Support EKS upgrade policy

Author: phuhung273

config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml

@@ -3196,6 +3196,17 @@ spec:
                 - iam-authenticator
                 - aws-cli
                 type: string
+              upgradePolicy:
+                description: |-
+                  The support policy to use for the cluster.
+                  Extended support indicates that the cluster will not be automatically upgraded
+                  when it leaves the standard support period, and will enter extended support.
+                  Clusters in extended support have higher costs.
+                  The default value is extended. Use standard to disable extended support.
+                enum:
+                - extended
+                - standard
+                type: string
               version:
                 description: |-
                   Version defines the desired Kubernetes version. If no version number

config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanetemplates.yaml

@@ -1022,6 +1022,17 @@ spec:
                         - iam-authenticator
                         - aws-cli
                         type: string
+                      upgradePolicy:
+                        description: |-
+                          The support policy to use for the cluster.
+                          Extended support indicates that the cluster will not be automatically upgraded
+                          when it leaves the standard support period, and will enter extended support.
+                          Clusters in extended support have higher costs.
+                          The default value is extended. Use standard to disable extended support.
+                        enum:
+                        - extended
+                        - standard
+                        type: string
                       version:
                         description: |-
                           Version defines the desired Kubernetes version. If no version number

controlplane/eks/api/v1beta1/conversion.go

@@ -121,6 +121,7 @@ func (r *AWSManagedControlPlane) ConvertTo(dstRaw conversion.Hub) error {
 	dst.Spec.RolePermissionsBoundary = restored.Spec.RolePermissionsBoundary
 	dst.Status.Version = restored.Status.Version
 	dst.Spec.BootstrapSelfManagedAddons = restored.Spec.BootstrapSelfManagedAddons
+	dst.Spec.UpgradePolicy = restored.Spec.UpgradePolicy
 	return nil
 }
 

controlplane/eks/api/v1beta1/zz_generated.conversion.go

@@ -208,6 +208,15 @@ type AWSManagedControlPlaneSpec struct { //nolint: maligned
 
 	// KubeProxy defines managed attributes of the kube-proxy daemonset
 	KubeProxy KubeProxy `json:"kubeProxy,omitempty"`
+
+	// The support policy to use for the cluster.
+	// Extended support indicates that the cluster will not be automatically upgraded
+	// when it leaves the standard support period, and will enter extended support.
+	// Clusters in extended support have higher costs.
+	// The default value is extended. Use standard to disable extended support.
+	// +kubebuilder:validation:Enum=extended;standard
+	// +optional
+	UpgradePolicy *UpgradePolicy `json:"upgradePolicy,omitempty"`
 }
 
 // KubeProxy specifies how the kube-proxy daemonset is managed.

controlplane/eks/api/v1beta2/awsmanagedcontrolplane_types.go

@@ -220,6 +220,24 @@ type AddonIssue struct {
 	ResourceIDs []string `json:"resourceIds,omitempty"`
 }
 
+// UpgradePolicy defines the support policy to use for the cluster.
+type UpgradePolicy string
+
+var (
+	// UpgradePolicyExtended indicates that the cluster will not be automatically upgraded
+	// when it leaves the standard support period, and will enter extended support.
+	// Clusters in extended support have higher costs.
+	UpgradePolicyExtended = UpgradePolicy("extended")
+
+	// UpgradePolicyStandard indicates that the cluster will be automatically upgraded
+	// when it leaves the standard support period.
+	UpgradePolicyStandard = UpgradePolicy("standard")
+)
+
+func (e UpgradePolicy) String() string {
+	return string(e)
+}
+
 const (
 	// SecurityGroupCluster is the security group for communication between EKS
 	// control plane and managed node groups.

controlplane/eks/api/v1beta2/types.go

@@ -14,6 +14,9 @@ clusterctl generate cluster capi-eks-quickstart --flavor eks-managedmachinepool
 
 NOTE: When creating an EKS cluster only the **MAJOR.MINOR** of the `-kubernetes-version` is taken into consideration.
 
+By default, EKS cluster uses:
+- EXTENDED support. See more info about [cluster upgrade policy](https://docs.aws.amazon.com/eks/latest/userguide/view-upgrade-policy.html)
+
 ## Kubeconfig
 
 When creating an EKS cluster 2 kubeconfigs are generated and stored as secrets in the management cluster. This is different to when you create a non-managed cluster using the AWS provider.

controlplane/eks/api/v1beta2/zz_generated.deepcopy.go

@@ -278,3 +278,11 @@ func AddonConflictResolutionFromSDK(conflict ekstypes.ResolveConflicts) *string
 	}
 	return aws.String(string(ekscontrolplanev1.AddonResolutionOverwrite))
 }
+
+// SupportTypeToSDK converts CAPA upgrade support policy types to SDK types.
+func SupportTypeToSDK(input ekscontrolplanev1.UpgradePolicy) ekstypes.SupportType {
+	if input == ekscontrolplanev1.UpgradePolicyStandard {
+		return ekstypes.SupportTypeStandard
+	}
+	return ekstypes.SupportTypeExtended
+}

docs/book/src/topics/eks/creating-a-cluster.md

@@ -20,6 +20,7 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -35,6 +36,7 @@ import (
 	infrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
 	ekscontrolplanev1 "sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2"
 	"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/awserrors"
+	"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/converters"
 	"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/services/wait"
 	"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/internal/cidr"
 	"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/internal/cmp"
@@ -460,6 +462,14 @@ func (s *Service) createCluster(ctx context.Context, eksClusterName string) (*ek
 		eksVersion = &v
 	}
 
+	var upgradePolicy *ekstypes.UpgradePolicyRequest
+
+	if s.scope.ControlPlane.Spec.UpgradePolicy != nil {
+		upgradePolicy = &ekstypes.UpgradePolicyRequest{
+			SupportType: converters.SupportTypeToSDK(*s.scope.ControlPlane.Spec.UpgradePolicy),
+		}
+	}
+
 	bootstrapAddon := s.scope.BootstrapSelfManagedAddons()
 	input := &eks.CreateClusterInput{
 		Name:                       aws.String(eksClusterName),
@@ -471,6 +481,7 @@ func (s *Service) createCluster(ctx context.Context, eksClusterName string) (*ek
 		Tags:                       tags,
 		KubernetesNetworkConfig:    netConfig,
 		BootstrapSelfManagedAddons: bootstrapAddon,
+		UpgradePolicy:              upgradePolicy,
 	}
 
 	var out *eks.CreateClusterOutput
@@ -526,6 +537,12 @@ func (s *Service) reconcileClusterConfig(ctx context.Context, cluster *ekstypes.
 		input.ResourcesVpcConfig = updateVpcConfig
 	}
 
+	updateUpgradePolicy := s.reconcileUpgradePolicy(cluster.UpgradePolicy)
+	if updateUpgradePolicy != nil {
+		needsUpdate = true
+		input.UpgradePolicy = updateUpgradePolicy
+	}
+
 	if needsUpdate {
 		if err := wait.WaitForWithRetryable(wait.NewBackoff(), func() (bool, error) {
 			if _, err := s.EKSClient.UpdateClusterConfig(ctx, input); err != nil {
@@ -719,6 +736,31 @@ func (s *Service) reconcileClusterVersion(ctx context.Context, cluster *ekstypes
 	return nil
 }
 
+func (s *Service) reconcileUpgradePolicy(upgradePolicy *ekstypes.UpgradePolicyResponse) *ekstypes.UpgradePolicyRequest {
+	s.Info("reconciling upgrade policy")
+
+	if upgradePolicy == nil {
+		s.Debug("cannot get cluster upgrade policy, no action")
+		return nil
+	}
+
+	clusterUpgradePolicy := upgradePolicy.SupportType
+
+	if s.scope.ControlPlane.Spec.UpgradePolicy == nil {
+		s.Debug("upgrade policy not given, no action")
+		return nil
+	}
+
+	if strings.ToLower(string(clusterUpgradePolicy)) == s.scope.ControlPlane.Spec.UpgradePolicy.String() {
+		s.Debug("upgrade policy unchanged, no action")
+		return nil
+	}
+
+	return &ekstypes.UpgradePolicyRequest{
+		SupportType: converters.SupportTypeToSDK(*s.scope.ControlPlane.Spec.UpgradePolicy),
+	}
+}
+
 func (s *Service) describeEKSCluster(ctx context.Context, eksClusterName string) (*ekstypes.Cluster, error) {
 	input := &eks.DescribeClusterInput{
 		Name: aws.String(eksClusterName),