Skip to content

Add support for BottlerocketFips AMI family in managed nodegroups#8778

Open
amdonov wants to merge 1 commit into
eksctl-io:mainfrom
amdonov:bottlerocket-fips-mng
Open

Add support for BottlerocketFips AMI family in managed nodegroups#8778
amdonov wants to merge 1 commit into
eksctl-io:mainfrom
amdonov:bottlerocket-fips-mng

Conversation

@amdonov

@amdonov amdonov commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Description

Adds support for the BottlerocketFips AMI family, enabling users to create
managed and self-managed nodegroups with FIPS-enabled Bottlerocket AMIs
(BOTTLEROCKET_x86_64_FIPS, BOTTLEROCKET_ARM_64_FIPS, and their Nvidia
variants).

Changes:

  • Added NodeImageFamilyBottlerocketFips constant and registered it in
    SupportedAMIFamilies()
  • Added AMI type mappings for all FIPS Bottlerocket variants (x86, ARM,
    Nvidia)
  • Added SSM parameter resolution using the aws-k8s--fips path
    pattern for both self-managed and managed nodegroups
  • Updated IsBottlerocketImage() to include the new family
  • Replaced all hardcoded == NodeImageFamilyBottlerocket checks with
    IsBottlerocketImage() so that validation, defaulting, GPU support, volume
    naming, and bootstrapper selection all apply to the FIPS variant
  • Removed the TODO exclusions in ssm_resolver_test.go that were tracking this
    gap

Usage:

managedNodeGroups:

  • name: fips-ng
    amiFamily: BottlerocketFips
    instanceType: m5.xlarge
    desiredCapacity: 1

Checklist

  • Added tests that cover your change (if possible)
  • Added/modified documentation as required (such as the README.md, or the userdocs directory)
  • Manually tested
  • Made sure the title of the PR is a good description that can go into the release notes
  • (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

  • Backfilled missing tests for code in same general area 🎉
  • Refactored something and made the world a better place 🌟

@amdonov

amdonov commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

/kind feature
/area nodegroup

@amdonov amdonov force-pushed the bottlerocket-fips-mng branch from 0980018 to eace0d2 Compare June 29, 2026 16:06
}
normalizeAMIFamily(ng)
if ng.AMIFamily == NodeImageFamilyBottlerocket {
if IsBottlerocketImage(ng.AMIFamily) {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice cleanups!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/managed-nodegroup EKS Managed Nodegroups area/nodegroup kind/feature New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants