nutanix-cloud-native · faiq · Sep 26, 2025 · Sep 23, 2025 · Sep 23, 2025 · Sep 10, 2025
diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml
@@ -0,0 +1,26 @@
+name: PR run unit and integration tests
+
+on:
+  pull_request_target:
+    types:
+      - edited
+      - labeled
+      - reopened
+      - synchronize
+
+jobs:
+  approve:
+    name: runs unit and integration tests
+    if: contains(github.event.pull_request.labels.*.name, 'ok-to-test')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # tag=v4.2.2
+      - name: Calculate go version
+        id: vars
+        run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
+      - name: Set up Go
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # tag=v6.0.0
+        with:
+          go-version: ${{ steps.vars.outputs.go_version }}
+      - name: Run runs-test
+        run: make test
diff --git a/bootstrap/eks/PROJECT b/bootstrap/eks/PROJECT
@@ -15,4 +15,4 @@ resources:
 - group: bootstrap
   kind: EKSConfigTemplate
   version: v1beta2
-version: "2"
+version: "3"
diff --git a/bootstrap/eks/api/v1beta2/eksconfig_types.go b/bootstrap/eks/api/v1beta2/eksconfig_types.go
@@ -110,203 +110,6 @@ type EKSConfigStatus struct {
 	Conditions clusterv1.Conditions `json:"conditions,omitempty"`
 }
 
-// Encoding specifies the cloud-init file encoding.
-// +kubebuilder:validation:Enum=base64;gzip;gzip+base64
-type Encoding string
-
-const (
-	// Base64 implies the contents of the file are encoded as base64.
-	Base64 Encoding = "base64"
-	// Gzip implies the contents of the file are encoded with gzip.
-	Gzip Encoding = "gzip"
-	// GzipBase64 implies the contents of the file are first base64 encoded and then gzip encoded.
-	GzipBase64 Encoding = "gzip+base64"
-)
-
-// File defines the input for generating write_files in cloud-init.
-type File struct {
-	// Path specifies the full path on disk where to store the file.
-	Path string `json:"path"`
-
-	// Owner specifies the ownership of the file, e.g. "root:root".
-	// +optional
-	Owner string `json:"owner,omitempty"`
-
-	// Permissions specifies the permissions to assign to the file, e.g. "0640".
-	// +optional
-	Permissions string `json:"permissions,omitempty"`
-
-	// Encoding specifies the encoding of the file contents.
-	// +optional
-	Encoding Encoding `json:"encoding,omitempty"`
-
-	// Append specifies whether to append Content to existing file if Path exists.
-	// +optional
-	Append bool `json:"append,omitempty"`
-
-	// Content is the actual content of the file.
-	// +optional
-	Content string `json:"content,omitempty"`
-
-	// ContentFrom is a referenced source of content to populate the file.
-	// +optional
-	ContentFrom *FileSource `json:"contentFrom,omitempty"`
-}
-
-// FileSource is a union of all possible external source types for file data.
-// Only one field may be populated in any given instance. Developers adding new
-// sources of data for target systems should add them here.
-type FileSource struct {
-	// Secret represents a secret that should populate this file.
-	Secret SecretFileSource `json:"secret"`
-}
-
-// SecretFileSource adapts a Secret into a FileSource.
-//
-// The contents of the target Secret's Data field will be presented
-// as files using the keys in the Data field as the file names.
-type SecretFileSource struct {
-	// Name of the secret in the KubeadmBootstrapConfig's namespace to use.
-	Name string `json:"name"`
-
-	// Key is the key in the secret's data map for this value.
-	Key string `json:"key"`
-}
-
-// PasswdSource is a union of all possible external source types for passwd data.
-// Only one field may be populated in any given instance. Developers adding new
-// sources of data for target systems should add them here.
-type PasswdSource struct {
-	// Secret represents a secret that should populate this password.
-	Secret SecretPasswdSource `json:"secret"`
-}
-
-// SecretPasswdSource adapts a Secret into a PasswdSource.
-//
-// The contents of the target Secret's Data field will be presented
-// as passwd using the keys in the Data field as the file names.
-type SecretPasswdSource struct {
-	// Name of the secret in the KubeadmBootstrapConfig's namespace to use.
-	Name string `json:"name"`
-
-	// Key is the key in the secret's data map for this value.
-	Key string `json:"key"`
-}
-
-// User defines the input for a generated user in cloud-init.
-type User struct {
-	// Name specifies the username
-	Name string `json:"name"`
-
-	// Gecos specifies the gecos to use for the user
-	// +optional
-	Gecos *string `json:"gecos,omitempty"`
-
-	// Groups specifies the additional groups for the user
-	// +optional
-	Groups *string `json:"groups,omitempty"`
-
-	// HomeDir specifies the home directory to use for the user
-	// +optional
-	HomeDir *string `json:"homeDir,omitempty"`
-
-	// Inactive specifies whether to mark the user as inactive
-	// +optional
-	Inactive *bool `json:"inactive,omitempty"`
-
-	// Shell specifies the user's shell
-	// +optional
-	Shell *string `json:"shell,omitempty"`
-
-	// Passwd specifies a hashed password for the user
-	// +optional
-	Passwd *string `json:"passwd,omitempty"`
-
-	// PasswdFrom is a referenced source of passwd to populate the passwd.
-	// +optional
-	PasswdFrom *PasswdSource `json:"passwdFrom,omitempty"`
-
-	// PrimaryGroup specifies the primary group for the user
-	// +optional
-	PrimaryGroup *string `json:"primaryGroup,omitempty"`
-
-	// LockPassword specifies if password login should be disabled
-	// +optional
-	LockPassword *bool `json:"lockPassword,omitempty"`
-
-	// Sudo specifies a sudo role for the user
-	// +optional
-	Sudo *string `json:"sudo,omitempty"`
-
-	// SSHAuthorizedKeys specifies a list of ssh authorized keys for the user
-	// +optional
-	SSHAuthorizedKeys []string `json:"sshAuthorizedKeys,omitempty"`
-}
-
-// NTP defines input for generated ntp in cloud-init.
-type NTP struct {
-	// Servers specifies which NTP servers to use
-	// +optional
-	Servers []string `json:"servers,omitempty"`
-
-	// Enabled specifies whether NTP should be enabled
-	// +optional
-	Enabled *bool `json:"enabled,omitempty"`
-}
-
-// DiskSetup defines input for generated disk_setup and fs_setup in cloud-init.
-type DiskSetup struct {
-	// Partitions specifies the list of the partitions to setup.
-	// +optional
-	Partitions []Partition `json:"partitions,omitempty"`
-
-	// Filesystems specifies the list of file systems to setup.
-	// +optional
-	Filesystems []Filesystem `json:"filesystems,omitempty"`
-}
-
-// Partition defines how to create and layout a partition.
-type Partition struct {
-	// Device is the name of the device.
-	Device string `json:"device"`
-	// Layout specifies the device layout.
-	// If it is true, a single partition will be created for the entire device.
-	// When layout is false, it means don't partition or ignore existing partitioning.
-	Layout bool `json:"layout"`
-	// Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
-	// Use with caution. Default is 'false'.
-	// +optional
-	Overwrite *bool `json:"overwrite,omitempty"`
-	// TableType specifies the tupe of partition table. The following are supported:
-	// 'mbr': default and setups a MS-DOS partition table
-	// 'gpt': setups a GPT partition table
-	// +optional
-	TableType *string `json:"tableType,omitempty"`
-}
-
-// Filesystem defines the file systems to be created.
-type Filesystem struct {
-	// Device specifies the device name
-	Device string `json:"device"`
-	// Filesystem specifies the file system type.
-	Filesystem string `json:"filesystem"`
-	// Label specifies the file system label to be used. If set to None, no label is used.
-	Label string `json:"label"`
-	// Partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and <NUM>, where NUM is the actual partition number.
-	// +optional
-	Partition *string `json:"partition,omitempty"`
-	// Overwrite defines whether or not to overwrite any existing filesystem.
-	// If true, any pre-existing file system will be destroyed. Use with Caution.
-	// +optional
-	Overwrite *bool `json:"overwrite,omitempty"`
-	// ExtraOpts defined extra options to add to the command for creating the file system.
-	// +optional
-	ExtraOpts []string `json:"extraOpts,omitempty"`
-}
-
-// MountPoints defines input for generated mounts in cloud-init.
-type MountPoints []string
-
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:path=eksconfigs,scope=Namespaced,categories=cluster-api,shortName=eksc
 // +kubebuilder:storageversion

diff --git a/bootstrap/eks/api/v1beta2/nodeadmconfig_types.go b/bootstrap/eks/api/v1beta2/nodeadmconfig_types.go
@@ -0,0 +1,144 @@
+package v1beta2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+)
+
+// NodeadmConfigSpec defines the desired state of NodeadmConfig.
+type NodeadmConfigSpec struct {
+	// Kubelet contains options for kubelet.
+	// +optional
+	Kubelet *KubeletOptions `json:"kubelet,omitempty"`
+
+	// Containerd contains options for containerd.
+	// +optional
+	Containerd *ContainerdOptions `json:"containerd,omitempty"`
+
+	// FeatureGates holds key-value pairs to enable or disable application features.
+	// +optional
+	FeatureGates map[Feature]bool `json:"featureGates,omitempty"`
+
+	// PreNodeadmCommands specifies extra commands to run before bootstrapping nodes.
+	// +optional
+	PreNodeadmCommands []string `json:"PreNodeadmCommands,omitempty"`
+
+	// Files specifies extra files to be passed to user_data upon creation.
+	// +optional
+	Files []File `json:"files,omitempty"`
+
+	// Users specifies extra users to add.
+	// +optional
+	Users []User `json:"users,omitempty"`
+
+	// NTP specifies NTP configuration.
+	// +optional
+	NTP *NTP `json:"ntp,omitempty"`
+
+	// DiskSetup specifies options for the creation of partition tables and file systems on devices.
+	// +optional
+	DiskSetup *DiskSetup `json:"diskSetup,omitempty"`
+
+	// Mounts specifies a list of mount points to be setup.
+	// +optional
+	Mounts []MountPoints `json:"mounts,omitempty"`
+}
+
+// KubeletOptions are additional parameters passed to kubelet.
+type KubeletOptions struct {
+	// Config is a KubeletConfiguration that will be merged with the defaults.
+	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Config *runtime.RawExtension `json:"config,omitempty"`
+
+	// Flags are command-line kubelet arguments that will be appended to the defaults.
+	// +optional
+	Flags []string `json:"flags,omitempty"`
+}
+
+// ContainerdOptions are additional parameters passed to containerd.
+type ContainerdOptions struct {
+	// Config is an inline containerd configuration TOML that will be merged with the defaults.
+	// +optional
+	Config string `json:"config,omitempty"`
+
+	// BaseRuntimeSpec is the OCI runtime specification upon which all containers will be based.
+	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
+	BaseRuntimeSpec *runtime.RawExtension `json:"baseRuntimeSpec,omitempty"`
+}
+
+// Feature specifies which feature gate should be toggled.
+// +kubebuilder:validation:Enum=InstanceIdNodeName;FastImagePull
+type Feature string
+
+const (
+	// FeatureInstanceIDNodeName  will use EC2 instance ID as node name.
+	FeatureInstanceIDNodeName Feature = "InstanceIdNodeName"
+	// FeatureFastImagePull enables a parallel image pull for container images.
+	FeatureFastImagePull Feature = "FastImagePull"
+)
+
+// GetConditions returns the observations of the operational state of the NodeadmConfig resource.
+func (r *NodeadmConfig) GetConditions() clusterv1.Conditions {
+	return r.Status.Conditions
+}
+
+// SetConditions sets the underlying service state of the NodeadmConfig to the predescribed clusterv1.Conditions.
+func (r *NodeadmConfig) SetConditions(conditions clusterv1.Conditions) {
+	r.Status.Conditions = conditions
+}
+
+// NodeadmConfigStatus defines the observed state of NodeadmConfig.
+type NodeadmConfigStatus struct {
+	// Ready indicates the BootstrapData secret is ready to be consumed.
+	// +optional
+	Ready bool `json:"ready,omitempty"`
+
+	// DataSecretName is the name of the secret that stores the bootstrap data script.
+	// +optional
+	DataSecretName *string `json:"dataSecretName,omitempty"`
+
+	// FailureReason will be set on non-retryable errors.
+	// +optional
+	FailureReason string `json:"failureReason,omitempty"`
+
+	// FailureMessage will be set on non-retryable errors.
+	// +optional
+	FailureMessage string `json:"failureMessage,omitempty"`
+
+	// ObservedGeneration is the latest generation observed by the controller.
+	// +optional
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
+	// Conditions defines current service state of the NodeadmConfig.
+	// +optional
+	Conditions clusterv1.Conditions `json:"conditions,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// NodeadmConfig is the Schema for the nodeadmconfigs API.
+type NodeadmConfig struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   NodeadmConfigSpec   `json:"spec,omitempty"`
+	Status NodeadmConfigStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// NodeadmConfigList contains a list of NodeadmConfig.
+type NodeadmConfigList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []NodeadmConfig `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&NodeadmConfig{}, &NodeadmConfigList{})
+}