add prop bootstrapSelfManagedAddons

packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/sample.ts

@@ -0,0 +1,18 @@
+import {
+  App, Stack,
+  aws_eks as eks,
+  aws_ec2 as ec2,
+} from 'aws-cdk-lib';
+import { getClusterVersionConfig } from './integ-tests-kubernetes-version';
+
+const app = new App();
+const env = { region: process.env.CDK_DEFAULT_REGION, account: process.env.CDK_DEFAULT_ACCOUNT };
+const stack = new Stack(app, 'my-test-stack', { env });
+const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { isDefault: true });
+new eks.Cluster(stack, 'Cluster', {
+  vpc: vpc,
+  ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_32),
+  defaultCapacity: 0,
+  bootstrapSelfManagedAddons: true,
+});
+app.synth();

packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/cluster-resource-handler/cluster.ts

@@ -116,7 +116,13 @@ export class ClusterResourceHandler extends ResourceHandler {
     // if there is an update that requires replacement, go ahead and just create
     // a new cluster with the new config. The old cluster will automatically be
     // deleted by cloudformation upon success.
-    if (updates.replaceName || updates.replaceRole || updates.updateBootstrapClusterCreatorAdminPermissions ) {
+    if (updates.replaceName || updates.replaceRole ||
+          updates.updateBootstrapClusterCreatorAdminPermissions || updates.updateBootstrapSelfManagedAddons) {
+      if ((this.oldProps.bootstrapSelfManagedAddons === undefined && this.newProps.bootstrapSelfManagedAddons === true) ||
+           (this.oldProps.bootstrapSelfManagedAddons === true && this.newProps.bootstrapSelfManagedAddons === undefined)) {
+        console.log('default value for bootstrapSelfManagedAddons is true, skipping update');
+        return;
+      }
       // if we are replacing this cluster and the cluster has an explicit
       // physical name, the creation of the new cluster will fail with "there is
       // already a cluster with that name". this is a common behavior for
@@ -421,6 +427,7 @@ interface UpdateMap {
   updateBootstrapClusterCreatorAdminPermissions: boolean; // accessConfig.bootstrapClusterCreatorAdminPermissions
   updateVpc: boolean; // resourcesVpcConfig.subnetIds and securityGroupIds
   updateTags: boolean; // tags
+  updateBootstrapSelfManagedAddons: boolean; // cluster with default networking add-ons
 }
 
 function analyzeUpdate(oldProps: Partial<EKS.CreateClusterCommandInput>, newProps: EKS.CreateClusterCommandInput): UpdateMap {
@@ -454,6 +461,7 @@ function analyzeUpdate(oldProps: Partial<EKS.CreateClusterCommandInput>, newProp
     updateBootstrapClusterCreatorAdminPermissions: JSON.stringify(newAccessConfig.bootstrapClusterCreatorAdminPermissions) !==
       JSON.stringify(oldAccessConfig.bootstrapClusterCreatorAdminPermissions),
     updateTags: JSON.stringify(newProps.tags) !== JSON.stringify(oldProps.tags),
+    updateBootstrapSelfManagedAddons: newProps.bootstrapSelfManagedAddons !== oldProps.bootstrapSelfManagedAddons,
   };
 }
 

packages/aws-cdk-lib/aws-eks/lib/cluster-resource.ts

@@ -28,6 +28,7 @@ export interface ClusterResourceProps {
   readonly logging?: { [key: string]: [ { [key: string]: any } ] };
   readonly accessconfig?: CfnCluster.AccessConfigProperty;
   readonly remoteNetworkConfig?: CfnCluster.RemoteNetworkConfigProperty;
+  readonly bootstrapSelfManagedAddons?: boolean;
 }
 
 /**
@@ -92,6 +93,7 @@ export class ClusterResource extends Construct {
           logging: props.logging,
           accessConfig: props.accessconfig,
           remoteNetworkConfig: props.remoteNetworkConfig,
+          bootstrapSelfManagedAddons: props.bootstrapSelfManagedAddons,
         },
         AssumeRoleArn: this.adminRole.roleArn,
 
@@ -100,7 +102,7 @@ export class ClusterResource extends Construct {
         // doesn't contain XXX key in object" (see #8276) by incrementing this
         // number, you will effectively cause a "no-op update" to the cluster
         // which will return the new set of attribute.
-        AttributesRevision: 4,
+        AttributesRevision: 5,
       },
     });
 

packages/aws-cdk-lib/aws-eks/lib/cluster.ts

@@ -855,6 +855,17 @@ export interface ClusterProps extends ClusterOptions {
    */
   readonly bootstrapClusterCreatorAdminPermissions?: boolean;
 
+  /**
+   * If you set this value to False when creating a cluster, the default networking add-ons will not be installed.
+   * The default networking addons include vpc-cni, coredns, and kube-proxy.
+   * Use this option when you plan to install third-party alternative add-ons or self-manage the default networking add-ons.
+   *
+   * Changing this value after the cluster has been created will result in the cluster being replaced.
+   *
+   * @default true
+   */
+  readonly bootstrapSelfManagedAddons?: boolean;
+
   /**
    * The tags assigned to the EKS cluster
    *
@@ -1729,6 +1740,7 @@ export class Cluster extends ClusterBase {
       onEventLayer: this.onEventLayer,
       tags: props.tags,
       logging: this.logging,
+      bootstrapSelfManagedAddons: props.bootstrapSelfManagedAddons,
     });
 
     if (this.endpointAccess._config.privateAccess && privateSubnets.length !== 0) {