EKS UserScript Bootstrapper is duplicated when using UserScript with Managed AMI

[ChrisMcKee]

what

When using the default AMI with a custom userscript AWS EKS will automatically inject the bootstrapper after your user-script.

This means

• The userscript template will have two bootstrappers which causes the node to fail to register with the cluster
• The "after" userscript option fails as there's no way to register code after the EKS injected registration.

Before

After

why

• Added further information to the variable after_cluster_joining_userdata
• Split the bootstrapper out into its own file so it can be added only if the config allows it
• Added precondition to launch-template.tf aws_launch_template
• Added note to readme

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

The changes introduce conditional logic and validation to ensure that the after_cluster_joining_userdata feature is only supported when a custom AMI is specified for Amazon Linux 2 or Windows. Template handling for user data scripts is refactored to support dynamic bootstrap script injection. Documentation and variable descriptions are updated to clarify these behaviors and constraints.

Changes

Files/Group	Change Summary
README.yaml, variables.tf	Clarified documentation and variable descriptions regarding user data execution timing, OS support, and the requirement for custom AMIs when using after_cluster_joining_userdata.
launch-template.tf	Added a precondition to enforce that after_cluster_joining_userdata is only used with a custom AMI for AL2 or Windows OS.
userdata.tf	Introduced a local map for bootstrapper template files and added logic to conditionally load the bootstrap script content based on AMI and OS.
userdata.tpl, userdata_nt.tpl	Replaced hardcoded bootstrap script invocations with a variable ${bootstrap_script} to allow dynamic script injection.
userdata_bootstrap.tpl, userdata_bootstrap_nt.tpl	Added new template files for the bootstrap script execution for AL2 (bash) and Windows (PowerShell), parameterized for cluster joining.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[ChrisMcKee]

This originally rotted out in #207

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

userdata_bootstrap_nt.tpl (1)

5-5: Add existence check and error handling before invocation
If the bootstrap script file is missing or the path is incorrect, this call will fail with a cryptic error. Consider validating the path and emitting a clear error message:

if (-Not (Test-Path $EKSBootstrapScriptFile)) {
  Write-Error "EKS bootstrap script not found at path: $EKSBootstrapScriptFile"
  Exit 1
}

Also ensure ${bootstrap_extra_args} is quoted or validated to avoid injection issues.

launch-template.tf (1)

200-203: Improve error message clarity and format OS name correctly
Currently title(lower(local.ami_os)) will render "Al2"/"Windows". For consistency, use upper(local.ami_os) and mention both OS and AMI requirement in the error. For example:

error_message = format(
  "after_cluster_joining_userdata requires a custom AMI (ami_image_id) and only supports AL2 or WINDOWS; current OS: %s",
  upper(local.ami_os)
)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c220739 and cec0a35.

⛔ Files ignored due to path filters (1)

• README.md is excluded by !README.md

📒 Files selected for processing (8)

• README.yaml (1 hunks)
• launch-template.tf (1 hunks)
• userdata.tf (2 hunks)
• userdata.tpl (1 hunks)
• userdata_bootstrap.tpl (1 hunks)
• userdata_bootstrap_nt.tpl (1 hunks)
• userdata_nt.tpl (1 hunks)
• variables.tf (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Summary

🔇 Additional comments (7)

README.yaml (1)

104-104: Clear documentation of AMI ID requirement.

This note properly clarifies the constraint that after_cluster_joining_userdata requires a custom AMI ID. This prevents user confusion and aligns with the validation logic being added elsewhere in the codebase.

userdata_nt.tpl (1)

29-29: Bootstrap script injection made conditional.

The replacement of hardcoded PowerShell bootstrap invocation with ${bootstrap_script} variable enables conditional injection based on AMI configuration. This approach is consistent with the Linux template changes and supports the fix for bootstrap duplication.

userdata_bootstrap.tpl (1)

1-1:

❓ Verification inconclusive

Bootstrap script extraction implemented correctly.

The extraction of the EKS bootstrap script into a separate template file enables conditional injection. The parameter structure appears correct for EKS bootstrap requirements.

Please verify that the bootstrap script parameters match the current AWS EKS bootstrap.sh requirements:

---

🏁 Script executed:

#!/bin/bash
# Verify the bootstrap script syntax and parameter order
rg -A 10 -B 5 "bootstrap\.sh.*--apiserver-endpoint"

Length of output: 232

---

Adjust bootstrap.sh invocation to match AWS EKS usage

Ensure that <cluster_name> is passed as the first argument, before any flags.

• File: userdata_bootstrap.tpl
Line: 1

-/etc/eks/bootstrap.sh --apiserver-endpoint '${cluster_endpoint}' --b64-cluster-ca '${certificate_authority_data}' ${bootstrap_extra_args} '${cluster_name}'
+/etc/eks/bootstrap.sh '${cluster_name}' --apiserver-endpoint '${cluster_endpoint}' --b64-cluster-ca '${certificate_authority_data}' ${bootstrap_extra_args}

Please verify this ordering against the official AWS EKS bootstrap.sh documentation.

userdata.tpl (1)

18-18: Consistent bootstrap script variable injection.

The replacement of hardcoded bootstrap script with ${bootstrap_script} variable maintains consistency with the Windows template approach. This enables conditional injection while preserving the MIME multipart structure required for EKS compatibility.

userdata_bootstrap_nt.tpl (1)

1-3: Bootstrap script path variables defined correctly
The variables for the EKS bootstrap script directory, name, and full path are clear and accurate.

userdata.tf (1)

52-56: Define bootstrapper template file map
The new userdata_bootstrapper_template_file map correctly references OS-specific bootstrap templates.

variables.tf (1)

359-364: before_cluster_joining_userdata description updated appropriately
The description now clarifies the execution order relative to the bootstrap script.

[coderabbitai]

⚠️ Potential issue

Fix stray quote in multiline description
There’s an extra " at the end of the second line, causing a syntax error in the heredoc. Remove it so the <<-EOT block is valid.

Suggested diff:

-  description = <<-EOT
-    Additional (bash for linux, powershell for Windows) commands to execute on each worker node after joining the EKS cluster
-    (after executing the `bootstrap` script). For more info, see https://kubedex.com/90-days-of-aws-eks-in-production"
-    This can only be used with AL2 and Windows AMI types with a custom AMI set as EKS will inject a bootstrapper into all other user-scripts
-    EOT
+  description = <<-EOT
+    Additional (bash for linux, powershell for Windows) commands to execute on each worker node after joining the EKS cluster
+    (after executing the `bootstrap` script). For more info, see https://kubedex.com/90-days-of-aws-eks-in-production
+    This can only be used with AL2 and Windows AMI types with a custom AMI set as EKS will inject a bootstrapper into all other user-scripts
+  EOT

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	variable "after_cluster_joining_userdata" {
	type = list(string)
	description = "Additional `bash` commands to execute on each worker node after joining the EKS cluster (after executing the `bootstrap.sh` script). For more info, see https://kubedex.com/90-days-of-aws-eks-in-production"
	description = <<-EOT
	Additional (bash for linux, powershell for Windows) commands to execute on each worker node after joining the EKS cluster
	(after executing the `bootstrap` script). For more info, see https://kubedex.com/90-days-of-aws-eks-in-production"
	This can only be used with AL2 and Windows AMI types with a custom AMI set as EKS will inject a bootstrapper into all other user-scripts
	EOT
	variable "after_cluster_joining_userdata" {
	type = list(string)
	description = <<-EOT
	Additional (bash for linux, powershell for Windows) commands to execute on each worker node after joining the EKS cluster
	(after executing the `bootstrap` script). For more info, see https://kubedex.com/90-days-of-aws-eks-in-production
	This can only be used with AL2 and Windows AMI types with a custom AMI set as EKS will inject a bootstrapper into all other user-scripts
	EOT
	}

🤖 Prompt for AI Agents

In variables.tf around lines 366 to 372, there is an extra double quote at the
end of the second line in the multiline description of the variable
"after_cluster_joining_userdata". Remove this stray quote to ensure the heredoc
block is syntactically correct and does not cause errors.