From 3cb27fcf0ea0476721b9d41abf73a2547926f6af Mon Sep 17 00:00:00 2001
From: Nick Blaskey <nblaskey@amazon.com>
Date: Thu, 27 Feb 2025 21:36:16 +0000
Subject: [PATCH] Fix hybrid node validation to allow private clusters

---
 pkg/apis/eksctl.io/v1alpha5/validation.go      | 8 --------
 pkg/apis/eksctl.io/v1alpha5/validation_test.go | 8 ++++++--
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/pkg/apis/eksctl.io/v1alpha5/validation.go b/pkg/apis/eksctl.io/v1alpha5/validation.go
index 4b1bd2a7b1..d88ed135e0 100644
--- a/pkg/apis/eksctl.io/v1alpha5/validation.go
+++ b/pkg/apis/eksctl.io/v1alpha5/validation.go
@@ -90,14 +90,6 @@ func (c *ClusterConfig) validateRemoteNetworkingConfig() error {
 		return nil
 	}
 
-	if !IsEnabled(c.VPC.ClusterEndpoints.PublicAccess) {
-		return fmt.Errorf("remoteNetworkConfig requires public cluster endpoint access")
-	}
-
-	if c.IsFullyPrivate() {
-		return fmt.Errorf("remoteNetworkConfig is not supported on fully private EKS cluster")
-	}
-
 	if c.IPv6Enabled() {
 		return fmt.Errorf("remoteNetworkConfig is not supported on EKS cluster configured with IPv6 address family")
 	}
diff --git a/pkg/apis/eksctl.io/v1alpha5/validation_test.go b/pkg/apis/eksctl.io/v1alpha5/validation_test.go
index a001ad0bdf..68dce5b42e 100644
--- a/pkg/apis/eksctl.io/v1alpha5/validation_test.go
+++ b/pkg/apis/eksctl.io/v1alpha5/validation_test.go
@@ -993,16 +993,20 @@ var _ = Describe("ClusterConfig validation", func() {
 				cc.VPC.ClusterEndpoints = &api.ClusterEndpoints{
 					PublicAccess: api.Disabled(),
 				}
+				cc.RemoteNetworkConfig.IAM = &api.RemoteNodesIAM{
+					Provider: aws.String("BLOB"),
+				}
 			},
-			expectedErr: "remoteNetworkConfig requires public cluster endpoint access",
 		}),
 		Entry("fully private EKS cluster", remoteNetworkConfigEntry{
 			overrideConfig: func(cc *api.ClusterConfig) {
 				cc.PrivateCluster = &api.PrivateCluster{
 					Enabled: true,
 				}
+				cc.RemoteNetworkConfig.IAM = &api.RemoteNodesIAM{
+					Provider: aws.String("BLOB"),
+				}
 			},
-			expectedErr: "remoteNetworkConfig is not supported on fully private EKS cluster",
 		}),
 		Entry("IPv6 family", remoteNetworkConfigEntry{
 			overrideConfig: func(cc *api.ClusterConfig) {