Merge pull request #6759 from cPu1/iso-regions

Add support for `us-iso-east-1` and `us-isob-east-1` regions
eksctl-io · Jul 5, 2023 · 645c6f1 · 645c6f1
2 parents 6a74d4f + ef8f5ae
commit 645c6f1
Show file tree

Hide file tree

Showing 28 changed files with 764 additions and 437 deletions.
diff --git a/pkg/actions/addon/create.go b/pkg/actions/addon/create.go
@@ -251,9 +251,9 @@ func (a *Manager) getRecommendedPolicies(addon *api.Addon) (api.InlineDocument,
 	switch addon.CanonicalName() {
 	case api.VPCCNIAddon:
 		if a.clusterConfig.IPv6Enabled() {
-			return makeIPv6VPCCNIPolicyDocument(api.Partition(a.clusterConfig.Metadata.Region)), nil, nil
+			return makeIPv6VPCCNIPolicyDocument(api.Partitions.ForRegion(a.clusterConfig.Metadata.Region)), nil, nil
 		}
-		return nil, []string{fmt.Sprintf("arn:%s:iam::aws:policy/%s", api.Partition(a.clusterConfig.Metadata.Region), api.IAMPolicyAmazonEKSCNIPolicy)}, nil
+		return nil, []string{fmt.Sprintf("arn:%s:iam::aws:policy/%s", api.Partitions.ForRegion(a.clusterConfig.Metadata.Region), api.IAMPolicyAmazonEKSCNIPolicy)}, nil
 	case api.AWSEBSCSIDriverAddon:
 		return nil, nil, &api.WellKnownPolicies{
 			EBSCSIController: true,

diff --git a/pkg/actions/iamidentitymapping/create.go b/pkg/actions/iamidentitymapping/create.go
@@ -26,7 +26,7 @@ func (m *Manager) Create(ctx context.Context, mapping *api.IAMIdentityMapping) e
 			return errors.Wrap(err, "error parsing cluster ARN")
 		}
 		sa := authconfigmap.NewServiceAccess(m.rawClient, acm, parsedARN.AccountID)
-		return sa.Grant(mapping.ServiceName, mapping.Namespace, api.Partition(m.region))
+		return sa.Grant(mapping.ServiceName, mapping.Namespace, api.Partitions.ForRegion(m.region))
 	}
 
 	if mapping.Account == "" {

diff --git a/pkg/actions/nodegroup/testdata/al2-force-false-template.json b/pkg/actions/nodegroup/testdata/al2-force-false-template.json
@@ -13,6 +13,16 @@
         "EKS": "eks.amazonaws.com",
         "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
       },
+      "aws-iso": {
+        "EC2": "ec2.c2s.ic.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
+      "aws-iso-b": {
+        "EC2": "ec2.sc2s.sgov.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
       "aws-us-gov": {
         "EC2": "ec2.amazonaws.com",
         "EKS": "eks.amazonaws.com",

diff --git a/pkg/actions/nodegroup/testdata/al2-no-force-template.json b/pkg/actions/nodegroup/testdata/al2-no-force-template.json
@@ -13,6 +13,16 @@
         "EKS": "eks.amazonaws.com",
         "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
       },
+      "aws-iso": {
+        "EC2": "ec2.c2s.ic.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
+      "aws-iso-b": {
+        "EC2": "ec2.sc2s.sgov.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
       "aws-us-gov": {
         "EC2": "ec2.amazonaws.com",
         "EKS": "eks.amazonaws.com",

diff --git a/pkg/actions/nodegroup/testdata/al2-updated-template.json b/pkg/actions/nodegroup/testdata/al2-updated-template.json
@@ -13,6 +13,16 @@
         "EKS": "eks.amazonaws.com",
         "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
       },
+      "aws-iso": {
+        "EC2": "ec2.c2s.ic.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
+      "aws-iso-b": {
+        "EC2": "ec2.sc2s.sgov.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
       "aws-us-gov": {
         "EC2": "ec2.amazonaws.com",
         "EKS": "eks.amazonaws.com",

diff --git a/pkg/actions/nodegroup/testdata/br-force-false-template.json b/pkg/actions/nodegroup/testdata/br-force-false-template.json
@@ -14,6 +14,16 @@
         "EKS": "eks.amazonaws.com",
         "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
       },
+      "aws-iso": {
+        "EC2": "ec2.c2s.ic.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
+      "aws-iso-b": {
+        "EC2": "ec2.sc2s.sgov.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
       "aws-us-gov": {
         "EC2": "ec2.amazonaws.com",
         "EKS": "eks.amazonaws.com",

diff --git a/pkg/actions/nodegroup/testdata/br-force-true-template.json b/pkg/actions/nodegroup/testdata/br-force-true-template.json
@@ -14,6 +14,16 @@
         "EKS": "eks.amazonaws.com",
         "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
       },
+      "aws-iso": {
+        "EC2": "ec2.c2s.ic.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
+      "aws-iso-b": {
+        "EC2": "ec2.sc2s.sgov.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
       "aws-us-gov": {
         "EC2": "ec2.amazonaws.com",
         "EKS": "eks.amazonaws.com",

diff --git a/pkg/actions/nodegroup/testdata/br-updated-template.json b/pkg/actions/nodegroup/testdata/br-updated-template.json
@@ -13,6 +13,16 @@
         "EKS": "eks.amazonaws.com",
         "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
       },
+      "aws-iso": {
+        "EC2": "ec2.c2s.ic.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
+      "aws-iso-b": {
+        "EC2": "ec2.sc2s.sgov.gov",
+        "EKS": "eks.amazonaws.com",
+        "EKSFargatePods": "eks-fargate-pods.amazonaws.com"
+      },
       "aws-us-gov": {
         "EC2": "ec2.amazonaws.com",
         "EKS": "eks.amazonaws.com",

diff --git a/pkg/apis/eksctl.io/v1alpha5/defaults.go b/pkg/apis/eksctl.io/v1alpha5/defaults.go
@@ -7,6 +7,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
+
 	"github.com/weaveworks/eksctl/pkg/utils"
 )
 
@@ -78,7 +79,7 @@ func IAMServiceAccountsWithImplicitServiceAccounts(cfg *ClusterConfig) []*Cluste
 			awsNode := ClusterIAMServiceAccount{
 				ClusterIAMMeta: AWSNodeMeta,
 				AttachPolicyARNs: []string{
-					fmt.Sprintf("arn:%s:iam::aws:policy/%s", Partition(cfg.Metadata.Region), IAMPolicyAmazonEKSCNIPolicy),
+					fmt.Sprintf("arn:%s:iam::aws:policy/%s", Partitions.ForRegion(cfg.Metadata.Region), IAMPolicyAmazonEKSCNIPolicy),
 				},
 			}
 			serviceAccounts = append(serviceAccounts, &awsNode)
@@ -104,8 +105,8 @@ func SetNodeGroupDefaults(ng *NodeGroup, meta *ClusterMeta, controlPlaneOnOutpos
 		ng.AMIFamily = DefaultNodeImageFamily
 	}
 
-	setVolumeDefaults(ng.NodeGroupBase, controlPlaneOnOutposts, nil)
-	setDefaultsForAdditionalVolumes(ng.NodeGroupBase, controlPlaneOnOutposts)
+	setVolumeDefaults(ng.NodeGroupBase, controlPlaneOnOutposts, meta.Region, nil)
+	setDefaultsForAdditionalVolumes(ng.NodeGroupBase, controlPlaneOnOutposts, meta.Region)
 
 	if ng.SecurityGroups.WithLocal == nil {
 		ng.SecurityGroups.WithLocal = Enabled()
@@ -133,8 +134,8 @@ func SetManagedNodeGroupDefaults(ng *ManagedNodeGroup, meta *ClusterMeta, contro
 	ng.Tags[NodeGroupNameTag] = ng.Name
 	ng.Tags[NodeGroupTypeTag] = string(NodeGroupTypeManaged)
 
-	setVolumeDefaults(ng.NodeGroupBase, controlPlaneOnOutposts, ng.LaunchTemplate)
-	setDefaultsForAdditionalVolumes(ng.NodeGroupBase, controlPlaneOnOutposts)
+	setVolumeDefaults(ng.NodeGroupBase, controlPlaneOnOutposts, meta.Region, ng.LaunchTemplate)
+	setDefaultsForAdditionalVolumes(ng.NodeGroupBase, controlPlaneOnOutposts, meta.Region)
 }
 
 func setNodeGroupBaseDefaults(ng *NodeGroupBase, meta *ClusterMeta) {
@@ -177,9 +178,9 @@ func setNodeGroupBaseDefaults(ng *NodeGroupBase, meta *ClusterMeta) {
 	}
 }
 
-func setVolumeDefaults(ng *NodeGroupBase, controlPlaneOnOutposts bool, template *LaunchTemplate) {
+func setVolumeDefaults(ng *NodeGroupBase, controlPlaneOnOutposts bool, region string, template *LaunchTemplate) {
 	if ng.VolumeType == nil {
-		ng.VolumeType = aws.String(getDefaultVolumeType(controlPlaneOnOutposts || ng.OutpostARN != ""))
+		ng.VolumeType = aws.String(getDefaultVolumeType(controlPlaneOnOutposts || ng.OutpostARN != "", region))
 	}
 	if ng.VolumeSize == nil && template == nil {
 		ng.VolumeSize = &DefaultNodeVolumeSize
@@ -205,10 +206,10 @@ func setVolumeDefaults(ng *NodeGroupBase, controlPlaneOnOutposts bool, template
 	}
 }
 
-func setDefaultsForAdditionalVolumes(ng *NodeGroupBase, controlPlaneOnOutposts bool) {
+func setDefaultsForAdditionalVolumes(ng *NodeGroupBase, controlPlaneOnOutposts bool, region string) {
 	for i, av := range ng.AdditionalVolumes {
 		if av.VolumeType == nil {
-			ng.AdditionalVolumes[i].VolumeType = aws.String(getDefaultVolumeType(controlPlaneOnOutposts))
+			ng.AdditionalVolumes[i].VolumeType = aws.String(getDefaultVolumeType(controlPlaneOnOutposts, region))
 		}
 		if av.VolumeSize == nil {
 			ng.AdditionalVolumes[i].VolumeSize = &DefaultNodeVolumeSize
@@ -227,11 +228,11 @@ func setDefaultsForAdditionalVolumes(ng *NodeGroupBase, controlPlaneOnOutposts b
 	}
 }
 
-func getDefaultVolumeType(nodeGroupOnOutposts bool) string {
+func getDefaultVolumeType(nodeGroupOnOutposts bool, region string) string {
 	if nodeGroupOnOutposts {
 		return NodeVolumeTypeGP2
 	}
-	return DefaultNodeVolumeType
+	return defaultVolumeTypeForRegion(region)
 }
 
 func setContainerRuntimeDefault(ng *NodeGroup, clusterVersion string) {

diff --git a/pkg/apis/eksctl.io/v1alpha5/defaults_test.go b/pkg/apis/eksctl.io/v1alpha5/defaults_test.go
@@ -192,6 +192,35 @@ var _ = Describe("ClusterConfig validation", func() {
 			Expect(*testNodeGroup.AdditionalVolumes[0].VolumeType).To(Equal(NodeVolumeTypeGP2))
 			Expect(*testNodeGroup.AdditionalVolumes[0].VolumeSize).To(Equal(DefaultNodeVolumeSize))
 		})
+
+		It("sets up defaults for the main volume in an ISO region", func() {
+			testNodeGroup := NodeGroup{
+				NodeGroupBase: &NodeGroupBase{},
+			}
+
+			SetNodeGroupDefaults(&testNodeGroup, &ClusterMeta{
+				Region: RegionUSISOEast1,
+			}, false)
+			Expect(*testNodeGroup.VolumeType).To(Equal(NodeVolumeTypeIO1))
+			Expect(*testNodeGroup.VolumeSize).To(Equal(DefaultNodeVolumeSize))
+		})
+		It("sets up defaults for any additional volume in an ISO region", func() {
+			testNodeGroup := NodeGroup{
+				NodeGroupBase: &NodeGroupBase{
+					AdditionalVolumes: []*VolumeMapping{
+						{
+							VolumeName: aws.String("test"),
+						},
+					},
+				},
+			}
+
+			SetNodeGroupDefaults(&testNodeGroup, &ClusterMeta{
+				Region: RegionUSISOBEast1,
+			}, false)
+			Expect(*testNodeGroup.AdditionalVolumes[0].VolumeType).To(Equal(NodeVolumeTypeIO1))
+			Expect(*testNodeGroup.AdditionalVolumes[0].VolumeSize).To(Equal(DefaultNodeVolumeSize))
+		})
 	})
 
 	Context("Bottlerocket Settings", func() {

diff --git a/pkg/apis/eksctl.io/v1alpha5/endpoint_service.go b/pkg/apis/eksctl.io/v1alpha5/endpoint_service.go
@@ -14,6 +14,8 @@ type EndpointService struct {
 	OutpostsOnly bool
 	// RequiresChinaPrefix is true if the endpoint service requires a prefix for China regions.
 	RequiresChinaPrefix bool
+	// RequiresISOPrefix is true if the endpoint service requires a prefix for ISO regions.
+	RequiresISOPrefix bool
 }
 
 var (
@@ -33,14 +35,17 @@ var EndpointServices = []EndpointService{
 	{
 		Name:                "ec2",
 		RequiresChinaPrefix: true,
+		RequiresISOPrefix:   true,
 	},
 	{
 		Name:                "ecr.api",
 		RequiresChinaPrefix: true,
+		RequiresISOPrefix:   true,
 	},
 	{
 		Name:                "ecr.dkr",
 		RequiresChinaPrefix: true,
+		RequiresISOPrefix:   true,
 	},
 	EndpointServiceS3,
 	{
@@ -69,8 +74,9 @@ var EndpointServices = []EndpointService{
 		RequiresChinaPrefix: true,
 	},
 	{
-		Name:     "autoscaling",
-		Optional: true,
+		Name:              "autoscaling",
+		Optional:          true,
+		RequiresISOPrefix: true,
 	},
 	EndpointServiceCloudWatch,
 }