus.Endpoint,
-				CertificateAuthority: clusterStatus.CertificateAuthorityData,
-				CIDR:                 serviceCIDR,
-			},
+			Cluster: clusterDetails,
 			Kubelet: kubeletOptions,
 		},
 	}, nil
@@ -171,3 +177,5 @@ func stringToNodeConfig(overrideBootstrapCommand string) (*nodeadm.NodeConfig, e
 	}
 	return &config, nil
 }
+
+func ptr[T any](v T) *T { return &v }
diff --git a/pkg/nodebootstrap/al2023_test.go b/pkg/nodebootstrap/al2023_test.go
@@ -30,6 +30,9 @@ type al2023Entry struct {
 
 var _ = DescribeTable("Unmanaged AL2023", func(e al2023Entry) {
 	cfg, dns := makeDefaultClusterSettings()
+	if e.overrideClusterSettings != nil {
+		e.overrideClusterSettings(cfg)
+	}
 	ng := api.NewNodeGroup()
 	makeDefaultNPSettings(ng)
 
@@ -56,6 +59,14 @@ var _ = DescribeTable("Unmanaged AL2023", func(e al2023Entry) {
 		},
 		expectedUserData: wrapMIMEParts(nodeConfig),
 	}),
+	Entry("control plane on Outposts", al2023Entry{
+		overrideClusterSettings: func(cc *api.ClusterConfig) {
+			cc.Outpost = &api.Outpost{
+				ControlPlaneOutpostARN: "arn:aws:outposts:us-west-2:1234:outpost/op-1234",
+			}
+			cc.Status.ID = "51eaebb5-7e52-4e71-baba-e98a6314b10e"
+		}, expectedUserData: wrapMIMEParts(nodeConfigOutpost),
+	}),
 )
 
 var _ = DescribeTable("Managed AL2023", func(e al2023Entry) {
@@ -404,6 +415,33 @@ spec:
     - --node-labels=alpha.eksctl.io/nodegroup-name=al2023-mng-test
 
 `
+
+	nodeConfigOutpost = `--//
+Content-Type: application/node.eks.aws
+
+apiVersion: node.eks.aws/v1alpha1
+kind: NodeConfig
+metadata: {}
+spec:
+  cluster:
+    apiServerEndpoint: https://test.xxx.us-west-2.eks.amazonaws.com
+    certificateAuthority: dGVzdCBDQQ==
+    cidr: 10.100.0.0/16
+    enableOutpost: true
+    id: 51eaebb5-7e52-4e71-baba-e98a6314b10e
+    name: al2023-test
+  containerd: {}
+  instance:
+    localStorage: {}
+  kubelet:
+    config:
+      clusterDNS:
+      - 10.100.0.10
+    flags:
+    - --node-labels=alpha.eksctl.io/nodegroup-name=al2023-mng-test
+
+`
+
 	managedNodeConfigIPv6 = `--//
 Content-Type: application/node.eks.aws
 
diff --git a/userdocs/src/usage/outposts.md b/userdocs/src/usage/outposts.md
@@ -204,7 +204,7 @@ nodeGroups:
 ```
 
 ???+ note
-    - Only Amazon Linux 2 is supported for nodegroups when the control plane is on Outposts.
+    - Only Amazon Linux 2023 is supported for nodegroups when the control plane is on Outposts.
     - Only EBS gp2 volume types are supported for nodegroups on Outposts.
 
 

Original file line number	Diff line number	Diff line change
`@@ -757,8 +757,8 @@ func validateNodeGroupBase(np NodePool, path string, controlPlaneOnOutposts bool`
`757`	`757`	`}`
`758`	`758`	`return fmt.Errorf("AMI Family %s is not supported - use one of: %s", ng.AMIFamily, strings.Join(SupportedAMIFamilies(), ", "))`
`759`	`759`	`}`
`760`		`- if controlPlaneOnOutposts && ng.AMIFamily != NodeImageFamilyAmazonLinux2 {`
`761`		`- return fmt.Errorf("only %s is supported on local clusters", NodeImageFamilyAmazonLinux2)`
	`760`	`+ if controlPlaneOnOutposts && (ng.AMIFamily != NodeImageFamilyAmazonLinux2 && ng.AMIFamily != NodeImageFamilyAmazonLinux2023) {`
	`761`	`+ return fmt.Errorf("only %s and %s is supported on local clusters", NodeImageFamilyAmazonLinux2, NodeImageFamilyAmazonLinux2023)`
`762`	`762`	`}`
`763`	`763`	`}`
`764`	`764`