eksctl icon indicating copy to clipboard operation
eksctl copied to clipboard
verified publisher icon eksctl-io

Added AL2023 support for Outpost nodes

Open nkvetsinski opened this issue 1 month ago • 1 comments

Description

AL2 is on deprecation path, making AL2023 the only supported operating system for node-groups on Outpost. Using AL2 will now cause validation error. Leaving the AL2 code in place, to be deleted after this OS is officially deprecated.

Some mocks/dependencies got updated too, I'm including them in the PR, not sure if that's how you guys do it.

Checklist

  • [x] Added tests that cover your change (if possible)
  • [x] Added/modified documentation as required (such as the README.md, or the userdocs directory) (kind of)
  • [x] Manually tested
  • [x] Made sure the title of the PR is a good description that can go into the release notes
  • [ ] (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

Testing

Created a cluster on real outpost. Then added a node using the following command:

eksctl create nodegroup --cluster $CLUSTER_NAME \
 --name $NG_NAME --node-type $INSTANCE_TYPE \ 
 --nodes 1 --nodes-min 1 --nodes-max 1 \
 --managed=false --node-volume-type gp2 \
 --subnet-ids $SUBNET \
 --node-ami-family AmazonLinux2023 --node-private-networking

The node failed joining initially, because of a bug in the DescribeCluster EKS API for the outpost use case. We return the port for the cluster endpoint (see below), which causes nodeadm to fail resolving the cluster endpoint DNS. In order to do the end-to-end test, I sanitized the endpoint and the node was able to join.

kubectl get nodes  -o wide
NAME                                       STATUS     ROLES           AGE   VERSION                INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                                KERNEL-VERSION                    CONTAINER-RUNTIME
<REDACTED>.us-west-2.compute.internal    NotReady   control-plane   43h   v1.31.12-eks-e386d34    <REDACTED>    <none>        Bottlerocket OS 1.50.0 (aws-k8s-1.31)   6.1.156                           containerd://1.7.28+bottlerocket
<REDACTED>.us-west-2.compute.internal    NotReady   control-plane   43h   v1.31.12-eks-e386d34   <REDACTED>     <none>        Bottlerocket OS 1.50.0 (aws-k8s-1.31)   6.1.156                           containerd://1.7.28+bottlerocket
<REDACTED>.us-west-2.compute.internal    NotReady   control-plane   43h   v1.31.12-eks-e386d34   <REDACTED>     <none>        Bottlerocket OS 1.50.0 (aws-k8s-1.31)   6.1.156                           containerd://1.7.28+bottlerocket
<REDACTED>.us-west-2.compute.internal    Ready      <none>          45s   v1.31.13-eks-ecaa3a6   <REDACTED>     <none>        Amazon Linux 2023.9.20251117            6.1.158-178.288.amzn2023.x86_64   containerd://2.1.4

I decided to fix the EKS API, instead of sanitizing the DescribeCluster output in eksctl.

# describe non Outpost cluster
aws eks describe-cluster --name $CLUSTER_NAME |jq ".cluster.endpoint"
"https://<REDACTED>.gr7.us-west-2.eks.amazonaws.com"

# describe Outpost cluster
aws eks describe-cluster --name $CLUSTER_NAME |jq ".cluster.endpoint"
"https://<REDACTED>.b5005t.rv3.us-west-2.eks.amazonaws.com:443"

BONUS POINTS checklist: complete for good vibes and maybe prizes?! :exploding_head:

  • [ ] Backfilled missing tests for code in same general area :tada:
  • [ ] Refactored something and made the world a better place :star2:

nkvetsinski avatar Nov 24 '25 00:11 nkvetsinski

Hello nkvetsinski :wave: Thank you for opening a Pull Request in eksctl project. The team will review the Pull Request and aim to respond within 1-10 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website

github-actions[bot] avatar Nov 24 '25 00:11 github-actions[bot]