From 29159985bfef0eed26bf6fbac434d57a4ed03df9 Mon Sep 17 00:00:00 2001
From: aufomin <au_fomin@icloud.com>
Date: Thu, 20 Feb 2025 14:58:19 +0100
Subject: [PATCH] feat: add support for Bottlerocket FIPS AMIs

---
 pkg/controllers/nodeclass/ami_test.go   | 2 ++
 pkg/providers/amifamily/bottlerocket.go | 2 ++
 pkg/providers/amifamily/suite_test.go   | 2 ++
 pkg/providers/amifamily/types.go        | 5 +++--
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkg/controllers/nodeclass/ami_test.go b/pkg/controllers/nodeclass/ami_test.go
index 521a012aac1e..a67fc0872a97 100644
--- a/pkg/controllers/nodeclass/ami_test.go
+++ b/pkg/controllers/nodeclass/ami_test.go
@@ -305,6 +305,8 @@ var _ = Describe("NodeClass AMI Status Controller", func() {
 				fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s/arm64/latest/image_id", k8sVersion):         "ami-arm64-standard",
 				fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/x86_64/latest/image_id", k8sVersion): "ami-amd64-nvidia",
 				fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/arm64/latest/image_id", k8sVersion):  "ami-arm64-nvidia",
+				fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/x86_64/latest/image_id", k8sVersion):    "ami-amd64-standard",
+				fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/arm64/latest/image_id", k8sVersion):     "ami-arm64-standard",
 			}
 			nodeClass.Spec.AMISelectorTerms = []v1.AMISelectorTerm{{Alias: "bottlerocket@latest"}}
 			ExpectApplied(ctx, env.Client, nodeClass)
diff --git a/pkg/providers/amifamily/bottlerocket.go b/pkg/providers/amifamily/bottlerocket.go
index b0498976b52b..c4019b14769b 100644
--- a/pkg/providers/amifamily/bottlerocket.go
+++ b/pkg/providers/amifamily/bottlerocket.go
@@ -48,6 +48,8 @@ func (b Bottlerocket) DescribeImageQuery(ctx context.Context, ssmProvider ssm.Pr
 		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s/arm64/%s/image_id", k8sVersion, trimmedAMIVersion):         {VariantStandard},
 		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/x86_64/%s/image_id", k8sVersion, trimmedAMIVersion): {VariantNvidia},
 		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/arm64/%s/image_id", k8sVersion, trimmedAMIVersion):  {VariantNvidia},
+		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/x86_64/%s/image_id", k8sVersion, trimmedAMIVersion):    {VariantFips},
+		fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/arm64/%s/image_id", k8sVersion, trimmedAMIVersion):     {VariantFips},
 	} {
 		imageID, err := ssmProvider.Get(ctx, ssm.Parameter{
 			Name:      path,
diff --git a/pkg/providers/amifamily/suite_test.go b/pkg/providers/amifamily/suite_test.go
index 1e4755c94998..711f26be162a 100644
--- a/pkg/providers/amifamily/suite_test.go
+++ b/pkg/providers/amifamily/suite_test.go
@@ -166,6 +166,8 @@ var _ = Describe("AMIProvider", func() {
 			fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/x86_64/latest/image_id", version): amd64NvidiaAMI,
 			fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s/arm64/latest/image_id", version):         arm64AMI,
 			fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-nvidia/arm64/latest/image_id", version):  arm64NvidiaAMI,
+			fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/x86_64/latest/image_id", version):    amd64AMI,
+			fmt.Sprintf("/aws/service/bottlerocket/aws-k8s-%s-fips/arm64/latest/image_id", version):     arm64AMI,
 		}
 		amis, err := awsEnv.AMIProvider.List(ctx, nodeClass)
 		Expect(err).ToNot(HaveOccurred())
diff --git a/pkg/providers/amifamily/types.go b/pkg/providers/amifamily/types.go
index f41f5e08723d..ad7037550032 100644
--- a/pkg/providers/amifamily/types.go
+++ b/pkg/providers/amifamily/types.go
@@ -68,12 +68,13 @@ var (
 	VariantStandard Variant   = "standard"
 	VariantNvidia   Variant   = "nvidia"
 	VariantNeuron   Variant   = "neuron"
+	VariantFips     Variant   = "fips"
 	maxTime         time.Time = time.Unix(math.MaxInt64, 0)
 	minTime         time.Time = time.Unix(math.MinInt64, 0)
 )
 
 func NewVariant(v string) (Variant, error) {
-	var wellKnownVariants = sets.New(VariantStandard, VariantNvidia, VariantNeuron)
+	var wellKnownVariants = sets.New(VariantStandard, VariantNvidia, VariantNeuron, VariantFips)
 	variant := Variant(v)
 	if !wellKnownVariants.Has(variant) {
 		return variant, fmt.Errorf("%q is not a well-known variant", variant)
@@ -83,7 +84,7 @@ func NewVariant(v string) (Variant, error) {
 
 func (v Variant) Requirements() scheduling.Requirements {
 	switch v {
-	case VariantStandard:
+	case VariantStandard, VariantFips:
 		return scheduling.NewRequirements(
 			scheduling.NewRequirement(v1.LabelInstanceAcceleratorCount, corev1.NodeSelectorOpDoesNotExist),
 			scheduling.NewRequirement(v1.LabelInstanceGPUCount, corev1.NodeSelectorOpDoesNotExist),