Cardano Updates

* Initial plan

* Add hybrid node groups support with VPC peering and autoscaling

Co-authored-by: rcmorano <[email protected]>

* Add provider declarations to all hybrid node resources

Co-authored-by: rcmorano <[email protected]>

* Add comprehensive documentation for hybrid nodes feature

Co-authored-by: rcmorano <[email protected]>

* Fix spot instance max_price and shell variable substitution issues

Co-authored-by: rcmorano <[email protected]>

* Simplify AMI type template interpolation

Co-authored-by: rcmorano <[email protected]>

* Refactor hybrid nodes to use EKS Hybrid Nodes method with SSM and nodeadm

- Replace bootstrap.sh with nodeadm CLI tool for cluster join
- Add SSM Hybrid Activation resources for credential management
- Update IAM role to support both SSM and EC2 service principals
- Create NodeConfig YAML in user data for nodeadm initialization
- Update documentation to reflect EKS Hybrid Nodes methodology
- Install nodeadm from AWS hybrid-assets endpoint
- Use nodeadm install and init commands for proper cluster join

Co-authored-by: rcmorano <[email protected]>

* Simplify hybrid nodes for EC2: remove SSM activation, use direct API server connection

- Remove SSM Hybrid Activation (not needed for EC2 instances)
- Simplify IAM role to only EC2 service principal
- Update NodeConfig to use apiServerEndpoint and certificateAuthority
- Remove --credential-provider ssm flag from nodeadm install
- Use standard EC2 instance profile for authentication
- Update documentation to clarify EC2 vs on-premises usage
- Add note about remoteNodeNetworks/remotePodNetworks for true hybrid

Co-authored-by: rcmorano <[email protected]>

* Add region support to hybrid-node-groups for cross-region deployments

- Add optional network.region parameter to hybrid-node-groups config
- Use try(hng_values.network.region, eks_region_k) throughout to default to cluster region
- Update all resources (IAM, SG, ASG, SSM) to use region override
- Update VPC and subnet references to use correct region
- Update user data AWS_DEFAULT_REGION to use hybrid node region
- Add example and documentation for cross-region hybrid nodes

Co-authored-by: rcmorano <[email protected]>

* Refactor hybrid node bootstrap from user data to SSM association

- Remove locals block with problematic USERDATA heredoc
- Remove user_data_base64 from autoscaling group
- Add aws_ssm_association for hybrid_node_bootstrap
- Bootstrap script runs via SSM Run Command after instance launch
- Use join() to avoid heredoc parsing issues
- Targets instances by ASG Name tag
- Includes idempotency check (skip if kubelet already active)

Co-authored-by: rcmorano <[email protected]>

* fix(vpc): fixed peering conf

* chore(vpc): added route tables between vpcs

* chore(eks): bunch of changes, first nodes-joining-successfuly version

* chore(eks): bump

* chore(eks): bump hybrid nodes support (alb/r53)

* chore(eks): bump to working cni config for hybrid nodes

* feat(eks-helm-bootstrap): make storageclasses zone-aware

* fix(eks-alb): fixed alb setup for hybrid nodes

* chore(eks): fixed depends_on

* fix(vpc): fixed resource names to allow using 2+ vpc peerings

* feat(r53): added healthchecks for global records, which fixes latency-based records and fixed hybrid nodes records

* feat(eks): deploy cilium per hng

* chore(eks/cilium): increased default ipv4 minimum/pre-allocation to speed up pod creations

* chore(eks): added missing cilium helm chart post-renderer scripts

* fix(eks): fixed hybrid/regular role perms mismatches

* chore(eks): bump cilium, fined tuned ip pre-allocation and fixed a typo in eks access entries

* chore(eks): change default activation expiration to 29d so autoscaling instances can rejoin the cluster for longer

* chore(eks): added hybrid node maintenance manifests

* chore(eks): bump

* chore(eks): changed stuck-pods-cleanup cronjob for a long running pod managed by a deployment as spinning new pods increases the chances of getting stuck pods...

* chore(eks): remove event creation features and replaced pod cleanup cronjob for a long-living pod

* Rework CSR auto-approval manifest from CronJob to Deployment

* chore(eks/maintenance): swap other cronjobs for deployments and set default affinity for pods to fall under managed nodes

* Fix pod state duration parsing in stuck pods cleanup script

* Track NotReady duration via node annotation

* Fix RFC3339 annotation timestamp parsing in node cleanup

* Fix stuck pod cleanup deletion logic

* Fix logging interfering with stale pod checks

* Store NotReady timestamp annotation as epoch seconds

* Use jq to parse Kubernetes timestamps in stuck pod cleanup

* Handle RFC3339 notready timestamps in hybrid node cleanup

* Use jq ISO8601 parsing for hybrid node cleanup timestamps

* chore(eks/maintenance-jobs): fine tune thresholds

* doc: updated base config.yaml

* chore(eks): added missing cilium post-renderer script

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: rcmorano <[email protected]>
Co-authored-by: Roberto C. Morano <[email protected]>
Co-authored-by: Roberto C. Morano <[email protected]>