feat: add support for Bottlerocket FIPS AMIs

Author: aufomin

pkg/controllers/nodeclass/ami_test.go

@@ -305,6 +305,8 @@ var _ = Describe("NodeClass AMI Status Controller", func() {
 				fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s/arm64/latest/image_id", k8sVersion):         "ami-arm64-standard",
 				fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/x86_64/latest/image_id", k8sVersion): "ami-amd64-nvidia",
 				fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/arm64/latest/image_id", k8sVersion):  "ami-arm64-nvidia",
+				fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/x86_64/latest/image_id", k8sVersion):    "ami-amd64-standard",
+        		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/arm64/latest/image_id", k8sVersion):     "ami-arm64-standard",
 			}
 			nodeClass.Spec.AMISelectorTerms = []v1.AMISelectorTerm{{Alias: "bottlerocket@latest"}}
 			ExpectApplied(ctx, env.Client, nodeClass)

pkg/providers/amifamily/bottlerocket.go

@@ -48,6 +48,8 @@ func (b Bottlerocket) DescribeImageQuery(ctx context.Context, ssmProvider ssm.Pr
 		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s/arm64/%s/image_id", k8sVersion, trimmedAMIVersion):         {VariantStandard},
 		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/x86_64/%s/image_id", k8sVersion, trimmedAMIVersion): {VariantNvidia},
 		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/arm64/%s/image_id", k8sVersion, trimmedAMIVersion):  {VariantNvidia},
+		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/x86_64/%s/image_id", k8sVersion, trimmedAMIVersion):    {VariantFips},
+		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/arm64/%s/image_id", k8sVersion, trimmedAMIVersion):     {VariantFips},
 	} {
 		imageID, err := ssmProvider.Get(ctx, ssm.Parameter{
 			Name:      path,

pkg/providers/amifamily/suite_test.go

@@ -63,6 +63,8 @@ const (
 	arm64AMI       = "arm64-ami-id"
 	amd64NvidiaAMI = "amd64-nvidia-ami-id"
 	arm64NvidiaAMI = "arm64-nvidia-ami-id"
+	amd64FipsAMI   = "amd64-fips-ami-id"
+	arm64FipsAMI   = "arm64-fips-ami-id"
 )
 
 var _ = BeforeSuite(func() {
@@ -166,6 +168,8 @@ var _ = Describe("AMIProvider", func() {
 			fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/x86_64/latest/image_id", version): amd64NvidiaAMI,
 			fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s/arm64/latest/image_id", version):         arm64AMI,
 			fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/arm64/latest/image_id", version):  arm64NvidiaAMI,
+			fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/x86_64/latest/image_id", version):    amd64AMI,
+			fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/arm64/latest/image_id", version):  	 arm64FipsAMI,
 		}
 		amis, err := awsEnv.AMIProvider.List(ctx, nodeClass)
 		Expect(err).ToNot(HaveOccurred())

pkg/providers/amifamily/types.go

@@ -68,12 +68,13 @@ var (
 	VariantStandard Variant   = "standard"
 	VariantNvidia   Variant   = "nvidia"
 	VariantNeuron   Variant   = "neuron"
+	VariantFips     Variant   = "fips"
 	maxTime         time.Time = time.Unix(math.MaxInt64, 0)
 	minTime         time.Time = time.Unix(math.MinInt64, 0)
 )
 
 func NewVariant(v string) (Variant, error) {
-	var wellKnownVariants = sets.New(VariantStandard, VariantNvidia, VariantNeuron)
+	var wellKnownVariants = sets.New(VariantStandard, VariantNvidia, VariantNeuron, VariantFips)
 	variant := Variant(v)
 	if !wellKnownVariants.Has(variant) {
 		return variant, fmt.Errorf("%q is not a well-known variant", variant)
@@ -83,7 +84,7 @@ func NewVariant(v string) (Variant, error) {
 
 func (v Variant) Requirements() scheduling.Requirements {
 	switch v {
-	case VariantStandard:
+	case VariantStandard, VariantFips:
 		return scheduling.NewRequirements(
 			scheduling.NewRequirement(v1.LabelInstanceAcceleratorCount, corev1.NodeSelectorOpDoesNotExist),
 			scheduling.NewRequirement(v1.LabelInstanceGPUCount, corev1.NodeSelectorOpDoesNotExist),