From c80fc49073c2206bab0b4ab81d7d76316bb67f3d Mon Sep 17 00:00:00 2001
From: Patrik Egyed <pregnor@cisco.com>
Date: Tue, 10 Aug 2021 15:27:22 +0200
Subject: [PATCH 01/11] feat(API,EKS,NP): refactored volumes

---
 apis/pipeline/pipeline.yaml | 143 +++++++++++++++++++++++++++++++++++-
 1 file changed, 140 insertions(+), 3 deletions(-)

diff --git a/apis/pipeline/pipeline.yaml b/apis/pipeline/pipeline.yaml
index 7c2f6c4617..d5f67e185f 100644
--- a/apis/pipeline/pipeline.yaml
+++ b/apis/pipeline/pipeline.yaml
@@ -4593,12 +4593,15 @@ components:
                         autoscaling:
                             $ref: '#/components/schemas/NodePoolAutoScaling'
                         volumeEncryption:
+                            deprecated: true
                             $ref: '#/components/schemas/EKSNodePoolVolumeEncryption'
                         volumeSize:
+                            deprecated: true
                             description: Size of the EBS volume in GBs of the nodes in the pool.
                             type: integer
                             example: 50
                         volumeType:
+                            deprecated: true
                             description: Type of the EBS volume of the nodes in the pool (default gp3).
                             type: string
                             example: gp3
@@ -4624,15 +4627,149 @@ components:
                                 type: string
                             example: ["sg-00000xxxx0000xxx1", "sg-00000xxxx0000xxx2"]
                         useInstanceStore:
+                            deprecated: true
                             description: Setup available instance stores (NVMe disks) to use for Kubelet root if available. As a result emptyDir volumes will be provisioned on local instance storage disks. You can check out available instance storages here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
                             type: boolean
+                        volumes:
+                            $ref: '#/components/schemas/EKSNodePoolVolumes'
+
+        EKSNodePoolVolume:
+            discriminator:
+                propertyName: storage
+                mapping:
+                    ebs: '#/components/schemas/EKSNodePoolVolumeEBS'
+                    instance-store: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
+            nullable: true
+            oneOf:
+                - $ref: '#/components/schemas/EKSNodePoolVolumeEBS'
+                - $ref: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
+
+        EKSNodePoolVolumes:
+            description: An associative collection of EKS node pool node
+                instance volume configuration objects keyed by their semantical
+                volume names (example instanceRoot, kubeletRoot).
+            example: |
+                {
+                    "instanceRoot": {
+                        "encryption": {
+                            "enabled": true,
+                            "encryptionKeyARN": "arn:aws:kms:aws-region:012345678901:key/01234567-0123-0123-0123-012345678901"
+                        }
+                        "size": 50
+                        "storage": "ebs"
+                        "type": "gp3"
+                    },
+                    "kubeletRoot": {
+                        "storage": "instance-store"
+                    }
+                }
+            nullable: true
+            properties:
+                instanceRoot:
+                    description: (Optional) The volume configuration of
+                        the EKS node instance's instance root device
+                        (default ebs gp3 50GiB with control plane
+                        configuration default or AWS account default
+                        encryption).
+                    
+                        The storage of the instance root device
+                        volume is constrained by the AMI used to launch
+                        the EKS node pool node instance.
+
+                        For more details see
+                        https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html.
+                    $ref: '#/components/schemas/EKSNodePoolVolume'
+                kubeletRoot:
+                    description: (Optional) The volume configuration of
+                        the Kubernetes kubelet root device (default uses
+                        the instance root device for kubelet root as
+                        well).
+
+                        The configuration and availability of the
+                        instance store storage type for kubelet root
+                        device volume depends on the EKS node pool node
+                        instance type.
+
+                        For more details see
+                        https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
+                    $ref: '#/components/schemas/EKSNodePoolVolume'
+            type: object
+
+        EKSNodePoolVolumeEBS:
+            description: Configuration of EBS volumes mounted onto an EKS node
+                pool node instance.
+                
+                EBS volumes are the default to be used, if no configuration is
+                specified.
+            example: |
+                {
+                    "encryption": {
+                        "enabled": true,
+                        "encryptionKeyARN": "arn:aws:kms:aws-region:012345678901:key/01234567-0123-0123-0123-012345678901"
+                    }
+                    "size": 50
+                    "storage": "ebs"
+                    "type": "gp3"
+                }
+            properties:
+                encryption:
+                    $ref: '#/components/schemas/EKSNodePoolVolumeEncryption'
+                size: 
+                    description: Size of the EBS volume in GiBs of the nodes in
+                        the pool (default 50 GiB).
+                    type: integer
+                    example: 50
+                storage:
+                    description: Type of the mounted volume's storage on the
+                        node instances of the node pool.
+                    type: string
+                    enum:
+                        - ebs
+                type:
+                    description: Type of the EBS volume to mount on the EKS node
+                        pool node instances (default gp3).
+                    type: string
+                    example: gp3
+            required:
+                - storage
+            type: object
+
+        EKSNodePoolVolumeInstanceStore:
+            description: Configuration of instance store volumes mounted onto
+                an EKS node pool node instance.
+                
+                Instance store volumes are encrypted at rest by default using an
+                XTS-AES-256 block cipher implemented in a hardware module on the
+                instance.
+                
+                The size and type of an instance store volume is fixed based on
+                the instance type the volume is attached to.
+                
+                For more details see
+                https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
+            example: |
+                {
+                    "storage": "instance-store"
+                }
+            properties:
+                storage:
+                    description: Type of the mounted volume's storage on the
+                        node instances of the node pool.
+                    type: string
+                    enum:
+                        - instance-store
+            required:
+                - storage
+            type: object
 
         EKSNodePoolVolumeEncryption:
-            description: Encryption details of the node volumes in an EKS node pool.
+            description: Encryption details of the instance volumes in an EKS
+                node pool (default null -> control plane configuration -> AWS
+                account default). 
             example: |
                 {
                     "enabled": true,
-                    "encryptionKeyARN": "arn:aws:kms:<REGION>:000000000000:key/00000000-0000-0000-0000-000000000000"
+                    "encryptionKeyARN": "arn:aws:kms:aws-region:012345678901:key/01234567-0123-0123-0123-01234567890a"
                 }
             nullable: true
             properties:
@@ -4642,7 +4779,7 @@ components:
                     type: boolean
                 encryptionKeyARN:
                     description: KMS key ARN to use for node volume encryption.
-                    example: arn:aws:kms:<REGION>:000000000000:key/00000000-0000-0000-0000-000000000000
+                    example: arn:aws:kms:aws-region:012345678901:key/01234567-0123-0123-0123-01234567890a
                     type: string
             required:
                 - enabled # Note: to avoid `omitempty` in generation.

From e0d63d6bb6efc2160de2656c9212bdc3ff1d1b1b Mon Sep 17 00:00:00 2001
From: Patrik Egyed <pregnor@cisco.com>
Date: Tue, 10 Aug 2021 15:27:49 +0200
Subject: [PATCH 02/11] chore(Pipeline,OpenAPI): regenerated files

---
 .gen/pipeline/api/openapi.yaml                | 104 +++++++++++++++++-
 .../model_create_node_pool_request.go         |   2 +
 .../pipeline/model_eks_node_pool_all_of.go    |   2 +
 .../pipeline/model_eks_node_pool_volume.go    |  25 +++++
 .../model_eks_node_pool_volume_ebs.go         |  26 +++++
 .../model_eks_node_pool_volume_encryption.go  |   2 +-
 ...del_eks_node_pool_volume_instance_store.go |  18 +++
 .../pipeline/model_eks_node_pool_volumes.go   |  19 ++++
 .gen/pipeline/pipeline/model_node_pool.go     |   2 +
 .../pipeline/model_node_pool_summary.go       |   2 +
 10 files changed, 198 insertions(+), 4 deletions(-)
 create mode 100644 .gen/pipeline/pipeline/model_eks_node_pool_volume.go
 create mode 100644 .gen/pipeline/pipeline/model_eks_node_pool_volume_ebs.go
 create mode 100644 .gen/pipeline/pipeline/model_eks_node_pool_volume_instance_store.go
 create mode 100644 .gen/pipeline/pipeline/model_eks_node_pool_volumes.go

diff --git a/.gen/pipeline/api/openapi.yaml b/.gen/pipeline/api/openapi.yaml
index d2f02eb6ec..164979c5ee 100644
--- a/.gen/pipeline/api/openapi.yaml
+++ b/.gen/pipeline/api/openapi.yaml
@@ -18881,12 +18881,105 @@ components:
       - $ref: '#/components/schemas/EksNodePool_allOf'
       description: Node pool object for an EKS cluster.
       type: object
+    EKSNodePoolVolume:
+      discriminator:
+        mapping:
+          ebs: '#/components/schemas/EKSNodePoolVolumeEBS'
+          instance-store: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
+        propertyName: storage
+      nullable: true
+      oneOf:
+      - $ref: '#/components/schemas/EKSNodePoolVolumeEBS'
+      - $ref: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
+    EKSNodePoolVolumes:
+      description: An associative collection of EKS node pool node instance volume
+        configuration objects keyed by their semantical volume names (example instanceRoot,
+        kubeletRoot).
+      example: |
+        {
+            "instanceRoot": {
+                "encryption": {
+                    "enabled": true,
+                    "encryptionKeyARN": "arn:aws:kms:aws-region:012345678901:key/01234567-0123-0123-0123-012345678901"
+                }
+                "size": 50
+                "storage": "ebs"
+                "type": "gp3"
+            },
+            "kubeletRoot": {
+                "storage": "instance-store"
+            }
+        }
+      nullable: true
+      properties:
+        instanceRoot:
+          $ref: '#/components/schemas/EKSNodePoolVolume'
+        kubeletRoot:
+          $ref: '#/components/schemas/EKSNodePoolVolume'
+      type: object
+    EKSNodePoolVolumeEBS:
+      description: |-
+        Configuration of EBS volumes mounted onto an EKS node pool node instance.
+        EBS volumes are the default to be used, if no configuration is specified.
+      example: |
+        {
+            "encryption": {
+                "enabled": true,
+                "encryptionKeyARN": "arn:aws:kms:aws-region:012345678901:key/01234567-0123-0123-0123-012345678901"
+            }
+            "size": 50
+            "storage": "ebs"
+            "type": "gp3"
+        }
+      properties:
+        encryption:
+          $ref: '#/components/schemas/EKSNodePoolVolumeEncryption'
+        size:
+          description: Size of the EBS volume in GiBs of the nodes in the pool (default
+            50 GiB).
+          example: 50
+          type: integer
+        storage:
+          description: Type of the mounted volume's storage on the node instances
+            of the node pool.
+          enum:
+          - ebs
+          type: string
+        type:
+          description: Type of the EBS volume to mount on the EKS node pool node instances
+            (default gp3).
+          example: gp3
+          type: string
+      required:
+      - storage
+      type: object
+    EKSNodePoolVolumeInstanceStore:
+      description: |-
+        Configuration of instance store volumes mounted onto an EKS node pool node instance.
+        Instance store volumes are encrypted at rest by default using an XTS-AES-256 block cipher implemented in a hardware module on the instance.
+        The size and type of an instance store volume is fixed based on the instance type the volume is attached to.
+        For more details see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
+      example: |
+        {
+            "storage": "instance-store"
+        }
+      properties:
+        storage:
+          description: Type of the mounted volume's storage on the node instances
+            of the node pool.
+          enum:
+          - instance-store
+          type: string
+      required:
+      - storage
+      type: object
     EKSNodePoolVolumeEncryption:
-      description: Encryption details of the node volumes in an EKS node pool.
+      description: Encryption details of the instance volumes in an EKS node pool
+        (default null -> control plane configuration -> AWS account default).
       example: |
         {
             "enabled": true,
-            "encryptionKeyARN": "arn:aws:kms:<REGION>:000000000000:key/00000000-0000-0000-0000-000000000000"
+            "encryptionKeyARN": "arn:aws:kms:aws-region:012345678901:key/01234567-0123-0123-0123-01234567890a"
         }
       nullable: true
       properties:
@@ -18896,7 +18989,7 @@ components:
           type: boolean
         encryptionKeyARN:
           description: KMS key ARN to use for node volume encryption.
-          example: arn:aws:kms:<REGION>:000000000000:key/00000000-0000-0000-0000-000000000000
+          example: arn:aws:kms:aws-region:012345678901:key/01234567-0123-0123-0123-01234567890a
           type: string
       required:
       - enabled
@@ -23005,10 +23098,12 @@ components:
         volumeEncryption:
           $ref: '#/components/schemas/EKSNodePoolVolumeEncryption'
         volumeSize:
+          deprecated: true
           description: Size of the EBS volume in GBs of the nodes in the pool.
           example: 50
           type: integer
         volumeType:
+          deprecated: true
           description: Type of the EBS volume of the nodes in the pool (default gp3).
           example: gp3
           type: string
@@ -23039,11 +23134,14 @@ components:
             type: string
           type: array
         useInstanceStore:
+          deprecated: true
           description: Setup available instance stores (NVMe disks) to use for Kubelet
             root if available. As a result emptyDir volumes will be provisioned on
             local instance storage disks. You can check out available instance storages
             here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
           type: boolean
+        volumes:
+          $ref: '#/components/schemas/EKSNodePoolVolumes'
       required:
       - instanceType
     EksUpdateNodePoolRequest_allOf:
diff --git a/.gen/pipeline/pipeline/model_create_node_pool_request.go b/.gen/pipeline/pipeline/model_create_node_pool_request.go
index 43c3decc63..fecc305053 100644
--- a/.gen/pipeline/pipeline/model_create_node_pool_request.go
+++ b/.gen/pipeline/pipeline/model_create_node_pool_request.go
@@ -48,5 +48,7 @@ type CreateNodePoolRequest struct {
 	// Setup available instance stores (NVMe disks) to use for Kubelet root if available. As a result emptyDir volumes will be provisioned on local instance storage disks. You can check out available instance storages here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
 	UseInstanceStore bool `json:"useInstanceStore,omitempty"`
 
+	Volumes *EksNodePoolVolumes `json:"volumes,omitempty"`
+
 	NodePools map[string]NodePool `json:"nodePools,omitempty"`
 }
diff --git a/.gen/pipeline/pipeline/model_eks_node_pool_all_of.go b/.gen/pipeline/pipeline/model_eks_node_pool_all_of.go
index 735134f412..0997debfdb 100644
--- a/.gen/pipeline/pipeline/model_eks_node_pool_all_of.go
+++ b/.gen/pipeline/pipeline/model_eks_node_pool_all_of.go
@@ -38,4 +38,6 @@ type EksNodePoolAllOf struct {
 
 	// Setup available instance stores (NVMe disks) to use for Kubelet root if available. As a result emptyDir volumes will be provisioned on local instance storage disks. You can check out available instance storages here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
 	UseInstanceStore bool `json:"useInstanceStore,omitempty"`
+
+	Volumes *EksNodePoolVolumes `json:"volumes,omitempty"`
 }
diff --git a/.gen/pipeline/pipeline/model_eks_node_pool_volume.go b/.gen/pipeline/pipeline/model_eks_node_pool_volume.go
new file mode 100644
index 0000000000..15f0eb1c11
--- /dev/null
+++ b/.gen/pipeline/pipeline/model_eks_node_pool_volume.go
@@ -0,0 +1,25 @@
+/*
+ * Pipeline API
+ *
+ * Pipeline is a feature rich application platform, built for containers on top of Kubernetes to automate the DevOps experience, continuous application development and the lifecycle of deployments. 
+ *
+ * API version: latest
+ * Contact: info@banzaicloud.com
+ * Generated by: OpenAPI Generator (https://openapi-generator.tech)
+ */
+
+package pipeline
+
+type EksNodePoolVolume struct {
+
+	Encryption *EksNodePoolVolumeEncryption `json:"encryption,omitempty"`
+
+	// Size of the EBS volume in GiBs of the nodes in the pool (default 50 GiB).
+	Size int32 `json:"size,omitempty"`
+
+	// Type of the mounted volume's storage on the node instances of the node pool.
+	Storage string `json:"storage"`
+
+	// Type of the EBS volume to mount on the EKS node pool node instances (default gp3).
+	Type string `json:"type,omitempty"`
+}
diff --git a/.gen/pipeline/pipeline/model_eks_node_pool_volume_ebs.go b/.gen/pipeline/pipeline/model_eks_node_pool_volume_ebs.go
new file mode 100644
index 0000000000..f7f3424e92
--- /dev/null
+++ b/.gen/pipeline/pipeline/model_eks_node_pool_volume_ebs.go
@@ -0,0 +1,26 @@
+/*
+ * Pipeline API
+ *
+ * Pipeline is a feature rich application platform, built for containers on top of Kubernetes to automate the DevOps experience, continuous application development and the lifecycle of deployments. 
+ *
+ * API version: latest
+ * Contact: info@banzaicloud.com
+ * Generated by: OpenAPI Generator (https://openapi-generator.tech)
+ */
+
+package pipeline
+
+// EksNodePoolVolumeEbs - Configuration of EBS volumes mounted onto an EKS node pool node instance. EBS volumes are the default to be used, if no configuration is specified.
+type EksNodePoolVolumeEbs struct {
+
+	Encryption *EksNodePoolVolumeEncryption `json:"encryption,omitempty"`
+
+	// Size of the EBS volume in GiBs of the nodes in the pool (default 50 GiB).
+	Size int32 `json:"size,omitempty"`
+
+	// Type of the mounted volume's storage on the node instances of the node pool.
+	Storage string `json:"storage"`
+
+	// Type of the EBS volume to mount on the EKS node pool node instances (default gp3).
+	Type string `json:"type,omitempty"`
+}
diff --git a/.gen/pipeline/pipeline/model_eks_node_pool_volume_encryption.go b/.gen/pipeline/pipeline/model_eks_node_pool_volume_encryption.go
index ff59dd4837..be7e5c142e 100644
--- a/.gen/pipeline/pipeline/model_eks_node_pool_volume_encryption.go
+++ b/.gen/pipeline/pipeline/model_eks_node_pool_volume_encryption.go
@@ -10,7 +10,7 @@
 
 package pipeline
 
-// EksNodePoolVolumeEncryption - Encryption details of the node volumes in an EKS node pool.
+// EksNodePoolVolumeEncryption - Encryption details of the instance volumes in an EKS node pool (default null -> control plane configuration -> AWS account default).
 type EksNodePoolVolumeEncryption struct {
 
 	// Indicator of encrypted node pool node volumes.
diff --git a/.gen/pipeline/pipeline/model_eks_node_pool_volume_instance_store.go b/.gen/pipeline/pipeline/model_eks_node_pool_volume_instance_store.go
new file mode 100644
index 0000000000..59cc5b917e
--- /dev/null
+++ b/.gen/pipeline/pipeline/model_eks_node_pool_volume_instance_store.go
@@ -0,0 +1,18 @@
+/*
+ * Pipeline API
+ *
+ * Pipeline is a feature rich application platform, built for containers on top of Kubernetes to automate the DevOps experience, continuous application development and the lifecycle of deployments. 
+ *
+ * API version: latest
+ * Contact: info@banzaicloud.com
+ * Generated by: OpenAPI Generator (https://openapi-generator.tech)
+ */
+
+package pipeline
+
+// EksNodePoolVolumeInstanceStore - Configuration of instance store volumes mounted onto an EKS node pool node instance. Instance store volumes are encrypted at rest by default using an XTS-AES-256 block cipher implemented in a hardware module on the instance. The size and type of an instance store volume is fixed based on the instance type the volume is attached to. For more details see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
+type EksNodePoolVolumeInstanceStore struct {
+
+	// Type of the mounted volume's storage on the node instances of the node pool.
+	Storage string `json:"storage"`
+}
diff --git a/.gen/pipeline/pipeline/model_eks_node_pool_volumes.go b/.gen/pipeline/pipeline/model_eks_node_pool_volumes.go
new file mode 100644
index 0000000000..0fd020b66d
--- /dev/null
+++ b/.gen/pipeline/pipeline/model_eks_node_pool_volumes.go
@@ -0,0 +1,19 @@
+/*
+ * Pipeline API
+ *
+ * Pipeline is a feature rich application platform, built for containers on top of Kubernetes to automate the DevOps experience, continuous application development and the lifecycle of deployments. 
+ *
+ * API version: latest
+ * Contact: info@banzaicloud.com
+ * Generated by: OpenAPI Generator (https://openapi-generator.tech)
+ */
+
+package pipeline
+
+// EksNodePoolVolumes - An associative collection of EKS node pool node instance volume configuration objects keyed by their semantical volume names (example instanceRoot, kubeletRoot).
+type EksNodePoolVolumes struct {
+
+	InstanceRoot *EksNodePoolVolume `json:"instanceRoot,omitempty"`
+
+	KubeletRoot *EksNodePoolVolume `json:"kubeletRoot,omitempty"`
+}
diff --git a/.gen/pipeline/pipeline/model_node_pool.go b/.gen/pipeline/pipeline/model_node_pool.go
index a0089291ee..bbd8e711d3 100644
--- a/.gen/pipeline/pipeline/model_node_pool.go
+++ b/.gen/pipeline/pipeline/model_node_pool.go
@@ -47,4 +47,6 @@ type NodePool struct {
 
 	// Setup available instance stores (NVMe disks) to use for Kubelet root if available. As a result emptyDir volumes will be provisioned on local instance storage disks. You can check out available instance storages here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
 	UseInstanceStore bool `json:"useInstanceStore,omitempty"`
+
+	Volumes *EksNodePoolVolumes `json:"volumes,omitempty"`
 }
diff --git a/.gen/pipeline/pipeline/model_node_pool_summary.go b/.gen/pipeline/pipeline/model_node_pool_summary.go
index 36eed00a3d..746d9dbdab 100644
--- a/.gen/pipeline/pipeline/model_node_pool_summary.go
+++ b/.gen/pipeline/pipeline/model_node_pool_summary.go
@@ -49,6 +49,8 @@ type NodePoolSummary struct {
 	// Setup available instance stores (NVMe disks) to use for Kubelet root if available. As a result emptyDir volumes will be provisioned on local instance storage disks. You can check out available instance storages here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
 	UseInstanceStore bool `json:"useInstanceStore,omitempty"`
 
+	Volumes *EksNodePoolVolumes `json:"volumes,omitempty"`
+
 	// Current status of the node pool.
 	Status string `json:"status,omitempty"`
 

From 208d017f97e7ef3ad7b851989f9f28746df99227 Mon Sep 17 00:00:00 2001
From: Magyari Sandor Szilard <sancyx@gmail.com>
Date: Wed, 18 Aug 2021 18:31:02 +0200
Subject: [PATCH 03/11] create nodepool(s): generic volume handling

---
 .idea/pipeline.iml                            |   2 +-
 .../eks/eksadapter/node_pool_processor.go     |  31 ++++
 .../distribution/eks/ekscluster/eks.go        |  97 ++++++++++--
 .../eks/eksprovider/driver/cluster_creator.go |  52 +++++--
 .../eks/eksprovider/driver/cluster_updater.go |  28 ++--
 .../activity_calculate_node_pool_version.go   |  53 ++++---
 ...tivity_calculate_node_pool_version_test.go |  15 +-
 .../workflow/create_asg_activity.go           | 142 +++++++++++-------
 .../workflow/create_asg_activity_test.go      |   2 -
 .../workflow/create_node_pool_workflow.go     |  21 +--
 .../eksworkflow/workflow_update_node_pool.go  |   9 +-
 .../cluster/distribution/eks/node_pool.go     |  32 +++-
 internal/cluster/distribution/eks/service.go  |  15 ++
 pkg/errors/errors.go                          |   6 +-
 src/cluster/eks_update_cluster.go             |   7 +-
 templates/eks/amazon-eks-nodepool-cf.yaml     | 135 ++++++++++++++---
 16 files changed, 467 insertions(+), 180 deletions(-)

diff --git a/.idea/pipeline.iml b/.idea/pipeline.iml
index 6d296e3ccf..78c8edcc55 100644
--- a/.idea/pipeline.iml
+++ b/.idea/pipeline.iml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <module type="WEB_MODULE" version="4">
-  <component name="Go">
+  <component name="Go" enabled="true">
     <buildTags>
       <option name="customFlags">
         <array>
diff --git a/internal/cluster/distribution/eks/eksadapter/node_pool_processor.go b/internal/cluster/distribution/eks/eksadapter/node_pool_processor.go
index 243934e1f7..9ee86e8a55 100644
--- a/internal/cluster/distribution/eks/eksadapter/node_pool_processor.go
+++ b/internal/cluster/distribution/eks/eksadapter/node_pool_processor.go
@@ -97,5 +97,36 @@ func (p nodePoolProcessor) ProcessNewNodePool(
 		nodePool.SubnetID = *eksCluster.Subnets[0].SubnetId
 	}
 
+	if nodePool.Volumes == nil {
+		nodePool.Volumes = &eks.NodePoolVolumes{
+			InstanceRoot: &eks.NodePoolVolume{
+				Type:    "gp3",
+				Storage: eks.EBS_STORAGE,
+			},
+		}
+
+		// copy deprecated property values
+		if nodePool.VolumeSize > 0 {
+			nodePool.Volumes.InstanceRoot.Size = nodePool.VolumeSize
+		}
+		if nodePool.VolumeType != "" {
+			nodePool.Volumes.InstanceRoot.Type = nodePool.VolumeType
+		}
+		if nodePool.VolumeEncryption != nil {
+			nodePool.Volumes.InstanceRoot.Encryption = nodePool.VolumeEncryption
+		}
+		if nodePool.UseInstanceStore != nil && *nodePool.UseInstanceStore {
+			nodePool.Volumes.KubeletRoot = &eks.NodePoolVolume{
+				Storage: eks.INSTANCE_STORE_STORAGE,
+			}
+		}
+	}
+
+	// default kubelet root EBS size to 50GB
+	if nodePool.Volumes.KubeletRoot != nil && nodePool.Volumes.KubeletRoot.Storage == eks.INSTANCE_STORE_STORAGE &&
+		nodePool.Volumes.KubeletRoot.Size == 0 {
+		nodePool.Volumes.KubeletRoot.Size = 50
+	}
+
 	return nodePool, nil
 }
diff --git a/internal/cluster/distribution/eks/ekscluster/eks.go b/internal/cluster/distribution/eks/ekscluster/eks.go
index 76549aa2af..1d7e11aa64 100644
--- a/internal/cluster/distribution/eks/ekscluster/eks.go
+++ b/internal/cluster/distribution/eks/ekscluster/eks.go
@@ -113,26 +113,33 @@ type UpdateClusterAmazonEKS struct {
 
 // NodePool describes Amazon's node fields of a CreateCluster/Update request
 type NodePool struct {
-	InstanceType     string                    `json:"instanceType" yaml:"instanceType"`
-	SpotPrice        string                    `json:"spotPrice" yaml:"spotPrice"`
-	Autoscaling      bool                      `json:"autoscaling" yaml:"autoscaling"`
-	MinCount         int                       `json:"minCount" yaml:"minCount"`
-	MaxCount         int                       `json:"maxCount" yaml:"maxCount"`
-	Count            int                       `json:"count" yaml:"count"`
-	VolumeEncryption *NodePoolVolumeEncryption `json:"volumeEncryption,omitempty" yaml:"volumeEncryption,omitempty"`
-	VolumeSize       int                       `json:"volumeSize" yaml:"volumeSize"`
-	VolumeType       string                    `json:"volumeType" yaml:"volumeType"`
-	Image            string                    `json:"image" yaml:"image"`
-	Labels           map[string]string         `json:"labels,omitempty" yaml:"labels,omitempty"`
+	InstanceType string            `json:"instanceType" yaml:"instanceType"`
+	SpotPrice    string            `json:"spotPrice" yaml:"spotPrice"`
+	Autoscaling  bool              `json:"autoscaling" yaml:"autoscaling"`
+	MinCount     int               `json:"minCount" yaml:"minCount"`
+	MaxCount     int               `json:"maxCount" yaml:"maxCount"`
+	Count        int               `json:"count" yaml:"count"`
+	Image        string            `json:"image" yaml:"image"`
+	Labels       map[string]string `json:"labels,omitempty" yaml:"labels,omitempty"`
 
 	// SecurityGroups collects the user provided node security group IDs for the
 	// node pool.
-	SecurityGroups   []string `json:"securityGroups,omitempty" yaml:"securityGroups,omitempty"`
-	UseInstanceStore *bool    `json:"useInstanceStore,omitempty" yaml:"useInstanceStore,omitempty"`
+	SecurityGroups []string `json:"securityGroups,omitempty" yaml:"securityGroups,omitempty"`
 
 	// Subnet for worker nodes of this node pool. If not specified than worker nodes
 	// are launched in the same subnet in one of the subnets from the list of subnets of the EKS cluster
 	Subnet *Subnet `json:"subnet,omitempty" yaml:"subnet,omitempty"`
+
+	Volumes *NodePoolVolumes `json:"volumes,omitempty"`
+
+	// deprecated, property replaced with Volumes.InstanceRoot.Encryption
+	VolumeEncryption *NodePoolVolumeEncryption `json:"volumeEncryption,omitempty" yaml:"volumeEncryption,omitempty"`
+	// deprecated, property replaced with Volumes.InstanceRoot.Size
+	VolumeSize int `json:"volumeSize" yaml:"volumeSize"`
+	// deprecated, property replaced with Volumes.InstanceRoot.Type
+	VolumeType string `json:"volumeType" yaml:"volumeType"`
+	// deprecated, property replaced with Volumes.KubeletRoot.Type="instance-storage"
+	UseInstanceStore *bool `json:"useInstanceStore,omitempty" yaml:"useInstanceStore,omitempty"`
 }
 
 // NodePoolVolumeEncryption describes the EKS node pool encryption details.
@@ -174,10 +181,27 @@ type Subnet struct {
 	AvailabilityZone string `json:"availabilityZone,omitempty" yaml:"availabilityZone,omitempty"`
 }
 
+type NodePoolVolumes struct {
+	InstanceRoot *NodePoolVolume `json:"instanceRoot,omitempty"`
+	KubeletRoot  *NodePoolVolume `json:"kubeletRoot,omitempty"`
+}
+
+type NodePoolVolume struct {
+	Encryption *NodePoolVolumeEncryption `json:"encryption,omitempty"`
+	// Size of the EBS volume in GiBs of the nodes in the pool (default 50 GiB).
+	Size int `json:"size,omitempty"`
+	// Type of the mounted volume's storage on the node instances of the node pool.
+	Storage string `json:"storage"`
+	// Type of the EBS volume to mount on the EKS node pool node instances (default gp3).
+	Type string `json:"type,omitempty"`
+}
+
 const (
-	DEFAULT_VPC_CIDR     = "192.168.0.0/16"
-	DEFAULT_SUBNET0_CIDR = "192.168.64.0/20"
-	DEFAULT_SUBNET1_CIDR = "192.168.80.0/20"
+	DEFAULT_VPC_CIDR       = "192.168.0.0/16"
+	DEFAULT_SUBNET0_CIDR   = "192.168.64.0/20"
+	DEFAULT_SUBNET1_CIDR   = "192.168.80.0/20"
+	EBS_STORAGE            = "ebs"
+	INSTANCE_STORE_STORAGE = "instance-store"
 )
 
 // Validate checks Amazon's node fields
@@ -227,6 +251,11 @@ func (a *NodePool) Validate(npName string) error {
 		a.SpotPrice = eks2.DefaultSpotPrice
 	}
 
+	if a.Volumes != nil && a.Volumes.InstanceRoot != nil && a.Volumes.KubeletRoot != nil &&
+		a.Volumes.InstanceRoot.Storage == INSTANCE_STORE_STORAGE && a.Volumes.KubeletRoot.Storage == EBS_STORAGE {
+		return pkgErrors.ErrorAmazonEksNodePoolIncompatibleVolumes
+	}
+
 	// --- [Label validation]--- //
 	if err := pkgCommon.ValidateNodePoolLabels(npName, a.Labels); err != nil {
 		return err
@@ -267,6 +296,11 @@ func (a *NodePool) ValidateForUpdate(npName string) error {
 		}
 	}
 
+	if a.Volumes != nil && a.Volumes.InstanceRoot != nil && a.Volumes.KubeletRoot != nil &&
+		a.Volumes.InstanceRoot.Storage == INSTANCE_STORE_STORAGE && a.Volumes.KubeletRoot.Storage == EBS_STORAGE {
+		return pkgErrors.ErrorAmazonEksNodePoolIncompatibleVolumes
+	}
+
 	// --- [Label validation]--- //
 	if err := pkgCommon.ValidateNodePoolLabels(npName, a.Labels); err != nil {
 		return err
@@ -352,6 +386,37 @@ func (eks *CreateClusterEKS) AddDefaults(location string) error {
 		if np != nil && np.Subnet == nil {
 			np.Subnet = eks.Subnets[0]
 		}
+
+		if np.Volumes == nil {
+			np.Volumes = &NodePoolVolumes{
+				InstanceRoot: &NodePoolVolume{
+					Type:    "gp3",
+					Storage: EBS_STORAGE,
+				},
+			}
+
+			// copy deprecated property values
+			if np.VolumeSize > 0 {
+				np.Volumes.InstanceRoot.Size = np.VolumeSize
+			}
+			if np.VolumeType != "" {
+				np.Volumes.InstanceRoot.Type = np.VolumeType
+			}
+			if np.VolumeEncryption != nil {
+				np.Volumes.InstanceRoot.Encryption = np.VolumeEncryption
+			}
+			if np.UseInstanceStore != nil && *np.UseInstanceStore {
+				np.Volumes.KubeletRoot = &NodePoolVolume{
+					Storage: INSTANCE_STORE_STORAGE,
+				}
+			}
+		}
+
+		// default kubelet root EBS size to 50GB
+		if np.Volumes.KubeletRoot != nil && np.Volumes.KubeletRoot.Storage == INSTANCE_STORE_STORAGE &&
+			np.Volumes.KubeletRoot.Size == 0 {
+			np.Volumes.KubeletRoot.Size = 50
+		}
 	}
 
 	return nil
diff --git a/internal/cluster/distribution/eks/eksprovider/driver/cluster_creator.go b/internal/cluster/distribution/eks/eksprovider/driver/cluster_creator.go
index b46c054e1f..2822aef159 100644
--- a/internal/cluster/distribution/eks/eksprovider/driver/cluster_creator.go
+++ b/internal/cluster/distribution/eks/eksprovider/driver/cluster_creator.go
@@ -217,6 +217,17 @@ func (c *EksClusterCreator) create(ctx context.Context, logger logrus.FieldLogge
 			subnetID = requestedNodePool.Subnet.SubnetId
 		}
 
+		var nodePoolVolumes *eks.NodePoolVolumes
+		if requestedNodePool.Volumes != nil {
+			nodePoolVolumes = &eks.NodePoolVolumes{}
+			if requestedNodePool.Volumes.KubeletRoot != nil {
+				nodePoolVolumes.KubeletRoot = getVolumeParams(requestedNodePool.Volumes.KubeletRoot)
+			}
+			if requestedNodePool.Volumes.InstanceRoot != nil {
+				nodePoolVolumes.InstanceRoot = getVolumeParams(requestedNodePool.Volumes.InstanceRoot)
+			}
+		}
+
 		nodePool := eks.NewNodePool{
 			Name:   requestedNodePoolName,
 			Labels: requestedNodePool.Labels,
@@ -226,21 +237,12 @@ func (c *EksClusterCreator) create(ctx context.Context, logger logrus.FieldLogge
 				MinSize: requestedNodePool.MinCount,
 				MaxSize: requestedNodePool.MaxCount,
 			},
-			VolumeSize:       requestedNodePool.VolumeSize,
-			VolumeType:       requestedNodePool.VolumeType,
-			InstanceType:     requestedNodePool.InstanceType,
-			Image:            requestedNodePool.Image,
-			SpotPrice:        requestedNodePool.SpotPrice,
-			SecurityGroups:   requestedNodePool.SecurityGroups,
-			SubnetID:         subnetID,
-			UseInstanceStore: requestedNodePool.UseInstanceStore,
-		}
-
-		if requestedNodePool.VolumeEncryption != nil {
-			nodePool.VolumeEncryption = &eks.NodePoolVolumeEncryption{
-				Enabled:          requestedNodePool.VolumeEncryption.Enabled,
-				EncryptionKeyARN: requestedNodePool.VolumeEncryption.EncryptionKeyARN,
-			}
+			InstanceType:   requestedNodePool.InstanceType,
+			Image:          requestedNodePool.Image,
+			SpotPrice:      requestedNodePool.SpotPrice,
+			SecurityGroups: requestedNodePool.SecurityGroups,
+			SubnetID:       subnetID,
+			Volumes:        nodePoolVolumes,
 		}
 
 		nodePools = append(nodePools, nodePool)
@@ -297,6 +299,26 @@ func (c *EksClusterCreator) create(ctx context.Context, logger logrus.FieldLogge
 	return commonCluster, nil
 }
 
+func getVolumeParams(volume *pkgEks.NodePoolVolume) *eks.NodePoolVolume {
+	if volume.Type == eks.INSTANCE_STORE_STORAGE {
+		return &eks.NodePoolVolume{
+			Storage: eks.INSTANCE_STORE_STORAGE,
+		}
+	}
+
+	newVolume := &eks.NodePoolVolume{
+		Size: volume.Size,
+		Type: volume.Type,
+	}
+	if volume.Encryption != nil {
+		newVolume.Encryption = &eks.NodePoolVolumeEncryption{
+			Enabled:          volume.Encryption.Enabled,
+			EncryptionKeyARN: volume.Encryption.EncryptionKeyARN,
+		}
+	}
+	return newVolume
+}
+
 func CreateAWSCredentialsFromSecret(eksCluster *cluster.EKSCluster) (*credentials.Credentials, error) {
 	clusterSecret, err := eksCluster.GetSecretWithValidation()
 	if err != nil {
diff --git a/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go b/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go
index 7ebc23ecec..34350665a8 100644
--- a/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go
+++ b/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go
@@ -441,11 +441,14 @@ func newNodePoolsFromRequestedNewNodePools(
 			continue
 		}
 
-		var volumeEncryption *eks.NodePoolVolumeEncryption
-		if nodePool.VolumeEncryption != nil {
-			volumeEncryption = &eks.NodePoolVolumeEncryption{
-				Enabled:          nodePool.VolumeEncryption.Enabled,
-				EncryptionKeyARN: nodePool.VolumeEncryption.EncryptionKeyARN,
+		var nodePoolVolumes *eks.NodePoolVolumes
+		if nodePool.Volumes != nil {
+			nodePoolVolumes = &eks.NodePoolVolumes{}
+			if nodePool.Volumes.KubeletRoot != nil {
+				nodePoolVolumes.KubeletRoot = getVolumeParams(nodePool.Volumes.KubeletRoot)
+			}
+			if nodePool.Volumes.InstanceRoot != nil {
+				nodePoolVolumes.InstanceRoot = getVolumeParams(nodePool.Volumes.InstanceRoot)
 			}
 		}
 
@@ -458,15 +461,12 @@ func newNodePoolsFromRequestedNewNodePools(
 				MinSize: nodePool.MinCount,
 				MaxSize: nodePool.MaxCount,
 			},
-			VolumeEncryption: volumeEncryption,
-			VolumeSize:       nodePool.VolumeSize,
-			VolumeType:       nodePool.VolumeType,
-			InstanceType:     nodePool.InstanceType,
-			Image:            nodePool.Image,
-			SpotPrice:        nodePool.SpotPrice,
-			SecurityGroups:   nodePool.SecurityGroups,
-			SubnetID:         newNodePoolSubnetIDs[nodePoolName][0],
-			UseInstanceStore: nodePool.UseInstanceStore,
+			InstanceType:   nodePool.InstanceType,
+			Image:          nodePool.Image,
+			SpotPrice:      nodePool.SpotPrice,
+			SecurityGroups: nodePool.SecurityGroups,
+			SubnetID:       newNodePoolSubnetIDs[nodePoolName][0],
+			Volumes:        nodePoolVolumes,
 		})
 	}
 
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/activity_calculate_node_pool_version.go b/internal/cluster/distribution/eks/eksprovider/workflow/activity_calculate_node_pool_version.go
index 38e4b688bc..84f8d7efec 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/activity_calculate_node_pool_version.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/activity_calculate_node_pool_version.go
@@ -18,7 +18,6 @@ import (
 	"context"
 	"crypto/sha1"
 	"fmt"
-	"strconv"
 	"strings"
 
 	"go.uber.org/cadence/activity"
@@ -35,10 +34,8 @@ type CalculateNodePoolVersionActivity struct{}
 
 type CalculateNodePoolVersionActivityInput struct {
 	Image                string
-	VolumeEncryption     *eks.NodePoolVolumeEncryption
-	VolumeSize           int
+	Volumes              eks.NodePoolVolumes
 	CustomSecurityGroups []string
-	UseInstanceStore     *bool
 }
 
 type CalculateNodePoolVersionActivityOutput struct {
@@ -60,20 +57,39 @@ func (a CalculateNodePoolVersionActivity) Execute(
 	_ context.Context,
 	input CalculateNodePoolVersionActivityInput,
 ) (CalculateNodePoolVersionActivityOutput, error) {
-	volumeEncryption := "<nil>"
-	if input.VolumeEncryption != nil {
-		volumeEncryption = fmt.Sprintf("%v", *input.VolumeEncryption)
+	instanceRootVolumeStorage := "<nil>"
+	instanceRootVolumeEncryption := "<nil>"
+	instanceRootVolumeSize := 0
+
+	if input.Volumes.InstanceRoot != nil {
+		instanceRootVolumeStorage = input.Volumes.InstanceRoot.Storage
+		instanceRootVolumeSize = input.Volumes.InstanceRoot.Size
+		if input.Volumes.InstanceRoot.Encryption != nil {
+			instanceRootVolumeEncryption = fmt.Sprintf("%v", *input.Volumes.InstanceRoot.Encryption)
+		}
 	}
-	useInstanceStore := "<nil>"
-	if input.UseInstanceStore != nil {
-		useInstanceStore = strconv.FormatBool(*input.UseInstanceStore)
+
+	kubeletRootVolumeStorage := "<nil>"
+	kubeletRootVolumeEncryption := "<nil>"
+	kubeletRootVolumeSize := 0
+
+	if input.Volumes.KubeletRoot != nil {
+		kubeletRootVolumeStorage = input.Volumes.KubeletRoot.Storage
+		kubeletRootVolumeSize = input.Volumes.KubeletRoot.Size
+		if input.Volumes.KubeletRoot.Encryption != nil {
+			kubeletRootVolumeEncryption = fmt.Sprintf("%v", *input.Volumes.KubeletRoot.Encryption)
+		}
 	}
+
 	calculationParams := []string{
 		input.Image,
-		volumeEncryption,
-		fmt.Sprintf("%d", input.VolumeSize),
+		instanceRootVolumeStorage,
+		instanceRootVolumeEncryption,
+		fmt.Sprintf("%d", instanceRootVolumeSize),
+		kubeletRootVolumeStorage,
+		kubeletRootVolumeEncryption,
+		fmt.Sprintf("%d", kubeletRootVolumeSize),
 		strings.Join(input.CustomSecurityGroups, ","),
-		useInstanceStore,
 	}
 
 	h := sha1.New() // #nosec
@@ -91,13 +107,12 @@ func (a CalculateNodePoolVersionActivity) Execute(
 func calculateNodePoolVersion(
 	ctx workflow.Context,
 	image string,
-	volumeEncryption *eks.NodePoolVolumeEncryption,
-	volumeSize int,
+	volumes eks.NodePoolVolumes,
 	customSecurityGroups []string,
 ) (string, error) {
 	var activityOutput CalculateNodePoolVersionActivityOutput
 	err := calculateNodePoolVersionAsync(
-		ctx, image, volumeEncryption, volumeSize, customSecurityGroups).Get(ctx, &activityOutput)
+		ctx, image, volumes, customSecurityGroups).Get(ctx, &activityOutput)
 	if err != nil {
 		return "", err
 	}
@@ -111,14 +126,12 @@ func calculateNodePoolVersion(
 func calculateNodePoolVersionAsync(
 	ctx workflow.Context,
 	image string,
-	volumeEncryption *eks.NodePoolVolumeEncryption,
-	volumeSize int,
+	volumes eks.NodePoolVolumes,
 	customSecurityGroups []string,
 ) workflow.Future {
 	return workflow.ExecuteActivity(ctx, CalculateNodePoolVersionActivityName, CalculateNodePoolVersionActivityInput{
 		Image:                image,
-		VolumeEncryption:     volumeEncryption,
-		VolumeSize:           volumeSize,
+		Volumes:              volumes,
 		CustomSecurityGroups: customSecurityGroups,
 	})
 }
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/activity_calculate_node_pool_version_test.go b/internal/cluster/distribution/eks/eksprovider/workflow/activity_calculate_node_pool_version_test.go
index c978639745..5419dc74c5 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/activity_calculate_node_pool_version_test.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/activity_calculate_node_pool_version_test.go
@@ -43,11 +43,15 @@ func TestCalculateNodePoolVersion(t *testing.T) {
 			input: inputType{
 				input: CalculateNodePoolVersionActivityInput{
 					Image: "ami-xxxxxxxxxxxxx",
-					VolumeEncryption: &eks.NodePoolVolumeEncryption{
-						Enabled:          true,
-						EncryptionKeyARN: "arn:aws:kms:region:account:key/id",
+					Volumes: eks.NodePoolVolumes{
+						InstanceRoot: &eks.NodePoolVolume{
+							Encryption: &eks.NodePoolVolumeEncryption{
+								Enabled:          true,
+								EncryptionKeyARN: "arn:aws:kms:region:account:key/id",
+							},
+							Size: 50,
+						},
 					},
-					VolumeSize: 50,
 					CustomSecurityGroups: []string{
 						"sg-1",
 						"sg-2",
@@ -89,8 +93,7 @@ func TestCalculateNodePoolVersion(t *testing.T) {
 				_, actualError = calculateNodePoolVersion(
 					ctx,
 					testCase.input.input.Image,
-					testCase.input.input.VolumeEncryption,
-					testCase.input.input.VolumeSize,
+					testCase.input.input.Volumes,
 					testCase.input.input.CustomSecurityGroups,
 				)
 
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go b/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
index 1c120388cc..88c78859aa 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
@@ -59,19 +59,17 @@ type CreateAsgActivityInput struct {
 
 	SSHKeyName string
 
-	Name                 string
-	NodeSpotPrice        string
-	Autoscaling          bool
-	NodeMinCount         int
-	NodeMaxCount         int
-	Count                int
-	NodeVolumeEncryption *eks.NodePoolVolumeEncryption
-	NodeVolumeSize       int
-	NodeVolumeType       string
-	NodeImage            string
-	NodeInstanceType     string
-	Labels               map[string]string
-	NodePoolVersion      string
+	Name             string
+	NodeSpotPrice    string
+	Autoscaling      bool
+	NodeMinCount     int
+	NodeMaxCount     int
+	Count            int
+	NodeVolumes      eks.NodePoolVolumes
+	NodeImage        string
+	NodeInstanceType string
+	Labels           map[string]string
+	NodePoolVersion  string
 
 	Subnets             []Subnet
 	VpcID               string
@@ -140,28 +138,9 @@ func (a *CreateAsgActivity) Execute(ctx context.Context, input CreateAsgActivity
 		fmt.Sprintf("%v=%v", cluster.NodePoolVersionLabelKey, input.NodePoolVersion),
 	}
 
-	nodeVolumeEncryptionEnabled := "" // Note: defaulting to AWS account default encryption settings.
-	if input.NodeVolumeEncryption != nil {
-		nodeVolumeEncryptionEnabled = strconv.FormatBool(input.NodeVolumeEncryption.Enabled)
-	} else if a.defaultNodeVolumeEncryption != nil {
-		nodeVolumeEncryptionEnabled = strconv.FormatBool(a.defaultNodeVolumeEncryption.Enabled)
-	}
-
-	nodeVolumeEncryptionKeyARN := ""
-	if nodeVolumeEncryptionEnabled == "true" &&
-		input.NodeVolumeEncryption != nil &&
-		input.NodeVolumeEncryption.EncryptionKeyARN != "" {
-		nodeVolumeEncryptionKeyARN = input.NodeVolumeEncryption.EncryptionKeyARN
-	} else if nodeVolumeEncryptionEnabled == "true" &&
-		a.defaultNodeVolumeEncryption != nil &&
-		a.defaultNodeVolumeEncryption.EncryptionKeyARN != "" {
-		nodeVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
-	}
-
-	nodeVolumeType := "gp3"
-	if input.NodeVolumeType != "" {
-		nodeVolumeType = input.NodeVolumeType
-	}
+	nodeVolumeStorageStorage, nodeVolumeSize, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType :=
+		a.getDefaultedVolumeParams(input.NodeVolumes.InstanceRoot)
+	kubeletRootVolumeStorage, kubeletRootVolumeSize, kubeletRootVolumeEncryptionEnabled, kubeletRootVolumeEncryptionKeyARN, kubeletRootVolumeType := a.getDefaultedVolumeParams(input.NodeVolumes.KubeletRoot)
 
 	var stackTagsBuilder strings.Builder
 	for tagIndex, tag := range tags {
@@ -209,6 +188,10 @@ func (a *CreateAsgActivity) Execute(ctx context.Context, input CreateAsgActivity
 			ParameterKey:   aws.String("NodeAutoScalingInitSize"),
 			ParameterValue: aws.String(fmt.Sprintf("%d", input.Count)),
 		},
+		{
+			ParameterKey:   aws.String("NodeVolumeStorage"),
+			ParameterValue: aws.String(nodeVolumeStorageStorage),
+		},
 		{
 			ParameterKey:   aws.String("NodeVolumeEncryptionEnabled"),
 			ParameterValue: aws.String(nodeVolumeEncryptionEnabled),
@@ -219,12 +202,32 @@ func (a *CreateAsgActivity) Execute(ctx context.Context, input CreateAsgActivity
 		},
 		{
 			ParameterKey:   aws.String("NodeVolumeSize"),
-			ParameterValue: aws.String(fmt.Sprintf("%d", input.NodeVolumeSize)),
+			ParameterValue: aws.String(fmt.Sprintf("%d", nodeVolumeSize)),
 		},
 		{
 			ParameterKey:   aws.String("NodeVolumeType"),
 			ParameterValue: aws.String(nodeVolumeType),
 		},
+		{
+			ParameterKey:   aws.String("KubeletRootVolumeStorage"),
+			ParameterValue: aws.String(kubeletRootVolumeStorage),
+		},
+		{
+			ParameterKey:   aws.String("KubeletRootVolumeEncryptionEnabled"),
+			ParameterValue: aws.String(kubeletRootVolumeEncryptionEnabled),
+		},
+		{
+			ParameterKey:   aws.String("KubeletRootVolumeEncryptionKeyARN"),
+			ParameterValue: aws.String(kubeletRootVolumeEncryptionKeyARN),
+		},
+		{
+			ParameterKey:   aws.String("KubeletRootVolumeSize"),
+			ParameterValue: aws.String(fmt.Sprintf("%d", kubeletRootVolumeSize)),
+		},
+		{
+			ParameterKey:   aws.String("KubeletRootVolumeType"),
+			ParameterValue: aws.String(kubeletRootVolumeType),
+		},
 		{
 			ParameterKey:   aws.String("StackTags"),
 			ParameterValue: aws.String(stackTagsBuilder.String()),
@@ -273,10 +276,6 @@ func (a *CreateAsgActivity) Execute(ctx context.Context, input CreateAsgActivity
 			ParameterKey:   aws.String("KubeletExtraArguments"),
 			ParameterValue: aws.String(fmt.Sprintf("--node-labels %v", strings.Join(nodeLabels, ","))),
 		},
-		{
-			ParameterKey:   aws.String("UseInstanceStore"),
-			ParameterValue: aws.String(strconv.FormatBool(aws.BoolValue(input.UseInstanceStore))),
-		},
 	}
 
 	requestToken := aws.String(sdkAmazon.NewNormalizedClientRequestToken(activity.GetInfo(ctx).WorkflowExecution.ID))
@@ -327,6 +326,42 @@ func (a *CreateAsgActivity) Execute(ctx context.Context, input CreateAsgActivity
 	return &outParams, nil
 }
 
+func (a *CreateAsgActivity) getDefaultedVolumeParams(volume *eks.NodePoolVolume) (string, int, string, string, string) {
+	storageType := "none"
+	size := 0
+	nodeVolumeEncryptionEnabled := "" // Note: defaulting to AWS account default encryption settings.
+	nodeVolumeEncryptionKeyARN := ""
+	nodeVolumeType := "gp3"
+
+	if volume == nil {
+		return storageType, size, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType
+	}
+
+	storageType = volume.Storage
+	size = volume.Size
+
+	if volume.Encryption != nil {
+		nodeVolumeEncryptionEnabled = strconv.FormatBool(volume.Encryption.Enabled)
+	} else if a.defaultNodeVolumeEncryption != nil {
+		nodeVolumeEncryptionEnabled = strconv.FormatBool(a.defaultNodeVolumeEncryption.Enabled)
+	}
+
+	if nodeVolumeEncryptionEnabled == "true" &&
+		volume.Encryption != nil &&
+		volume.Encryption.EncryptionKeyARN != "" {
+		nodeVolumeEncryptionKeyARN = volume.Encryption.EncryptionKeyARN
+	} else if nodeVolumeEncryptionEnabled == "true" &&
+		a.defaultNodeVolumeEncryption != nil &&
+		a.defaultNodeVolumeEncryption.EncryptionKeyARN != "" {
+		nodeVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
+	}
+
+	if volume.Type != "" {
+		nodeVolumeType = volume.Type
+	}
+	return storageType, size, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType
+}
+
 // Register registers the stored node pool deletion activity.
 func (a CreateAsgActivity) Register(worker worker.Registry) {
 	worker.RegisterActivityWithOptions(a.Execute, activity.RegisterOptions{Name: CreateAsgActivityName})
@@ -343,7 +378,6 @@ func createASG(
 	vpcConfig GetVpcConfigActivityOutput,
 	nodePool eks.NewNodePool,
 	nodePoolSubnetIDs []string,
-	selectedVolumeSize int,
 	nodePoolVersion string,
 ) error {
 	return createASGAsync(
@@ -351,7 +385,6 @@ func createASG(
 		eksCluster, vpcConfig,
 		nodePool,
 		nodePoolSubnetIDs,
-		selectedVolumeSize,
 		nodePoolVersion,
 	).Get(ctx, nil)
 }
@@ -367,7 +400,6 @@ func createASGAsync(
 	vpcConfig GetVpcConfigActivityOutput,
 	nodePool eks.NewNodePool,
 	nodePoolSubnetIDs []string,
-	selectedVolumeSize int,
 	nodePoolVersion string,
 ) workflow.Future {
 	minSize := nodePool.Size
@@ -401,19 +433,17 @@ func createASGAsync(
 
 		SSHKeyName: sshKeyName,
 
-		Name:                 nodePool.Name,
-		NodeSpotPrice:        nodePool.SpotPrice,
-		Autoscaling:          nodePool.Autoscaling.Enabled,
-		NodeMinCount:         minSize,
-		NodeMaxCount:         maxSize,
-		Count:                nodePool.Size,
-		NodeVolumeEncryption: nodePool.VolumeEncryption,
-		NodeVolumeSize:       selectedVolumeSize,
-		NodeVolumeType:       nodePool.VolumeType,
-		NodeImage:            nodePool.Image,
-		NodeInstanceType:     nodePool.InstanceType,
-		Labels:               nodePool.Labels,
-		NodePoolVersion:      nodePoolVersion,
+		Name:             nodePool.Name,
+		NodeSpotPrice:    nodePool.SpotPrice,
+		Autoscaling:      nodePool.Autoscaling.Enabled,
+		NodeMinCount:     minSize,
+		NodeMaxCount:     maxSize,
+		Count:            nodePool.Size,
+		NodeVolumes:      *nodePool.Volumes,
+		NodeImage:        nodePool.Image,
+		NodeInstanceType: nodePool.InstanceType,
+		Labels:           nodePool.Labels,
+		NodePoolVersion:  nodePoolVersion,
 
 		Subnets:             subnets,
 		VpcID:               vpcConfig.VpcID,
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity_test.go b/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity_test.go
index cdb256d5c2..68a63b966f 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity_test.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity_test.go
@@ -185,7 +185,6 @@ func TestCreateASG(t *testing.T) {
 					testCase.input.vpcConfig,
 					testCase.input.nodePool,
 					testCase.input.nodePoolSubnetIDs,
-					testCase.input.selectedVolumeSize,
 					testCase.input.nodePoolVersion,
 				)
 
@@ -326,7 +325,6 @@ func TestCreateASGAsync(t *testing.T) {
 					testCase.input.vpcConfig,
 					testCase.input.nodePool,
 					testCase.input.nodePoolSubnetIDs,
-					testCase.input.selectedVolumeSize,
 					testCase.input.nodePoolVersion,
 				)
 				actualError = actualFuture.Get(ctx, nil)
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go b/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go
index 4c24ce7409..1da46c7c42 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go
@@ -207,14 +207,17 @@ func (w CreateNodePoolWorkflow) Execute(ctx workflow.Context, input CreateNodePo
 		}
 	}()
 
-	amiSize, err := getAMISize(ctx, eksActivityInput, input.NodePool.Image)
-	if err != nil {
-		return err
-	}
+	// select default AMI size for InstanceRoot volume in case it's EBS
+	if input.NodePool.Volumes != nil && input.NodePool.Volumes.InstanceRoot.Storage == eks.EBS_STORAGE {
+		amiSize, err := getAMISize(ctx, eksActivityInput, input.NodePool.Image)
+		if err != nil {
+			return err
+		}
 
-	volumeSize, err := selectVolumeSize(ctx, amiSize, input.NodePool.VolumeSize)
-	if err != nil {
-		return err
+		input.NodePool.Volumes.InstanceRoot.Size, err = selectVolumeSize(ctx, amiSize, input.NodePool.Volumes.InstanceRoot.Size)
+		if err != nil {
+			return err
+		}
 	}
 
 	if input.ShouldCreateNodePoolLabelSet {
@@ -230,13 +233,13 @@ func (w CreateNodePoolWorkflow) Execute(ctx workflow.Context, input CreateNodePo
 	}
 
 	nodePoolVersion, err := calculateNodePoolVersion(
-		ctx, input.NodePool.Image, input.NodePool.VolumeEncryption, input.NodePool.VolumeSize, input.NodePool.SecurityGroups)
+		ctx, input.NodePool.Image, *input.NodePool.Volumes, input.NodePool.SecurityGroups)
 	if err != nil {
 		return err
 	}
 
 	err = createASG(
-		ctx, eksActivityInput, eksCluster, vpcConfig, input.NodePool, input.NodePoolSubnetIDs, volumeSize, nodePoolVersion)
+		ctx, eksActivityInput, eksCluster, vpcConfig, input.NodePool, input.NodePoolSubnetIDs, nodePoolVersion)
 	if err != nil {
 		return pkgcadence.WrapClientError(err)
 	}
diff --git a/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go b/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
index 555e79e1cd..28cc1d0443 100644
--- a/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
+++ b/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
@@ -245,14 +245,15 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 		}
 	}
 
+	// todo x
 	var nodePoolVersion string
 	{
 		activityInput := eksWorkflow.CalculateNodePoolVersionActivityInput{
-			Image:                effectiveImage,
-			VolumeEncryption:     effectiveVolumeEncryption,
-			VolumeSize:           effectiveVolumeSize,
+			Image: effectiveImage,
+			//VolumeEncryption:     effectiveVolumeEncryption,
+			//VolumeSize:           effectiveVolumeSize,
 			CustomSecurityGroups: effectiveSecurityGroups,
-			UseInstanceStore:     effectiveUseInstanceStore,
+			// UseInstanceStore:     effectiveUseInstanceStore,
 		}
 
 		var output eksWorkflow.CalculateNodePoolVersionActivityOutput
diff --git a/internal/cluster/distribution/eks/node_pool.go b/internal/cluster/distribution/eks/node_pool.go
index e51d338e54..477bf6331c 100644
--- a/internal/cluster/distribution/eks/node_pool.go
+++ b/internal/cluster/distribution/eks/node_pool.go
@@ -30,17 +30,27 @@ type NewNodePool struct {
 		MinSize int  `mapstructure:"minSize"`
 		MaxSize int  `mapstructure:"maxSize"`
 	} `mapstructure:"autoscaling"`
+	Volumes        *NodePoolVolumes `mapstructure:"volumes"`
+	InstanceType   string           `mapstructure:"instanceType"`
+	Image          string           `mapstructure:"image"`
+	SpotPrice      string           `mapstructure:"spotPrice"`
+	SecurityGroups []string         `mapstructure:"securityGroups"`
+	SubnetID       string           `mapstructure:"subnetId"`
+	// deprecated, property replaced with Volumes.InstanceRoot.Encryption
 	VolumeEncryption *NodePoolVolumeEncryption `mapstructure:"volumeEncryption,omitempty"`
-	VolumeSize       int                       `mapstructure:"volumeSize"`
-	VolumeType       string                    `mapstructure:"volumeType"`
-	InstanceType     string                    `mapstructure:"instanceType"`
-	Image            string                    `mapstructure:"image"`
-	SpotPrice        string                    `mapstructure:"spotPrice"`
-	SecurityGroups   []string                  `mapstructure:"securityGroups"`
-	SubnetID         string                    `mapstructure:"subnetId"`
-	UseInstanceStore *bool                     `mapstructure:"useInstanceStore,omitempty"`
+	// deprecated, property replaced with Volumes.InstanceRoot.Size
+	VolumeSize int `mapstructure:"volumeSize"`
+	// deprecated, property replaced with Volumes.InstanceRoot.Type
+	VolumeType string `mapstructure:"volumeType"`
+	// deprecated, property replaced with Volumes.KubeletRoot.Type="instance-storage"
+	UseInstanceStore *bool `mapstructure:"useInstanceStore,omitempty"`
 }
 
+const (
+	EBS_STORAGE            = "ebs"
+	INSTANCE_STORE_STORAGE = "instance-store"
+)
+
 // Validate semantically validates the new node pool.
 //
 // Some cluster specific compatibility information (eg. subnet settings) should be validated by an external validator.
@@ -71,6 +81,12 @@ func (n NewNodePool) Validate() error {
 		violations = append(violations, "instance type cannot be empty")
 	}
 
+	if n.Volumes != nil && n.Volumes.InstanceRoot != nil && n.Volumes.KubeletRoot != nil &&
+		n.Volumes.InstanceRoot.Storage == INSTANCE_STORE_STORAGE && n.Volumes.KubeletRoot.Storage == EBS_STORAGE {
+		violations = append(violations, "`volumes.kubeletRoot.storage` can not be of type `ebs` in case "+
+			"`volumes.instanceRoot.storage = instance-store`")
+	}
+
 	if len(violations) > 0 {
 		return cluster.NewValidationError("invalid node pool creation request", violations)
 	}
diff --git a/internal/cluster/distribution/eks/service.go b/internal/cluster/distribution/eks/service.go
index 375fd771c3..541a27c3fe 100644
--- a/internal/cluster/distribution/eks/service.go
+++ b/internal/cluster/distribution/eks/service.go
@@ -295,6 +295,21 @@ type NodePoolVolumeEncryption struct {
 	EncryptionKeyARN string `mapstructure:"encryptionKeyARN"`
 }
 
+type NodePoolVolumes struct {
+	InstanceRoot *NodePoolVolume `mapstructure:"instanceRoot,omitempty"`
+	KubeletRoot  *NodePoolVolume `mapstructure:"kubeletRoot,omitempty"`
+}
+
+type NodePoolVolume struct {
+	Encryption *NodePoolVolumeEncryption `mapstructure:"encryption,omitempty"`
+	// Size of the EBS volume in GiBs of the nodes in the pool (default 50 GiB).
+	Size int `mapstructure:"size,omitempty"`
+	// Type of the mounted volume's storage on the node instances of the node pool.
+	Storage string `mapstructure:"storage"`
+	// Type of the EBS volume to mount on the EKS node pool node instances (default gp3).
+	Type string `mapstructure:"type,omitempty"`
+}
+
 // NewService returns a new Service instance.
 func NewService(
 	genericClusters Store,
diff --git a/pkg/errors/errors.go b/pkg/errors/errors.go
index bd353c582c..f9e7d16c45 100644
--- a/pkg/errors/errors.go
+++ b/pkg/errors/errors.go
@@ -23,8 +23,10 @@ var (
 	ErrorAmazonImageFieldIsEmpty      = errors.New("Required field 'image' is empty ")
 	ErrorInstancetypeFieldIsEmpty     = errors.New("Required field 'instanceType' is empty ")
 
-	ErrorAmazonEksFieldIsEmpty         = errors.New("Required field 'eks' is empty.")
-	ErrorAmazonEksNodePoolFieldIsEmpty = errors.New("At least one 'nodePool' is required.")
+	ErrorAmazonEksFieldIsEmpty                = errors.New("Required field 'eks' is empty.")
+	ErrorAmazonEksNodePoolFieldIsEmpty        = errors.New("At least one 'nodePool' is required.")
+	ErrorAmazonEksNodePoolIncompatibleVolumes = errors.New("`volumes.kubeletRoot.storage` can not be of type `ebs` in case " +
+		"`volumes.instanceRoot.storage = instance-store`")
 
 	ErrorNodePoolMinMaxFieldError      = errors.New("'maxCount' must be greater than 'minCount'")
 	ErrorNodePoolCountFieldError       = errors.New("'count' must be greater than or equal to 'minCount' and lower than or equal to 'maxCount'")
diff --git a/src/cluster/eks_update_cluster.go b/src/cluster/eks_update_cluster.go
index 87167c8abb..9a6501a18a 100644
--- a/src/cluster/eks_update_cluster.go
+++ b/src/cluster/eks_update_cluster.go
@@ -298,12 +298,13 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 				}
 			}
 
+			// todo x
 			var nodePoolVersion string
 			{
 				activityInput := eksWorkflow.CalculateNodePoolVersionActivityInput{
-					Image:                effectiveImage,
-					VolumeEncryption:     effectiveVolumeEncryption,
-					VolumeSize:           effectiveVolumeSize,
+					Image: effectiveImage,
+					//VolumeEncryption:     effectiveVolumeEncryption,
+					//VolumeSize:           effectiveVolumeSize,
 					CustomSecurityGroups: effectiveSecurityGroups,
 				}
 
diff --git a/templates/eks/amazon-eks-nodepool-cf.yaml b/templates/eks/amazon-eks-nodepool-cf.yaml
index 41c495ed5f..6be0ea04a3 100644
--- a/templates/eks/amazon-eks-nodepool-cf.yaml
+++ b/templates/eks/amazon-eks-nodepool-cf.yaml
@@ -26,10 +26,16 @@ Metadata:
           # - NodeImageIdSSMParam
           - NodeImageId
           - NodeSpotPrice
+          - NodeVolumeStorage
           - NodeVolumeEncryptionEnabled
           - NodeVolumeEncryptionKeyARN
           - NodeVolumeSize
           - NodeVolumeType
+          - KubeletRootVolumeStorage
+          - KubeletRootVolumeEncryptionEnabled
+          - KubeletRootVolumeEncryptionKeyARN
+          - KubeletRootVolumeSize
+          - KubeletRootVolumeType
           - KeyName
           - BootstrapArguments
           - KubeletExtraArguments
@@ -549,6 +555,14 @@ Parameters:
     Type: String
     Description: The spot price for this ASG
 
+  NodeVolumeStorage:
+      Type: String
+      Default: "ebs"
+      AllowedValues:
+          - "ebs"
+          - "instance-store"
+      Description: "Node / instance root volume."
+
   NodeVolumeEncryptionEnabled:
     Type: String
     Default: ""
@@ -570,6 +584,7 @@ Parameters:
 
   NodeVolumeType:
     Type: String
+    Default: "gp3"
     AllowedValues:
       - gp2
       - gp3
@@ -580,6 +595,47 @@ Parameters:
       - standard
     Description: Volume type of the EBS block device mapping of the node launch template used for the node pool's nodes. See more information at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-blockdevicemapping-ebs.html#cfn-ec2-launchtemplate-blockdevicemapping-ebs-volumetype.
 
+  KubeletRootVolumeStorage:
+      Type: String
+      Default: "none"
+      AllowedValues:
+          - "ebs"
+          - "instance-store"
+          - "none"
+      Description: "Data volume set as Kubelet root."
+
+  KubeletRootVolumeEncryptionEnabled:
+      Type: String
+      Default: ""
+      Description: Enable node pool node volume encryption (""/"false"/"true").
+      AllowedValues:
+          - "" # Note: unspecified, use default AWS behavior.
+          - "false"
+          - "true"
+
+  KubeletRootVolumeEncryptionKeyARN:
+      Type: String
+      Default: ""
+      Description: KMS encryption key ARN to use for node pool node volume encryption. In case of empty key value, the default AWS EBS encryption key is used.
+
+  KubeletRootVolumeSize:
+      Type: Number
+      Default: 0 # Note: defaulted to no value when 0.
+      Description: Node volume size
+
+  KubeletRootVolumeType:
+      Type: String
+      Default: "gp3"
+      AllowedValues:
+          - gp2
+          - gp3
+          - io1
+          - io2
+          - sc1
+          - st1
+          - standard
+      Description: Volume type of the EBS block device mapping of the node launch template used for the node pool's nodes. See more information at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-blockdevicemapping-ebs.html#cfn-ec2-launchtemplate-blockdevicemapping-ebs-volumetype.
+
   StackTags:
     Type: "String"
     Default: ""
@@ -598,14 +654,6 @@ Parameters:
     Type: String
     Description: Enable detachment from ASG at instance termination (true/false)
 
-  UseInstanceStore:
-      Type: String
-      Default: "false"
-      AllowedValues:
-        - "true"
-        - "false"
-      Description: "Mount and setup available instance stores for Kubelet if available."
-
   VpcId:
     Type: "AWS::EC2::VPC::Id"
     Description: The VPC of the worker instances
@@ -637,13 +685,20 @@ Conditions:
       - !Ref DisableIMDSv1
       - "true"
 
+  IsNodeVolumeStorageEbs: !Equals [ !Ref NodeVolumeStorage, "ebs" ]
   IsNodeVolumeEncryptionSpecified: !Not [ !Equals [ !Ref NodeVolumeEncryptionEnabled, "" ] ]
   IsNodeVolumeEncryptionKeyARNSpecified: !And
     - !Equals [ !Ref NodeVolumeEncryptionEnabled, "true" ]
     - !Not [ !Equals [ !Ref NodeVolumeEncryptionKeyARN, "" ] ]
+  IsKubeletRootVolumeStorageEbs: !Equals [ !Ref KubeletRootVolumeStorage, "ebs" ]
+  IsKubeletRootVolumeEncryptionSpecified: !Not [ !Equals [ !Ref KubeletRootVolumeEncryptionEnabled, "" ] ]
+  IsKubeletRootVolumeEncryptionKeyARNSpecified: !And
+      - !Equals [ !Ref KubeletRootVolumeEncryptionEnabled, "true" ]
+      - !Not [ !Equals [ !Ref KubeletRootVolumeEncryptionKeyARN, "" ] ]
   IsSpotInstance: !Not [ !Equals [ !Ref NodeSpotPrice, "" ] ]
   NoCustomNodeSecurityGroups: !Equals [ !Ref CustomNodeSecurityGroups, "" ]
   NodeVolumeSizeAuto: !Equals [ !Ref NodeVolumeSize, 0 ]
+  KubeletRootVolumeSizeAuto: !Equals [ !Ref KubeletRootVolumeSize, 0 ]
 
 Resources:
   # Note: using preinitialized, possibly user defined node instance roles.
@@ -770,13 +825,35 @@ Resources:
     Properties:
       LaunchTemplateData:
         BlockDeviceMappings:
-          - DeviceName: /dev/xvda
-            Ebs:
-              DeleteOnTermination: true
-              Encrypted: !If [ IsNodeVolumeEncryptionSpecified, !Ref NodeVolumeEncryptionEnabled , !Ref "AWS::NoValue" ]
-              KmsKeyId: !If [ IsNodeVolumeEncryptionKeyARNSpecified, !Ref NodeVolumeEncryptionKeyARN, !Ref "AWS::NoValue" ]
-              VolumeSize: !If [ NodeVolumeSizeAuto, !Ref "AWS::NoValue", !Ref NodeVolumeSize ]
-              VolumeType: !Ref NodeVolumeType
+          !If
+            - IsNodeVolumeStorageEbs
+            -
+              !If
+                - IsKubeletRootVolumeStorageEbs
+                -
+                   - DeviceName: /dev/xvda
+                     Ebs:
+                       DeleteOnTermination: true
+                       Encrypted: !If [ IsNodeVolumeEncryptionSpecified, !Ref NodeVolumeEncryptionEnabled , !Ref "AWS::NoValue" ]
+                       KmsKeyId: !If [ IsNodeVolumeEncryptionKeyARNSpecified, !Ref NodeVolumeEncryptionKeyARN, !Ref "AWS::NoValue" ]
+                       VolumeSize: !If [ NodeVolumeSizeAuto, !Ref "AWS::NoValue", !Ref NodeVolumeSize ]
+                       VolumeType: !Ref NodeVolumeType
+                   - DeviceName: /dev/xvdb
+                     Ebs:
+                       DeleteOnTermination: true
+                       Encrypted: !If [ IsKubeletRootVolumeEncryptionSpecified, !Ref KubeletRootVolumeEncryptionEnabled , !Ref "AWS::NoValue" ]
+                       KmsKeyId: !If [ IsKubeletRootVolumeEncryptionKeyARNSpecified, !Ref KubeletRootVolumeEncryptionKeyARN, !Ref "AWS::NoValue" ]
+                       VolumeSize: !If [ KubeletRootVolumeSizeAuto, !Ref "AWS::NoValue", !Ref KubeletRootVolumeSize ]
+                       VolumeType: !Ref KubeletRootVolumeType
+                -
+                   - DeviceName: /dev/xvda
+                     Ebs:
+                       DeleteOnTermination: true
+                       Encrypted: !If [ IsNodeVolumeEncryptionSpecified, !Ref NodeVolumeEncryptionEnabled , !Ref "AWS::NoValue" ]
+                       KmsKeyId: !If [ IsNodeVolumeEncryptionKeyARNSpecified, !Ref NodeVolumeEncryptionKeyARN, !Ref "AWS::NoValue" ]
+                       VolumeSize: !If [ NodeVolumeSizeAuto, !Ref "AWS::NoValue", !Ref NodeVolumeSize ]
+                       VolumeType: !Ref NodeVolumeType
+            - !Ref "AWS::NoValue"
         IamInstanceProfile:
           Arn: !GetAtt NodeInstanceProfile.Arn
         ImageId: !Ref NodeImageId # Note: deliberately not allowing fallback to NodeImageIdSSMParam.
@@ -793,18 +870,28 @@ Resources:
         SecurityGroupIds:
           !If [NoCustomNodeSecurityGroups, [!Ref NodeSecurityGroup], !Split [ ",",  !Join [ ",", [ !Ref NodeSecurityGroup, !Ref CustomNodeSecurityGroups ] ]  ] ]
         TagSpecifications:
-          - ResourceType: volume
-            Tags:
-              - Key: Name
-                Value: !Sub ${ClusterName}-${NodeGroupName}-Volume
-              - Key: !Sub kubernetes.io/cluster/${ClusterName}
-                Value: owned
+          !If
+            - IsNodeVolumeStorageEbs
+            -
+               - ResourceType: volume
+                 Tags:
+                   - Key: Name
+                     Value: !Sub ${ClusterName}-${NodeGroupName}-Volume
+                   - Key: !Sub kubernetes.io/cluster/${ClusterName}
+                     Value: owned
+            - !Ref "AWS::NoValue"
         UserData:
             Fn::Base64:
                 Fn::Sub: |
                       #!/usr/bin/env bash
                       set -o xtrace
-                      if [ "${UseInstanceStore}" == "true" ]; then
+                      if [ "${KubeletRootVolumeStorage}" == "ebs" ]; then
+                        mkfs.ext4 -m 0 -b 4096 /dev/xvdb
+                        mkdir /media/local
+                        mount -o defaults,noatime,discard,nobarrier /dev/xvdb /media/local
+                        mkdir /media/local/kubelet
+                        /etc/eks/bootstrap.sh ${ClusterName} --kubelet-extra-args '--root-dir /media/local/kubelet ${KubeletExtraArguments}' ${BootstrapArguments}
+                      elif  [ "${KubeletRootVolumeStorage}" == "instance-store" ]; then
                         SSD_NVME_DEVICE_LIST=($(lsblk -l -o name,model | grep "Instance Storage" | cut -d " " -f 1 | sed -e "s/.*/\\/dev\\/&/" || true))
                         SSD_NVME_DEVICE_COUNT=${!#SSD_NVME_DEVICE_LIST[@]}
                         RAID_DEVICE=${!RAID_DEVICE:-/dev/md0}
@@ -855,7 +942,7 @@ Resources:
                       # > supports. Currently, tags aren't propagated to Amazon
                       # > EBS volumes that are created from block device
                       # > mappings.
-                      if [ "${StackTags}" != "" ]; then
+                      if [ "${StackTags}" != "" ] && [ "${NodeVolumeStorage}" == "ebs" ]; then
                         STACK_TAG_ARGUMENTS=""
                         for TAG in $(echo -n "${StackTags}" | tr "," "\n"); do
                           TAG_KEY=$(echo -n "$TAG" | cut -d "=" -f 1)
@@ -867,7 +954,7 @@ Resources:
                         AWS_AVAIL_ZONE=$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone)
                         AWS_REGION="$(echo "$AWS_AVAIL_ZONE" | sed 's/[a-z]$//')"
                         AWS_INSTANCE_ID=$(curl http://169.254.169.254/latest/meta-data/instance-id)
-                        ROOT_VOLUME_IDS=$(aws ec2 describe-instances --region $AWS_REGION --instance-id $AWS_INSTANCE_ID --output text --query Reservations[0].Instances[0].BlockDeviceMappings[0].Ebs.VolumeId)
+                        ROOT_VOLUME_IDS=$(aws ec2 describe-instances --region $AWS_REGION --instance-id $AWS_INSTANCE_ID --output text --query Reservations[0].Instances[0].BlockDeviceMappings[].Ebs.VolumeId)
                         # Note: the lack of quotes around the tag arguments is intentional.
                         aws ec2 create-tags --resources $ROOT_VOLUME_IDS --region $AWS_REGION --tags $STACK_TAG_ARGUMENTS
                       fi

From eff6fe2784631de0dcd1eda2168d575f4c148af0 Mon Sep 17 00:00:00 2001
From: Magyari Sandor Szilard <sancyx@gmail.com>
Date: Mon, 23 Aug 2021 11:23:11 +0200
Subject: [PATCH 04/11] set new template version

---
 templates/eks/amazon-eks-nodepool-cf.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/eks/amazon-eks-nodepool-cf.yaml b/templates/eks/amazon-eks-nodepool-cf.yaml
index 6be0ea04a3..0b959f05cb 100644
--- a/templates/eks/amazon-eks-nodepool-cf.yaml
+++ b/templates/eks/amazon-eks-nodepool-cf.yaml
@@ -647,7 +647,7 @@ Parameters:
 
   TemplateVersion:
     Type: String
-    Default: "2.4.0"
+    Default: "2.5.0"
     Description: Current version of the template structure as metainformation for created stacks.
 
   TerminationDetachEnabled:

From cd973a29a5d9df7006f209d60d9705677c3d9c5f Mon Sep 17 00:00:00 2001
From: Magyari Sandor Szilard <sancyx@gmail.com>
Date: Mon, 23 Aug 2021 19:09:32 +0200
Subject: [PATCH 05/11] update nodepool(s): generic volume handling

---
 .../eks/eksadapter/node_pool_manager.go       |  34 ++++-
 .../eks/eksadapter/node_pool_processor.go     |   2 +-
 .../distribution/eks/ekscluster/eks.go        |   2 +-
 .../eks/eksprovider/driver/cluster_creator.go |   5 +-
 .../eks/eksprovider/driver/cluster_updater.go |  80 +++++++---
 .../eks/eksprovider/workflow/amazon.go        |  32 ++--
 .../workflow/create_asg_activity.go           |  50 ++++---
 .../workflow/update_asg_activity.go           | 123 ++++++++--------
 .../eksworkflow/activity_update_node_group.go | 137 +++++++++++++-----
 .../eksworkflow/workflow_update_node_pool.go  | 103 +++++++------
 internal/cluster/distribution/eks/service.go  | 136 ++++++++++++-----
 src/cluster/eks_update_cluster.go             |  89 ++++++++----
 12 files changed, 531 insertions(+), 262 deletions(-)

diff --git a/internal/cluster/distribution/eks/eksadapter/node_pool_manager.go b/internal/cluster/distribution/eks/eksadapter/node_pool_manager.go
index 9361da7bf0..45441c1756 100644
--- a/internal/cluster/distribution/eks/eksadapter/node_pool_manager.go
+++ b/internal/cluster/distribution/eks/eksadapter/node_pool_manager.go
@@ -235,6 +235,31 @@ func (n nodePoolManager) UpdateNodePool(
 		ExecutionStartToCloseTimeout: 30 * 24 * 60 * time.Minute,
 	}
 
+	if nodePoolUpdate.Volumes == nil {
+		nodePoolUpdate.Volumes = &eks.NodePoolVolumes{
+			InstanceRoot: &eks.NodePoolVolume{
+				Type:    "gp3",
+				Storage: eks.EBS_STORAGE,
+			},
+		}
+
+		// copy deprecated property values
+		if nodePoolUpdate.VolumeSize > 0 {
+			nodePoolUpdate.Volumes.InstanceRoot.Size = nodePoolUpdate.VolumeSize
+		}
+		if nodePoolUpdate.VolumeType != "" {
+			nodePoolUpdate.Volumes.InstanceRoot.Type = nodePoolUpdate.VolumeType
+		}
+		if nodePoolUpdate.VolumeEncryption != nil {
+			nodePoolUpdate.Volumes.InstanceRoot.Encryption = nodePoolUpdate.VolumeEncryption
+		}
+		if nodePoolUpdate.UseInstanceStore != nil && *nodePoolUpdate.UseInstanceStore {
+			nodePoolUpdate.Volumes.KubeletRoot = &eks.NodePoolVolume{
+				Storage: eks.INSTANCE_STORE_STORAGE,
+			}
+		}
+	}
+
 	input := eksworkflow.UpdateNodePoolWorkflowInput{
 		ProviderSecretID: c.SecretID.String(),
 		Region:           c.Location,
@@ -247,12 +272,9 @@ func (n nodePoolManager) UpdateNodePool(
 		NodePoolName:    nodePoolName,
 		OrganizationID:  c.OrganizationID,
 
-		NodeVolumeEncryption: nodePoolUpdate.VolumeEncryption,
-		NodeVolumeSize:       nodePoolUpdate.VolumeSize,
-		NodeVolumeType:       nodePoolUpdate.VolumeType,
-		NodeImage:            nodePoolUpdate.Image,
-		SecurityGroups:       nodePoolUpdate.SecurityGroups,
-		UseInstanceStore:     nodePoolUpdate.UseInstanceStore,
+		NodeVolumes:    nodePoolUpdate.Volumes,
+		NodeImage:      nodePoolUpdate.Image,
+		SecurityGroups: nodePoolUpdate.SecurityGroups,
 
 		Options: eks.NodePoolUpdateOptions{
 			MaxSurge:       nodePoolUpdate.Options.MaxSurge,
diff --git a/internal/cluster/distribution/eks/eksadapter/node_pool_processor.go b/internal/cluster/distribution/eks/eksadapter/node_pool_processor.go
index 9ee86e8a55..c917424f1d 100644
--- a/internal/cluster/distribution/eks/eksadapter/node_pool_processor.go
+++ b/internal/cluster/distribution/eks/eksadapter/node_pool_processor.go
@@ -123,7 +123,7 @@ func (p nodePoolProcessor) ProcessNewNodePool(
 	}
 
 	// default kubelet root EBS size to 50GB
-	if nodePool.Volumes.KubeletRoot != nil && nodePool.Volumes.KubeletRoot.Storage == eks.INSTANCE_STORE_STORAGE &&
+	if nodePool.Volumes.KubeletRoot != nil && nodePool.Volumes.KubeletRoot.Storage == eks.EBS_STORAGE &&
 		nodePool.Volumes.KubeletRoot.Size == 0 {
 		nodePool.Volumes.KubeletRoot.Size = 50
 	}
diff --git a/internal/cluster/distribution/eks/ekscluster/eks.go b/internal/cluster/distribution/eks/ekscluster/eks.go
index 1d7e11aa64..3a2aa1047f 100644
--- a/internal/cluster/distribution/eks/ekscluster/eks.go
+++ b/internal/cluster/distribution/eks/ekscluster/eks.go
@@ -413,7 +413,7 @@ func (eks *CreateClusterEKS) AddDefaults(location string) error {
 		}
 
 		// default kubelet root EBS size to 50GB
-		if np.Volumes.KubeletRoot != nil && np.Volumes.KubeletRoot.Storage == INSTANCE_STORE_STORAGE &&
+		if np.Volumes.KubeletRoot != nil && np.Volumes.KubeletRoot.Storage == EBS_STORAGE &&
 			np.Volumes.KubeletRoot.Size == 0 {
 			np.Volumes.KubeletRoot.Size = 50
 		}
diff --git a/internal/cluster/distribution/eks/eksprovider/driver/cluster_creator.go b/internal/cluster/distribution/eks/eksprovider/driver/cluster_creator.go
index 2822aef159..42b59f78b4 100644
--- a/internal/cluster/distribution/eks/eksprovider/driver/cluster_creator.go
+++ b/internal/cluster/distribution/eks/eksprovider/driver/cluster_creator.go
@@ -307,8 +307,9 @@ func getVolumeParams(volume *pkgEks.NodePoolVolume) *eks.NodePoolVolume {
 	}
 
 	newVolume := &eks.NodePoolVolume{
-		Size: volume.Size,
-		Type: volume.Type,
+		Storage: eks.EBS_STORAGE,
+		Size:    volume.Size,
+		Type:    volume.Type,
 	}
 	if volume.Encryption != nil {
 		newVolume.Encryption = &eks.NodePoolVolumeEncryption{
diff --git a/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go b/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go
index 34350665a8..d4308eb24b 100644
--- a/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go
+++ b/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go
@@ -222,32 +222,32 @@ func newASGsFromRequestedUpdatedNodePools(
 	}
 
 	for nodePoolName, nodePool := range requestedUpdatedNodePools {
-		var volumeEncryption *eks.NodePoolVolumeEncryption
-		if nodePool.VolumeEncryption != nil {
-			volumeEncryption = &eks.NodePoolVolumeEncryption{
-				Enabled:          nodePool.VolumeEncryption.Enabled,
-				EncryptionKeyARN: nodePool.VolumeEncryption.EncryptionKeyARN,
+		var nodePoolVolumes *eks.NodePoolVolumes
+		if nodePool.Volumes != nil {
+			nodePoolVolumes = &eks.NodePoolVolumes{}
+			if nodePool.Volumes.KubeletRoot != nil {
+				nodePoolVolumes.KubeletRoot = getVolumeParams(nodePool.Volumes.KubeletRoot)
+			}
+			if nodePool.Volumes.InstanceRoot != nil {
+				nodePoolVolumes.InstanceRoot = getVolumeParams(nodePool.Volumes.InstanceRoot)
 			}
 		}
 
 		updatedNodePools = append(updatedNodePools, workflow.AutoscaleGroup{
-			Name:                 nodePoolName,
-			NodeSpotPrice:        nodePool.SpotPrice,
-			Autoscaling:          nodePool.Autoscaling,
-			NodeMinCount:         nodePool.MinCount,
-			NodeMaxCount:         nodePool.MaxCount,
-			Count:                nodePool.Count,
-			NodeVolumeEncryption: volumeEncryption,
-			NodeVolumeSize:       nodePool.VolumeSize,
-			NodeVolumeType:       nodePool.VolumeType,
-			NodeImage:            nodePool.Image,
-			NodeInstanceType:     nodePool.InstanceType,
-			SecurityGroups:       nodePool.SecurityGroups,
-			UseInstanceStore:     nodePool.UseInstanceStore,
-			Labels:               nodePool.Labels,
-			Delete:               false,
-			Create:               false,
-			CreatedBy:            creators[nodePoolName],
+			Name:             nodePoolName,
+			NodeSpotPrice:    nodePool.SpotPrice,
+			Autoscaling:      nodePool.Autoscaling,
+			NodeMinCount:     nodePool.MinCount,
+			NodeMaxCount:     nodePool.MaxCount,
+			Count:            nodePool.Count,
+			NodeImage:        nodePool.Image,
+			NodeInstanceType: nodePool.InstanceType,
+			Volumes:          nodePoolVolumes,
+			SecurityGroups:   nodePool.SecurityGroups,
+			Labels:           nodePool.Labels,
+			Delete:           false,
+			Create:           false,
+			CreatedBy:        creators[nodePoolName],
 		})
 	}
 
@@ -410,6 +410,42 @@ func newNodePoolsFromUpdateRequest(
 				nodePool.SpotPrice = eks.DefaultSpotPrice
 			}
 
+			// convert deprecated params in case no Volumes struct is specified
+			if nodePool.Volumes == nil {
+				volumes := pkgEks.NodePoolVolumes{}
+				instanceRootVolume := pkgEks.NodePoolVolume{}
+				isInstanceRoot := false
+
+				if nodePool.VolumeSize > 0 {
+					isInstanceRoot = true
+					instanceRootVolume.Size = nodePool.VolumeSize
+				}
+				if nodePool.VolumeType != "" {
+					isInstanceRoot = true
+					instanceRootVolume.Type = nodePool.VolumeType
+				}
+				if nodePool.VolumeEncryption != nil {
+					isInstanceRoot = true
+					instanceRootVolume.Encryption = nodePool.VolumeEncryption
+				}
+
+				if isInstanceRoot {
+					volumes.InstanceRoot = &instanceRootVolume
+				}
+
+				isKubeletRoot := false
+				if nodePool.UseInstanceStore != nil && *nodePool.UseInstanceStore {
+					isKubeletRoot = true
+					volumes.KubeletRoot = &pkgEks.NodePoolVolume{
+						Storage: pkgEks.INSTANCE_STORE_STORAGE,
+					}
+				}
+
+				if isInstanceRoot || isKubeletRoot {
+					nodePool.Volumes = &volumes
+				}
+			}
+
 			requestedNewNodePools[nodePoolName] = nodePool
 		}
 	}
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/amazon.go b/internal/cluster/distribution/eks/eksprovider/workflow/amazon.go
index b5b31f7b1d..44984215f5 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/amazon.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/amazon.go
@@ -220,22 +220,30 @@ func NewSubnetsFromEKSSubnets(
 // TODO: remove when UpdateNodePoolWorkflow is refactored and this is not needed
 // anymore.
 type AutoscaleGroup struct {
-	Name                 string
-	NodeSpotPrice        string
-	Autoscaling          bool
-	NodeMinCount         int
-	NodeMaxCount         int
-	Count                int
+	Name          string
+	NodeSpotPrice string
+	Autoscaling   bool
+	NodeMinCount  int
+	NodeMaxCount  int
+	Count         int
+
+	Volumes *eks.NodePoolVolumes `json:"volumes,omitempty"`
+
+	// deprecated, property replaced with Volumes.InstanceRoot.Encryption
 	NodeVolumeEncryption *eks.NodePoolVolumeEncryption
-	NodeVolumeSize       int
-	NodeVolumeType       string
-	NodeImage            string
-	NodeInstanceType     string
+	// deprecated, property replaced with Volumes.InstanceRoot.Size
+	NodeVolumeSize int
+	// deprecated, property replaced with Volumes.InstanceRoot.Type
+	NodeVolumeType string
+	// deprecated, property replaced with Volumes.KubeletRoot.Type="instance-storage"
+	UseInstanceStore *bool `json:"useInstanceStore,omitempty" yaml:"useInstanceStore,omitempty"`
+
+	NodeImage        string
+	NodeInstanceType string
 
 	// SecurityGroups collects the user specified custom node security group
 	// IDs.
-	SecurityGroups   []string
-	UseInstanceStore *bool
+	SecurityGroups []string
 
 	Labels    map[string]string
 	Delete    bool
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go b/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
index 88c78859aa..12c014bd29 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
@@ -139,8 +139,9 @@ func (a *CreateAsgActivity) Execute(ctx context.Context, input CreateAsgActivity
 	}
 
 	nodeVolumeStorageStorage, nodeVolumeSize, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType :=
-		a.getDefaultedVolumeParams(input.NodeVolumes.InstanceRoot)
-	kubeletRootVolumeStorage, kubeletRootVolumeSize, kubeletRootVolumeEncryptionEnabled, kubeletRootVolumeEncryptionKeyARN, kubeletRootVolumeType := a.getDefaultedVolumeParams(input.NodeVolumes.KubeletRoot)
+		getDefaultedTemplateVolumeParams(input.NodeVolumes.InstanceRoot, a.defaultNodeVolumeEncryption)
+	kubeletRootVolumeStorage, kubeletRootVolumeSize, kubeletRootVolumeEncryptionEnabled, kubeletRootVolumeEncryptionKeyARN, kubeletRootVolumeType :=
+		getDefaultedTemplateVolumeParams(input.NodeVolumes.KubeletRoot, a.defaultNodeVolumeEncryption)
 
 	var stackTagsBuilder strings.Builder
 	for tagIndex, tag := range tags {
@@ -326,38 +327,43 @@ func (a *CreateAsgActivity) Execute(ctx context.Context, input CreateAsgActivity
 	return &outParams, nil
 }
 
-func (a *CreateAsgActivity) getDefaultedVolumeParams(volume *eks.NodePoolVolume) (string, int, string, string, string) {
-	storageType := "none"
+func getDefaultedTemplateVolumeParams(volume *eks.NodePoolVolume, defaultNodeVolumeEncryption *eks.NodePoolVolumeEncryption) (string, int, string, string, string) {
+	storageType := ""
 	size := 0
 	nodeVolumeEncryptionEnabled := "" // Note: defaulting to AWS account default encryption settings.
 	nodeVolumeEncryptionKeyARN := ""
-	nodeVolumeType := "gp3"
+	nodeVolumeType := ""
 
 	if volume == nil {
 		return storageType, size, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType
 	}
 
 	storageType = volume.Storage
-	size = volume.Size
 
-	if volume.Encryption != nil {
-		nodeVolumeEncryptionEnabled = strconv.FormatBool(volume.Encryption.Enabled)
-	} else if a.defaultNodeVolumeEncryption != nil {
-		nodeVolumeEncryptionEnabled = strconv.FormatBool(a.defaultNodeVolumeEncryption.Enabled)
-	}
+	if eks.EBS_STORAGE == storageType {
+		size = volume.Size
 
-	if nodeVolumeEncryptionEnabled == "true" &&
-		volume.Encryption != nil &&
-		volume.Encryption.EncryptionKeyARN != "" {
-		nodeVolumeEncryptionKeyARN = volume.Encryption.EncryptionKeyARN
-	} else if nodeVolumeEncryptionEnabled == "true" &&
-		a.defaultNodeVolumeEncryption != nil &&
-		a.defaultNodeVolumeEncryption.EncryptionKeyARN != "" {
-		nodeVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
-	}
+		if volume.Encryption != nil {
+			nodeVolumeEncryptionEnabled = strconv.FormatBool(volume.Encryption.Enabled)
+		} else if defaultNodeVolumeEncryption != nil {
+			nodeVolumeEncryptionEnabled = strconv.FormatBool(defaultNodeVolumeEncryption.Enabled)
+		}
 
-	if volume.Type != "" {
-		nodeVolumeType = volume.Type
+		if nodeVolumeEncryptionEnabled == "true" &&
+			volume.Encryption != nil &&
+			volume.Encryption.EncryptionKeyARN != "" {
+			nodeVolumeEncryptionKeyARN = volume.Encryption.EncryptionKeyARN
+		} else if nodeVolumeEncryptionEnabled == "true" &&
+			defaultNodeVolumeEncryption != nil &&
+			defaultNodeVolumeEncryption.EncryptionKeyARN != "" {
+			nodeVolumeEncryptionKeyARN = defaultNodeVolumeEncryption.EncryptionKeyARN
+		}
+
+		if volume.Type != "" {
+			nodeVolumeType = volume.Type
+		} else {
+			nodeVolumeType = "gp3"
+		}
 	}
 	return storageType, size, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType
 }
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/update_asg_activity.go b/internal/cluster/distribution/eks/eksprovider/workflow/update_asg_activity.go
index 47ba902112..91af1a4b99 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/update_asg_activity.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/update_asg_activity.go
@@ -17,7 +17,6 @@ package workflow
 import (
 	"context"
 	"fmt"
-	"strconv"
 	"strings"
 	"time"
 
@@ -58,24 +57,21 @@ type UpdateAsgActivityInput struct {
 	EKSActivityInput
 
 	// name of the cloud formation template stack
-	StackName            string
-	Name                 string
-	Version              string
-	NodeSpotPrice        string
-	Autoscaling          bool
-	NodeMinCount         int
-	NodeMaxCount         int
-	Count                int
-	NodeVolumeEncryption *eks.NodePoolVolumeEncryption
-	NodeVolumeSize       int
-	NodeVolumeType       string
-	NodeImage            string
-	NodeInstanceType     string
+	StackName        string
+	Name             string
+	Version          string
+	NodeSpotPrice    string
+	Autoscaling      bool
+	NodeMinCount     int
+	NodeMaxCount     int
+	Count            int
+	NodeVolumes      *eks.NodePoolVolumes
+	NodeImage        string
+	NodeInstanceType string
 
 	// SecurityGroups collects the user specified custom node security group
 	// IDs.
-	SecurityGroups   []string
-	UseInstanceStore *bool
+	SecurityGroups []string
 
 	Labels map[string]string
 	Tags   map[string]string
@@ -184,28 +180,10 @@ func (a *UpdateAsgActivity) Execute(ctx context.Context, input UpdateAsgActivity
 		fmt.Sprintf("%v=%v", cluster.NodePoolNameLabelKey, input.Name),
 	}
 
-	nodeVolumeEncryptionEnabled := ""
-	if input.NodeVolumeEncryption != nil {
-		nodeVolumeEncryptionEnabled = strconv.FormatBool(input.NodeVolumeEncryption.Enabled)
-	} else if a.defaultNodeVolumeEncryption != nil {
-		nodeVolumeEncryptionEnabled = strconv.FormatBool(a.defaultNodeVolumeEncryption.Enabled)
-	}
-
-	nodeVolumeEncryptionKeyARN := ""
-	if nodeVolumeEncryptionEnabled == "true" &&
-		input.NodeVolumeEncryption != nil &&
-		input.NodeVolumeEncryption.EncryptionKeyARN != "" {
-		nodeVolumeEncryptionKeyARN = input.NodeVolumeEncryption.EncryptionKeyARN
-	} else if nodeVolumeEncryptionEnabled == "true" &&
-		a.defaultNodeVolumeEncryption != nil &&
-		a.defaultNodeVolumeEncryption.EncryptionKeyARN != "" {
-		nodeVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
-	}
-
-	nodeVolumeType := "gp3"
-	if input.NodeVolumeType != "" {
-		nodeVolumeType = input.NodeVolumeType
-	}
+	nodeVolumeStorage, nodeVolumeSize, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType :=
+		getDefaultedTemplateVolumeParams(input.NodeVolumes.InstanceRoot, a.defaultNodeVolumeEncryption)
+	kubeletRootVolumeStorage, kubeletRootVolumeSize, kubeletRootVolumeEncryptionEnabled, kubeletRootVolumeEncryptionKeyARN, kubeletRootVolumeType :=
+		getDefaultedTemplateVolumeParams(input.NodeVolumes.KubeletRoot, a.defaultNodeVolumeEncryption)
 
 	var stackTagsBuilder strings.Builder
 	for tagIndex, tag := range tags {
@@ -249,23 +227,59 @@ func (a *UpdateAsgActivity) Execute(ctx context.Context, input UpdateAsgActivity
 			ParameterKey:   aws.String("NodeAutoScalingInitSize"),
 			ParameterValue: aws.String(fmt.Sprintf("%d", input.Count)),
 		},
-		{
-			ParameterKey:   aws.String("NodeVolumeEncryptionEnabled"),
-			ParameterValue: aws.String(nodeVolumeEncryptionEnabled),
-		},
-		{
-			ParameterKey:   aws.String("NodeVolumeEncryptionKeyARN"),
-			ParameterValue: aws.String(nodeVolumeEncryptionKeyARN),
-		},
+
+		sdkCloudformation.NewOptionalStackParameter(
+			"NodeVolumeStorage",
+			nodeVolumeStorage != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"),
+			nodeVolumeStorage,
+		),
+		sdkCloudformation.NewOptionalStackParameter(
+			"NodeVolumeEncryptionEnabled",
+			nodeVolumeEncryptionEnabled != "" || input.CurrentTemplateVersion.IsLessThan("2.1.0"), // Note: older templates cannot use non-existing previous value.
+			nodeVolumeEncryptionEnabled,
+		),
+		sdkCloudformation.NewOptionalStackParameter(
+			"NodeVolumeEncryptionKeyARN",
+			nodeVolumeEncryptionEnabled != "" || input.CurrentTemplateVersion.IsLessThan("2.1.0"), // Note: when enablement is set, key ARN should be updated. // Note: older templates cannot use non-existing previous value.
+			nodeVolumeEncryptionKeyARN,
+		),
 		sdkCloudformation.NewOptionalStackParameter(
 			"NodeVolumeSize",
-			input.NodeVolumeSize > 0,
-			fmt.Sprintf("%d", input.NodeVolumeSize),
+			nodeVolumeSize > 0,
+			fmt.Sprintf("%d", nodeVolumeSize),
 		),
-		{
-			ParameterKey:   aws.String("NodeVolumeType"),
-			ParameterValue: aws.String(nodeVolumeType),
-		},
+		sdkCloudformation.NewOptionalStackParameter(
+			"NodeVolumeType",
+			input.NodeVolumes.InstanceRoot.Type != "" || input.CurrentTemplateVersion.IsLessThan("2.4.0"), // Note: older templates cannot use non-existing previous value.
+			nodeVolumeType,
+		),
+
+		sdkCloudformation.NewOptionalStackParameter(
+			"KubeletRootVolumeStorage",
+			kubeletRootVolumeStorage != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"),
+			kubeletRootVolumeStorage,
+		),
+		sdkCloudformation.NewOptionalStackParameter(
+			"KubeletRootVolumeEncryptionEnabled",
+			kubeletRootVolumeEncryptionEnabled != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"), // Note: older templates cannot use non-existing previous value.
+			kubeletRootVolumeEncryptionEnabled,
+		),
+		sdkCloudformation.NewOptionalStackParameter(
+			"KubeletRootVolumeEncryptionKeyARN",
+			kubeletRootVolumeEncryptionEnabled != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"), // Note: when enablement is set, key ARN should be updated. // Note: older templates cannot use non-existing previous value.
+			kubeletRootVolumeEncryptionKeyARN,
+		),
+		sdkCloudformation.NewOptionalStackParameter(
+			"KubeletRootVolumeSize",
+			kubeletRootVolumeSize > 0 || input.CurrentTemplateVersion.IsLessThan("2.5.0"),
+			fmt.Sprintf("%d", kubeletRootVolumeSize),
+		),
+		sdkCloudformation.NewOptionalStackParameter(
+			"KubeletRootVolumeType",
+			input.NodeVolumes.KubeletRoot.Type != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"), // Note: older templates cannot use non-existing previous value.
+			kubeletRootVolumeType,
+		),
+
 		{
 			ParameterKey:   aws.String("StackTags"),
 			ParameterValue: aws.String(stackTagsBuilder.String()),
@@ -314,11 +328,6 @@ func (a *UpdateAsgActivity) Execute(ctx context.Context, input UpdateAsgActivity
 			ParameterKey:   aws.String("KubeletExtraArguments"),
 			ParameterValue: aws.String(fmt.Sprintf("--node-labels %v", strings.Join(nodeLabels, ","))),
 		},
-		sdkCloudformation.NewOptionalStackParameter(
-			"UseInstanceStore",
-			input.UseInstanceStore != nil || input.CurrentTemplateVersion.IsLessThan("2.2.0"),
-			strconv.FormatBool(aws.BoolValue(input.UseInstanceStore)), // Note: false default value for old stacks.
-		),
 	}
 
 	requestToken := aws.String(sdkAmazon.NewNormalizedClientRequestToken(activity.GetInfo(ctx).WorkflowExecution.ID))
diff --git a/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go b/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
index 00f14b8836..abe32d7363 100644
--- a/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
+++ b/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
@@ -62,13 +62,10 @@ type UpdateNodeGroupActivityInput struct {
 	NodePoolName    string
 	NodePoolVersion string
 
-	NodeVolumeEncryption *eks.NodePoolVolumeEncryption
-	NodeVolumeSize       int
-	NodeVolumeType       string
-	NodeImage            string
-	DesiredCapacity      int64
-	SecurityGroups       []string
-	UseInstanceStore     *bool
+	NodeVolumes     *eks.NodePoolVolumes
+	NodeImage       string
+	DesiredCapacity int64
+	SecurityGroups  []string
 
 	MaxBatchSize          int
 	MinInstancesInService int
@@ -118,30 +115,70 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 	}
 
 	nodeVolumeEncryptionEnabled := ""
-	if input.NodeVolumeEncryption != nil {
-		nodeVolumeEncryptionEnabled = strconv.FormatBool(input.NodeVolumeEncryption.Enabled)
-	} else if input.CurrentTemplateVersion.IsLessThan("2.1.0") &&
-		a.defaultNodeVolumeEncryption != nil { // Note: old stack, Pipeline default should take precedence over AWS default.
-		nodeVolumeEncryptionEnabled = strconv.FormatBool(a.defaultNodeVolumeEncryption.Enabled)
-	}
-
 	nodeVolumeEncryptionKeyARN := ""
-	if nodeVolumeEncryptionEnabled == "true" &&
-		input.NodeVolumeEncryption != nil &&
-		input.NodeVolumeEncryption.EncryptionKeyARN != "" {
-		nodeVolumeEncryptionKeyARN = input.NodeVolumeEncryption.EncryptionKeyARN
-	} else if nodeVolumeEncryptionEnabled == "true" &&
-		a.defaultNodeVolumeEncryption != nil &&
-		a.defaultNodeVolumeEncryption.EncryptionKeyARN != "" {
-		nodeVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
-	} else if input.CurrentTemplateVersion.IsLessThan("2.1.0") &&
-		a.defaultNodeVolumeEncryption != nil { // Note: old stack, Pipeline default should take precedence over AWS default.
-		nodeVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
+	nodeVolumeType := ""
+	nodeVolumeSize := 0
+
+	if eks.EBS_STORAGE == input.NodeVolumes.InstanceRoot.Storage {
+		if input.NodeVolumes.InstanceRoot.Encryption != nil {
+			nodeVolumeEncryptionEnabled = strconv.FormatBool(input.NodeVolumes.InstanceRoot.Encryption.Enabled)
+		} else if input.CurrentTemplateVersion.IsLessThan("2.1.0") &&
+			a.defaultNodeVolumeEncryption != nil { // Note: old stack, Pipeline default should take precedence over AWS default.
+			nodeVolumeEncryptionEnabled = strconv.FormatBool(a.defaultNodeVolumeEncryption.Enabled)
+		}
+
+		if nodeVolumeEncryptionEnabled == "true" &&
+			input.NodeVolumes.InstanceRoot.Encryption != nil &&
+			input.NodeVolumes.InstanceRoot.Encryption.EncryptionKeyARN != "" {
+			nodeVolumeEncryptionKeyARN = input.NodeVolumes.InstanceRoot.Encryption.EncryptionKeyARN
+		} else if nodeVolumeEncryptionEnabled == "true" &&
+			a.defaultNodeVolumeEncryption != nil &&
+			a.defaultNodeVolumeEncryption.EncryptionKeyARN != "" {
+			nodeVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
+		} else if input.CurrentTemplateVersion.IsLessThan("2.1.0") &&
+			a.defaultNodeVolumeEncryption != nil { // Note: old stack, Pipeline default should take precedence over AWS default.
+			nodeVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
+		}
+
+		nodeVolumeType = "gp3"
+		if input.NodeVolumes.InstanceRoot.Type != "" {
+			nodeVolumeType = input.NodeVolumes.InstanceRoot.Type
+		}
+
+		nodeVolumeSize = input.NodeVolumes.InstanceRoot.Size
 	}
 
-	nodeVolumeType := "gp3"
-	if input.NodeVolumeType != "" {
-		nodeVolumeType = input.NodeVolumeType
+	kubeletRootVolumeEncryptionEnabled := ""
+	kubeletRootVolumeEncryptionKeyARN := ""
+	kubeletRootVolumeType := ""
+	kubeletRootVolumeSize := 0
+	if eks.EBS_STORAGE == input.NodeVolumes.KubeletRoot.Storage {
+		if input.NodeVolumes.KubeletRoot.Encryption != nil {
+			kubeletRootVolumeEncryptionEnabled = strconv.FormatBool(input.NodeVolumes.KubeletRoot.Encryption.Enabled)
+		} else if input.CurrentTemplateVersion.IsLessThan("2.5.0") &&
+			a.defaultNodeVolumeEncryption != nil { // Note: old stack, Pipeline default should take precedence over AWS default.
+			kubeletRootVolumeEncryptionEnabled = strconv.FormatBool(a.defaultNodeVolumeEncryption.Enabled)
+		}
+
+		if kubeletRootVolumeEncryptionEnabled == "true" &&
+			input.NodeVolumes.KubeletRoot.Encryption != nil &&
+			input.NodeVolumes.KubeletRoot.Encryption.EncryptionKeyARN != "" {
+			kubeletRootVolumeEncryptionKeyARN = input.NodeVolumes.KubeletRoot.Encryption.EncryptionKeyARN
+		} else if kubeletRootVolumeEncryptionEnabled == "true" &&
+			a.defaultNodeVolumeEncryption != nil &&
+			a.defaultNodeVolumeEncryption.EncryptionKeyARN != "" {
+			kubeletRootVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
+		} else if input.CurrentTemplateVersion.IsLessThan("2.5.0") &&
+			a.defaultNodeVolumeEncryption != nil { // Note: old stack, Pipeline default should take precedence over AWS default.
+			kubeletRootVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
+		}
+
+		kubeletRootVolumeType = "gp3"
+		if input.NodeVolumes.KubeletRoot.Type != "" {
+			kubeletRootVolumeType = input.NodeVolumes.KubeletRoot.Type
+		}
+
+		kubeletRootVolumeSize = input.NodeVolumes.KubeletRoot.Size
 	}
 
 	tags := getNodePoolStackTags(input.ClusterName, input.ClusterTags)
@@ -200,6 +237,12 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 			input.DesiredCapacity > 0,
 			fmt.Sprintf("%d", input.DesiredCapacity),
 		),
+		// InstanceRoot / Node volume params
+		sdkCloudFormation.NewOptionalStackParameter(
+			"NodeVolumeStorage",
+			input.NodeVolumes.InstanceRoot.Storage != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"),
+			input.NodeVolumes.InstanceRoot.Storage,
+		),
 		sdkCloudFormation.NewOptionalStackParameter(
 			"NodeVolumeEncryptionEnabled",
 			nodeVolumeEncryptionEnabled != "" || input.CurrentTemplateVersion.IsLessThan("2.1.0"), // Note: older templates cannot use non-existing previous value.
@@ -212,14 +255,41 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 		),
 		sdkCloudFormation.NewOptionalStackParameter(
 			"NodeVolumeSize",
-			input.NodeVolumeSize > 0,
-			fmt.Sprintf("%d", input.NodeVolumeSize),
+			nodeVolumeSize > 0,
+			fmt.Sprintf("%d", nodeVolumeSize),
 		),
 		sdkCloudFormation.NewOptionalStackParameter(
 			"NodeVolumeType",
-			input.NodeVolumeType != "" || input.CurrentTemplateVersion.IsLessThan("2.4.0"), // Note: older templates cannot use non-existing previous value.
+			input.NodeVolumes.InstanceRoot.Type != "" || input.CurrentTemplateVersion.IsLessThan("2.4.0"), // Note: older templates cannot use non-existing previous value.
 			nodeVolumeType,
 		),
+		// KubeletRoot volume params
+		sdkCloudFormation.NewOptionalStackParameter(
+			"KubeletRootVolumeStorage",
+			input.NodeVolumes.KubeletRoot.Storage != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"),
+			input.NodeVolumes.KubeletRoot.Storage,
+		),
+		sdkCloudFormation.NewOptionalStackParameter(
+			"KubeletRootVolumeEncryptionEnabled",
+			kubeletRootVolumeEncryptionEnabled != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"), // Note: older templates cannot use non-existing previous value.
+			kubeletRootVolumeEncryptionEnabled,
+		),
+		sdkCloudFormation.NewOptionalStackParameter(
+			"KubeletRootVolumeEncryptionKeyARN",
+			kubeletRootVolumeEncryptionEnabled != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"), // Note: when enablement is set, key ARN should be updated. // Note: older templates cannot use non-existing previous value.
+			kubeletRootVolumeEncryptionKeyARN,
+		),
+		sdkCloudFormation.NewOptionalStackParameter(
+			"KubeletRootVolumeSize",
+			kubeletRootVolumeSize > 0 || input.CurrentTemplateVersion.IsLessThan("2.5.0"),
+			fmt.Sprintf("%d", kubeletRootVolumeSize),
+		),
+		sdkCloudFormation.NewOptionalStackParameter(
+			"KubeletRootVolumeType",
+			input.NodeVolumes.KubeletRoot.Type != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"), // Note: older templates cannot use non-existing previous value.
+			kubeletRootVolumeType,
+		),
+
 		{
 			ParameterKey:   aws.String("StackTags"),
 			ParameterValue: aws.String(stackTagsBuilder.String()),
@@ -264,11 +334,6 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 			ParameterKey:   aws.String("KubeletExtraArguments"),
 			ParameterValue: aws.String(fmt.Sprintf("--node-labels %v", strings.Join(nodeLabels, ","))),
 		},
-		sdkCloudFormation.NewOptionalStackParameter(
-			"UseInstanceStore",
-			input.UseInstanceStore != nil || input.CurrentTemplateVersion.IsLessThan("2.2.0"),
-			strconv.FormatBool(aws.BoolValue(input.UseInstanceStore)), // Note: false default value for old stacks.
-		),
 	}
 
 	// we don't reuse the creation time template, since it may have changed
diff --git a/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go b/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
index 28cc1d0443..1d4f3a97e5 100644
--- a/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
+++ b/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
@@ -70,12 +70,9 @@ type UpdateNodePoolWorkflowInput struct {
 	ClusterName     string
 	NodePoolName    string
 
-	NodeVolumeEncryption *eks.NodePoolVolumeEncryption
-	NodeVolumeSize       int
-	NodeVolumeType       string
-	NodeImage            string
-	SecurityGroups       []string
-	UseInstanceStore     *bool
+	NodeVolumes    *eks.NodePoolVolumes
+	NodeImage      string
+	SecurityGroups []string
 
 	Options eks.NodePoolUpdateOptions
 
@@ -136,10 +133,19 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 
 	var currentTemplateVersion semver.Version
 	effectiveImage := input.NodeImage
-	effectiveVolumeEncryption := input.NodeVolumeEncryption
-	effectiveVolumeSize := input.NodeVolumeSize
+
 	effectiveSecurityGroups := input.SecurityGroups
-	effectiveUseInstanceStore := input.UseInstanceStore
+
+	effectiveVolumes := input.NodeVolumes
+	if effectiveVolumes == nil {
+		effectiveVolumes = &eks.NodePoolVolumes{}
+	}
+	if effectiveVolumes.InstanceRoot == nil {
+		effectiveVolumes.InstanceRoot = &eks.NodePoolVolume{}
+	}
+	if effectiveVolumes.KubeletRoot == nil {
+		effectiveVolumes.KubeletRoot = &eks.NodePoolVolume{}
+	}
 
 	{ // Note: needing CF stack for template version and possibly node pool version.
 		getCFStackInput := eksWorkflow.GetCFStackActivityInput{
@@ -155,14 +161,17 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 		}
 
 		var parameters struct {
-			CustomNodeSecurityGroups    string         `mapstructure:"CustomNodeSecurityGroups,omitempty"` // Note: CustomNodeSecurityGroups is only available from template version 2.0.0.
-			NodeImageID                 string         `mapstructure:"NodeImageId"`
-			NodeVolumeEncryptionEnabled string         `mapstructure:"NodeVolumeEncryptionEnabled,omitempty"` // Note: NodeVolumeEncryptionEnabled is only available from template version 2.1.0.
-			NodeVolumeEncryptionKeyARN  string         `mapstructure:"NodeVolumeEncryptionKeyARN,omitempty"`  // Note: NodeVolumeEncryptionKeyARN is only available from template version 2.1.0.
-			NodeVolumeSize              int            `mapstructure:"NodeVolumeSize"`
-			TemplateVersion             semver.Version `mapstructure:"TemplateVersion,omitempty"`  // Note: TemplateVersion is only available from template version 2.0.0.
-			UseInstanceStore            string         `mapstructure:"UseInstanceStore,omitempty"` // Note: TemplateVersion is only available from template version 2.2.0.
-
+			CustomNodeSecurityGroups           string         `mapstructure:"CustomNodeSecurityGroups,omitempty"` // Note: CustomNodeSecurityGroups is only available from template version 2.0.0.
+			NodeImageID                        string         `mapstructure:"NodeImageId"`
+			NodeVolumeStorage                  string         `mapstructure:"NodeVolumeStorage,omitempty"`           // Note: NodeVolumeStorage is only available from template version 2.5.0.
+			NodeVolumeEncryptionEnabled        string         `mapstructure:"NodeVolumeEncryptionEnabled,omitempty"` // Note: NodeVolumeEncryptionEnabled is only available from template version 2.1.0.
+			NodeVolumeEncryptionKeyARN         string         `mapstructure:"NodeVolumeEncryptionKeyARN,omitempty"`  // Note: NodeVolumeEncryptionKeyARN is only available from template version 2.1.0.
+			NodeVolumeSize                     int            `mapstructure:"NodeVolumeSize"`
+			KubeletRootVolumeStorage           string         `mapstructure:"KubeletRootVolumeStorage,omitempty"`           // Note: KubeletRootVolumeStorage is only available from template version 2.5.0.
+			KubeletRootVolumeEncryptionEnabled string         `mapstructure:"KubeletRootVolumeEncryptionEnabled,omitempty"` // Note: KubeletRootVolumeEncryptionEnabled is only available from template version 2.5.0.
+			KubeletRootVolumeEncryptionKeyARN  string         `mapstructure:"KubeletRootVolumeEncryptionKeyARN,omitempty"`  // Note: KubeletRootVolumeEncryptionKeyARN is only available from template version 2.5.0.
+			KubeletRootVolumeSize              int            `mapstructure:"KubeletRootVolumeSize,omitempty"`              // Note: KubeletRootVolumeSize is only available from template version 2.5.0.
+			TemplateVersion                    semver.Version `mapstructure:"TemplateVersion,omitempty"`                    // Note: TemplateVersion is only available from template version 2.0.0.
 		}
 		err = sdkCloudFormation.ParseStackParameters(getCFStackOutput.Stack.Parameters, &parameters)
 		if err != nil {
@@ -175,41 +184,57 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 			effectiveImage = parameters.NodeImageID
 		}
 
-		if effectiveVolumeEncryption == nil &&
+		if effectiveVolumes.InstanceRoot.Storage == "" {
+			effectiveVolumes.InstanceRoot.Storage = parameters.NodeVolumeStorage
+		}
+
+		if effectiveVolumes.InstanceRoot.Encryption == nil &&
 			parameters.NodeVolumeEncryptionEnabled != "" {
 			isNodeVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.NodeVolumeEncryptionEnabled)
 			if err != nil {
 				return errors.WrapIf(err, "invalid node volume encryption enabled value")
 			}
 
-			effectiveVolumeEncryption = &eks.NodePoolVolumeEncryption{
+			effectiveVolumes.InstanceRoot.Encryption = &eks.NodePoolVolumeEncryption{
 				Enabled:          isNodeVolumeEncryptionEnabled,
 				EncryptionKeyARN: parameters.NodeVolumeEncryptionKeyARN,
 			}
 		}
 
-		if effectiveVolumeSize == 0 {
-			effectiveVolumeSize = parameters.NodeVolumeSize
+		if effectiveVolumes.InstanceRoot.Size == 0 {
+			effectiveVolumes.InstanceRoot.Size = parameters.NodeVolumeSize
 		}
 
-		if effectiveSecurityGroups == nil &&
-			parameters.CustomNodeSecurityGroups != "" {
-			effectiveSecurityGroups = strings.Split(parameters.CustomNodeSecurityGroups, ",")
-			sort.Strings(effectiveSecurityGroups)
+		if effectiveVolumes.KubeletRoot.Storage == "" {
+			effectiveVolumes.KubeletRoot.Storage = parameters.KubeletRootVolumeStorage
 		}
 
-		if effectiveUseInstanceStore == nil &&
-			parameters.UseInstanceStore != "" {
-			useInstanceStore, err := strconv.ParseBool(parameters.UseInstanceStore)
+		if effectiveVolumes.KubeletRoot.Encryption == nil &&
+			parameters.KubeletRootVolumeEncryptionEnabled != "" {
+			isVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.KubeletRootVolumeEncryptionEnabled)
 			if err != nil {
-				return errors.WrapIf(err, "invalid UseInstanceStore parameter value")
+				return errors.WrapIf(err, "invalid kubelet root volume encryption enabled value")
+			}
+
+			effectiveVolumes.KubeletRoot.Encryption = &eks.NodePoolVolumeEncryption{
+				Enabled:          isVolumeEncryptionEnabled,
+				EncryptionKeyARN: parameters.KubeletRootVolumeEncryptionKeyARN,
 			}
-			effectiveUseInstanceStore = &useInstanceStore
+		}
+
+		if effectiveVolumes.KubeletRoot.Size == 0 {
+			effectiveVolumes.KubeletRoot.Size = parameters.KubeletRootVolumeSize
+		}
+
+		if effectiveSecurityGroups == nil &&
+			parameters.CustomNodeSecurityGroups != "" {
+			effectiveSecurityGroups = strings.Split(parameters.CustomNodeSecurityGroups, ",")
+			sort.Strings(effectiveSecurityGroups)
 		}
 	}
 
 	var volumeSize int
-	if input.NodeVolumeSize > 0 {
+	if input.NodeVolumes != nil && input.NodeVolumes.InstanceRoot != nil && input.NodeVolumes.InstanceRoot.Size > 0 {
 		var amiSize int
 		{
 			activityInput := eksWorkflow.GetAMISizeActivityInput{
@@ -230,7 +255,7 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 		{
 			activityInput := eksWorkflow.SelectVolumeSizeActivityInput{
 				AMISize:            amiSize,
-				OptionalVolumeSize: input.NodeVolumeSize,
+				OptionalVolumeSize: input.NodeVolumes.InstanceRoot.Size,
 			}
 			var activityOutput eksWorkflow.SelectVolumeSizeActivityOutput
 			processActivity := process.StartActivity(ctx, eksWorkflow.SelectVolumeSizeActivityName)
@@ -241,19 +266,16 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 			}
 
 			volumeSize = activityOutput.VolumeSize
-			effectiveVolumeSize = volumeSize
+			effectiveVolumes.InstanceRoot.Size = volumeSize
 		}
 	}
 
-	// todo x
 	var nodePoolVersion string
 	{
 		activityInput := eksWorkflow.CalculateNodePoolVersionActivityInput{
-			Image: effectiveImage,
-			//VolumeEncryption:     effectiveVolumeEncryption,
-			//VolumeSize:           effectiveVolumeSize,
+			Image:                effectiveImage,
+			Volumes:              *effectiveVolumes,
 			CustomSecurityGroups: effectiveSecurityGroups,
-			// UseInstanceStore:     effectiveUseInstanceStore,
 		}
 
 		var output eksWorkflow.CalculateNodePoolVersionActivityOutput
@@ -277,12 +299,9 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 			StackName:              input.StackName,
 			NodePoolName:           input.NodePoolName,
 			NodePoolVersion:        nodePoolVersion,
-			NodeVolumeEncryption:   input.NodeVolumeEncryption,
-			NodeVolumeSize:         volumeSize,
-			NodeVolumeType:         input.NodeVolumeType,
+			NodeVolumes:            effectiveVolumes,
 			NodeImage:              input.NodeImage,
 			SecurityGroups:         input.SecurityGroups,
-			UseInstanceStore:       input.UseInstanceStore,
 			MaxBatchSize:           input.Options.MaxBatchSize,
 			MinInstancesInService:  input.Options.MaxSurge,
 			ClusterTags:            input.ClusterTags,
diff --git a/internal/cluster/distribution/eks/service.go b/internal/cluster/distribution/eks/service.go
index 541a27c3fe..60c92cedea 100644
--- a/internal/cluster/distribution/eks/service.go
+++ b/internal/cluster/distribution/eks/service.go
@@ -66,13 +66,19 @@ type ClusterUpdate struct {
 // A node pool update contains a partial representation of the node pool resource,
 // updating only the changed values.
 type NodePoolUpdate struct {
+	Volumes *NodePoolVolumes `mapstructure:"volumes,omitempty"`
+
+	// deprecated, property replaced with Volumes.InstanceRoot.Encryption
 	VolumeEncryption *NodePoolVolumeEncryption `mapstructure:"volumeEncryption,omitempty"`
-	VolumeSize       int                       `mapstructure:"volumeSize"`
-	VolumeType       string                    `mapstructure:"volumeType"`
+	// deprecated, property replaced with Volumes.InstanceRoot.Size
+	VolumeSize int `mapstructure:"volumeSize"`
+	// deprecated, property replaced with Volumes.InstanceRoot.Type
+	VolumeType string `mapstructure:"volumeType"`
+	// deprecated, property replaced with Volumes.KubeletRoot.Type="instance-storage"
+	UseInstanceStore *bool `mapstructure:"useInstanceStore,omitempty"`
 
-	Image            string   `mapstructure:"image"`
-	SecurityGroups   []string `mapstructure:"securityGroups"`
-	UseInstanceStore *bool    `mapstructure:"useInstanceStore,omitempty"`
+	Image          string   `mapstructure:"image"`
+	SecurityGroups []string `mapstructure:"securityGroups"`
 
 	Options NodePoolUpdateOptions `mapstructure:"options"`
 }
@@ -102,41 +108,56 @@ type NodePoolUpdateDrainOptions struct {
 
 // NodePool encapsulates information about a cluster node pool.
 type NodePool struct {
-	Name             string                    `mapstructure:"name"`
-	Labels           map[string]string         `mapstructure:"labels"`
-	Size             int                       `mapstructure:"size"`
-	Autoscaling      Autoscaling               `mapstructure:"autoscaling"`
+	Name        string            `mapstructure:"name"`
+	Labels      map[string]string `mapstructure:"labels"`
+	Size        int               `mapstructure:"size"`
+	Autoscaling Autoscaling       `mapstructure:"autoscaling"`
+
+	Volumes *NodePoolVolumes `mapstructure:"volumes"`
+
+	InstanceType   string   `mapstructure:"instanceType"`
+	Image          string   `mapstructure:"image"`
+	SpotPrice      string   `mapstructure:"spotPrice"`
+	SecurityGroups []string `mapstructure:"securityGroups,omitempty"`
+	SubnetID       string   `mapstructure:"subnetId"`
+
+	Status        NodePoolStatus `mapstructure:"status"`
+	StatusMessage string         `mapstructure:"statusMessage"`
+
+	// deprecated
 	VolumeEncryption *NodePoolVolumeEncryption `mapstructure:"volumeEncryption,omitempty"`
-	VolumeSize       int                       `mapstructure:"volumeSize"`
-	VolumeType       string                    `mapstructure:"volumeType"`
-	InstanceType     string                    `mapstructure:"instanceType"`
-	Image            string                    `mapstructure:"image"`
-	SpotPrice        string                    `mapstructure:"spotPrice"`
-	SecurityGroups   []string                  `mapstructure:"securityGroups,omitempty"`
-	SubnetID         string                    `mapstructure:"subnetId"`
-	UseInstanceStore bool                      `mapstructure:"UseInstanceStore"`
-	Status           NodePoolStatus            `mapstructure:"status"`
-	StatusMessage    string                    `mapstructure:"statusMessage"`
+	// deprecated
+	VolumeSize int `mapstructure:"volumeSize"`
+	// deprecated
+	VolumeType string `mapstructure:"volumeType"`
+	// deprecated
+	UseInstanceStore bool `mapstructure:"UseInstanceStore"`
 }
 
 // NewNodePoolFromCFStack initializes a node pool object from a CloudFormation
 // stack.
 func NewNodePoolFromCFStack(name string, labels map[string]string, stack *cloudformation.Stack) (nodePool NodePool) {
 	var nodePoolParameters struct {
-		ClusterAutoscalerEnabled    bool   `mapstructure:"ClusterAutoscalerEnabled"`
-		NodeAutoScalingGroupMaxSize int    `mapstructure:"NodeAutoScalingGroupMaxSize"`
-		NodeAutoScalingGroupMinSize int    `mapstructure:"NodeAutoScalingGroupMinSize"`
-		NodeAutoScalingInitSize     int    `mapstructure:"NodeAutoScalingInitSize"`
-		NodeImageID                 string `mapstructure:"NodeImageId"`
-		NodeInstanceType            string `mapstructure:"NodeInstanceType"`
-		NodeSpotPrice               string `mapstructure:"NodeSpotPrice"`
-		NodeVolumeEncryptionEnabled string `mapstructure:"NodeVolumeEncryptionEnabled,omitempty"` // Note: NodeVolumeEncryptionEnabled is only available from template version 2.1.0.
-		NodeVolumeEncryptionKeyARN  string `mapstructure:"NodeVolumeEncryptionKeyARN,omitempty"`  // Note: NodeVolumeEncryptionKeyARN is only available from template version 2.1.0.
-		NodeVolumeSize              int    `mapstructure:"NodeVolumeSize"`
-		NodeVolumeType              string `mapstructure:"NodeVolumeType,omitempty"`           // Note: NodeVolumeType is only available from template version 2.4.0.
-		CustomNodeSecurityGroups    string `mapstructure:"CustomNodeSecurityGroups,omitempty"` // Note: CustomNodeSecurityGroups is only available from template version 2.0.0.
-		Subnets                     string `mapstructure:"Subnets"`
-		UseInstanceStore            string `mapstructure:"UseInstanceStore,omitempty"` // Note: UseInstanceStore is only available from template version 2.2.0.
+		ClusterAutoscalerEnabled           bool   `mapstructure:"ClusterAutoscalerEnabled"`
+		NodeAutoScalingGroupMaxSize        int    `mapstructure:"NodeAutoScalingGroupMaxSize"`
+		NodeAutoScalingGroupMinSize        int    `mapstructure:"NodeAutoScalingGroupMinSize"`
+		NodeAutoScalingInitSize            int    `mapstructure:"NodeAutoScalingInitSize"`
+		NodeImageID                        string `mapstructure:"NodeImageId"`
+		NodeInstanceType                   string `mapstructure:"NodeInstanceType"`
+		NodeSpotPrice                      string `mapstructure:"NodeSpotPrice"`
+		NodeVolumeStorage                  string `mapstructure:"NodeVolumeStorage,omitempty"`           // Note: NodeVolumeStorage is only available from template version 2.5.0.
+		NodeVolumeEncryptionEnabled        string `mapstructure:"NodeVolumeEncryptionEnabled,omitempty"` // Note: NodeVolumeEncryptionEnabled is only available from template version 2.1.0.
+		NodeVolumeEncryptionKeyARN         string `mapstructure:"NodeVolumeEncryptionKeyARN,omitempty"`  // Note: NodeVolumeEncryptionKeyARN is only available from template version 2.1.0.
+		NodeVolumeSize                     int    `mapstructure:"NodeVolumeSize"`
+		NodeVolumeType                     string `mapstructure:"NodeVolumeType,omitempty"`                     // Note: NodeVolumeType is only available from template version 2.4.0.
+		KubeletRootVolumeStorage           string `mapstructure:"KubeletRootVolumeStorage,omitempty"`           // Note: KubeletRootVolumeStorage is only available from template version 2.5.0.
+		KubeletRootVolumeEncryptionEnabled string `mapstructure:"KubeletRootVolumeEncryptionEnabled,omitempty"` // Note: KubeletRootVolumeEncryptionEnabled is only available from template version 2.5.0.
+		KubeletRootVolumeEncryptionKeyARN  string `mapstructure:"KubeletRootVolumeEncryptionKeyARN,omitempty"`  // Note: KubeletRootVolumeEncryptionKeyARN is only available from template version 2.5.0.
+		KubeletRootVolumeSize              int    `mapstructure:"KubeletRootVolumeSize,omitempty"`              // Note: KubeletRootVolumeSize is only available from template version 2.5.0.
+		KubeletRootVolumeType              string `mapstructure:"KubeletRootVolumeType,omitempty"`              // Note: KubeletRootVolumeType is only available from template version 2.5.0.
+		CustomNodeSecurityGroups           string `mapstructure:"CustomNodeSecurityGroups,omitempty"`           // Note: CustomNodeSecurityGroups is only available from template version 2.0.0.
+		Subnets                            string `mapstructure:"Subnets"`
+		UseInstanceStore                   string `mapstructure:"UseInstanceStore,omitempty"` // Note: UseInstanceStore is only available from template version 2.2.0.
 	}
 
 	err := sdkCloudFormation.ParseStackParameters(stack.Parameters, &nodePoolParameters)
@@ -153,6 +174,53 @@ func NewNodePoolFromCFStack(name string, labels map[string]string, stack *cloudf
 		MaxSize: nodePoolParameters.NodeAutoScalingGroupMaxSize,
 	}
 
+	if "" != nodePoolParameters.NodeVolumeStorage {
+		nodePool.Volumes = &NodePoolVolumes{
+			InstanceRoot: &NodePoolVolume{
+				Storage: nodePoolParameters.NodeVolumeStorage,
+			},
+		}
+	}
+
+	if EBS_STORAGE == nodePoolParameters.NodeVolumeStorage {
+		nodePool.Volumes.InstanceRoot.Size = nodePoolParameters.NodeVolumeSize
+		nodePool.Volumes.InstanceRoot.Type = nodePoolParameters.NodeVolumeType
+
+		if nodePoolParameters.NodeVolumeEncryptionEnabled != "" {
+			nodePool.Volumes.InstanceRoot.Encryption = &NodePoolVolumeEncryption{}
+			nodePool.Volumes.InstanceRoot.Encryption.Enabled, err = strconv.ParseBool(nodePoolParameters.NodeVolumeEncryptionEnabled)
+			if err != nil {
+				return NewNodePoolWithNoValues(name, NodePoolStatusError, "invalid encryption information")
+			}
+
+			nodePool.Volumes.InstanceRoot.Encryption.EncryptionKeyARN = nodePoolParameters.NodeVolumeEncryptionKeyARN
+		}
+	}
+
+	switch nodePoolParameters.KubeletRootVolumeStorage {
+	case EBS_STORAGE:
+		nodePool.Volumes.KubeletRoot = &NodePoolVolume{
+			Storage: nodePoolParameters.KubeletRootVolumeStorage,
+		}
+		nodePool.Volumes.KubeletRoot.Size = nodePoolParameters.KubeletRootVolumeSize
+		nodePool.Volumes.KubeletRoot.Type = nodePoolParameters.KubeletRootVolumeType
+
+		if nodePoolParameters.KubeletRootVolumeEncryptionEnabled != "" {
+			nodePool.Volumes.KubeletRoot.Encryption = &NodePoolVolumeEncryption{}
+			nodePool.Volumes.KubeletRoot.Encryption.Enabled, err = strconv.ParseBool(nodePoolParameters.KubeletRootVolumeEncryptionEnabled)
+			if err != nil {
+				return NewNodePoolWithNoValues(name, NodePoolStatusError, "invalid encryption information")
+			}
+
+			nodePool.Volumes.KubeletRoot.Encryption.EncryptionKeyARN = nodePoolParameters.KubeletRootVolumeEncryptionKeyARN
+		}
+	case INSTANCE_STORE_STORAGE:
+		nodePool.Volumes.KubeletRoot = &NodePoolVolume{
+			Storage: nodePoolParameters.KubeletRootVolumeStorage,
+		}
+	}
+
+	// deprecated
 	if nodePoolParameters.NodeVolumeEncryptionEnabled != "" {
 		nodePool.VolumeEncryption = &NodePoolVolumeEncryption{}
 		nodePool.VolumeEncryption.Enabled, err = strconv.ParseBool(nodePoolParameters.NodeVolumeEncryptionEnabled)
@@ -162,9 +230,9 @@ func NewNodePoolFromCFStack(name string, labels map[string]string, stack *cloudf
 
 		nodePool.VolumeEncryption.EncryptionKeyARN = nodePoolParameters.NodeVolumeEncryptionKeyARN
 	}
-
 	nodePool.VolumeSize = nodePoolParameters.NodeVolumeSize
 	nodePool.VolumeType = nodePoolParameters.NodeVolumeType
+
 	nodePool.InstanceType = nodePoolParameters.NodeInstanceType
 	nodePool.Image = nodePoolParameters.NodeImageID
 	nodePool.SpotPrice = nodePoolParameters.NodeSpotPrice
diff --git a/src/cluster/eks_update_cluster.go b/src/cluster/eks_update_cluster.go
index 9a6501a18a..4d786bbfaf 100644
--- a/src/cluster/eks_update_cluster.go
+++ b/src/cluster/eks_update_cluster.go
@@ -205,8 +205,18 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 
 			var currentTemplateVersion semver.Version
 			effectiveImage := updatedNodePool.NodeImage
-			effectiveVolumeEncryption := updatedNodePool.NodeVolumeEncryption
-			effectiveVolumeSize := updatedNodePool.NodeVolumeSize
+
+			effectiveVolumes := updatedNodePool.Volumes
+			if effectiveVolumes == nil {
+				effectiveVolumes = &eks.NodePoolVolumes{}
+			}
+			if effectiveVolumes.InstanceRoot == nil {
+				effectiveVolumes.InstanceRoot = &eks.NodePoolVolume{}
+			}
+			if effectiveVolumes.KubeletRoot == nil {
+				effectiveVolumes.KubeletRoot = &eks.NodePoolVolume{}
+			}
+
 			effectiveSecurityGroups := updatedNodePool.SecurityGroups
 			{ // Note: needing CF stack for template version and possibly node pool version.
 				getCFStackInput := eksWorkflow.GetCFStackActivityInput{
@@ -220,12 +230,17 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 				}
 
 				var parameters struct {
-					CustomNodeSecurityGroups    string         `mapstructure:"CustomNodeSecurityGroups,omitempty"` // Note: CustomNodeSecurityGroups is only available from template version 2.0.0.
-					NodeImageID                 string         `mapstructure:"NodeImageId"`
-					NodeVolumeEncryptionEnabled string         `mapstructure:"NodeVolumeEncryptionEnabled,omitempty"` // Note: NodeVolumeEncryptionEnabled is only available from template version 2.1.0.
-					NodeVolumeEncryptionKeyARN  string         `mapstructure:"NodeVolumeEncryptionKeyARN,omitempty"`  // Note: NodeVolumeEncryptionKeyARN is only available from template version 2.1.0.
-					NodeVolumeSize              int            `mapstructure:"NodeVolumeSize"`
-					TemplateVersion             semver.Version `mapstructure:"TemplateVersion,omitempty"` // Note: TemplateVersion is only available from template version 2.0.0.
+					CustomNodeSecurityGroups           string         `mapstructure:"CustomNodeSecurityGroups,omitempty"` // Note: CustomNodeSecurityGroups is only available from template version 2.0.0.
+					NodeImageID                        string         `mapstructure:"NodeImageId"`
+					NodeVolumeStorage                  string         `mapstructure:"NodeVolumeStorage,omitempty"`           // Note: NodeVolumeStorage is only available from template version 2.5.0.
+					NodeVolumeEncryptionEnabled        string         `mapstructure:"NodeVolumeEncryptionEnabled,omitempty"` // Note: NodeVolumeEncryptionEnabled is only available from template version 2.1.0.
+					NodeVolumeEncryptionKeyARN         string         `mapstructure:"NodeVolumeEncryptionKeyARN,omitempty"`  // Note: NodeVolumeEncryptionKeyARN is only available from template version 2.1.0.
+					NodeVolumeSize                     int            `mapstructure:"NodeVolumeSize"`
+					KubeletRootVolumeStorage           string         `mapstructure:"KubeletRootVolumeStorage,omitempty"`           // Note: KubeletRootVolumeStorage is only available from template version 2.5.0.
+					KubeletRootVolumeEncryptionEnabled string         `mapstructure:"KubeletRootVolumeEncryptionEnabled,omitempty"` // Note: KubeletRootVolumeEncryptionEnabled is only available from template version 2.5.0.
+					KubeletRootVolumeEncryptionKeyARN  string         `mapstructure:"KubeletRootVolumeEncryptionKeyARN,omitempty"`  // Note: KubeletRootVolumeEncryptionKeyARN is only available from template version 2.5.0.
+					KubeletRootVolumeSize              int            `mapstructure:"KubeletRootVolumeSize,omitempty"`              // Note: KubeletRootVolumeSize is only available from template version 2.5.0.
+					TemplateVersion                    semver.Version `mapstructure:"TemplateVersion,omitempty"`                    // Note: TemplateVersion is only available from template version 2.0.0.
 				}
 				err = sdkCloudFormation.ParseStackParameters(getCFStackOutput.Stack.Parameters, &parameters)
 				if err != nil {
@@ -239,32 +254,57 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 					effectiveImage = parameters.NodeImageID
 				}
 
-				if effectiveVolumeEncryption == nil &&
+				if effectiveSecurityGroups == nil &&
+					parameters.CustomNodeSecurityGroups != "" {
+					effectiveSecurityGroups = strings.Split(parameters.CustomNodeSecurityGroups, ",")
+					sort.Strings(effectiveSecurityGroups)
+				}
+
+				if effectiveVolumes.InstanceRoot.Storage == "" {
+					effectiveVolumes.InstanceRoot.Storage = parameters.NodeVolumeStorage
+				}
+
+				if effectiveVolumes.InstanceRoot.Encryption == nil &&
 					parameters.NodeVolumeEncryptionEnabled != "" {
 					isNodeVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.NodeVolumeEncryptionEnabled)
 					if err != nil {
 						return errors.WrapIf(err, "invalid node volume encryption enabled value")
 					}
 
-					effectiveVolumeEncryption = &eks.NodePoolVolumeEncryption{
+					effectiveVolumes.InstanceRoot.Encryption = &eks.NodePoolVolumeEncryption{
 						Enabled:          isNodeVolumeEncryptionEnabled,
 						EncryptionKeyARN: parameters.NodeVolumeEncryptionKeyARN,
 					}
 				}
 
-				if effectiveVolumeSize == 0 {
-					effectiveVolumeSize = parameters.NodeVolumeSize
+				if effectiveVolumes.InstanceRoot.Size == 0 {
+					effectiveVolumes.InstanceRoot.Size = parameters.NodeVolumeSize
 				}
 
-				if effectiveSecurityGroups == nil &&
-					parameters.CustomNodeSecurityGroups != "" {
-					effectiveSecurityGroups = strings.Split(parameters.CustomNodeSecurityGroups, ",")
-					sort.Strings(effectiveSecurityGroups)
+				if effectiveVolumes.KubeletRoot.Storage == "" {
+					effectiveVolumes.KubeletRoot.Storage = parameters.KubeletRootVolumeStorage
+				}
+
+				if effectiveVolumes.KubeletRoot.Encryption == nil &&
+					parameters.KubeletRootVolumeEncryptionEnabled != "" {
+					isVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.KubeletRootVolumeEncryptionEnabled)
+					if err != nil {
+						return errors.WrapIf(err, "invalid kubelet root volume encryption enabled value")
+					}
+
+					effectiveVolumes.KubeletRoot.Encryption = &eks.NodePoolVolumeEncryption{
+						Enabled:          isVolumeEncryptionEnabled,
+						EncryptionKeyARN: parameters.KubeletRootVolumeEncryptionKeyARN,
+					}
+				}
+
+				if effectiveVolumes.KubeletRoot.Size == 0 {
+					effectiveVolumes.KubeletRoot.Size = parameters.KubeletRootVolumeSize
 				}
 			}
 
 			var volumeSize int
-			if updatedNodePool.NodeVolumeSize > 0 {
+			if updatedNodePool.Volumes != nil && updatedNodePool.Volumes.InstanceRoot != nil && updatedNodePool.Volumes.InstanceRoot.Size > 0 {
 				var amiSize int
 				{
 					activityInput := eksWorkflow.GetAMISizeActivityInput{
@@ -284,7 +324,7 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 				{
 					activityInput := eksWorkflow.SelectVolumeSizeActivityInput{
 						AMISize:            amiSize,
-						OptionalVolumeSize: updatedNodePool.NodeVolumeSize,
+						OptionalVolumeSize: updatedNodePool.Volumes.InstanceRoot.Size,
 					}
 					var activityOutput eksWorkflow.SelectVolumeSizeActivityOutput
 					err = workflow.ExecuteActivity(ctx, eksWorkflow.SelectVolumeSizeActivityName, activityInput).Get(ctx, &activityOutput)
@@ -294,17 +334,15 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 					}
 
 					volumeSize = activityOutput.VolumeSize
-					effectiveVolumeSize = volumeSize
+					effectiveVolumes.InstanceRoot.Size = volumeSize
 				}
 			}
 
-			// todo x
 			var nodePoolVersion string
 			{
 				activityInput := eksWorkflow.CalculateNodePoolVersionActivityInput{
-					Image: effectiveImage,
-					//VolumeEncryption:     effectiveVolumeEncryption,
-					//VolumeSize:           effectiveVolumeSize,
+					Image:                effectiveImage,
+					Volumes:              *effectiveVolumes,
 					CustomSecurityGroups: effectiveSecurityGroups,
 				}
 
@@ -342,16 +380,13 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 				NodeMinCount:           updatedNodePool.NodeMinCount,
 				NodeMaxCount:           updatedNodePool.NodeMaxCount,
 				Count:                  updatedNodePool.Count,
-				NodeVolumeEncryption:   updatedNodePool.NodeVolumeEncryption,
-				NodeVolumeSize:         volumeSize,
-				NodeVolumeType:         updatedNodePool.NodeVolumeType,
+				NodeVolumes:            effectiveVolumes,
 				NodeImage:              updatedNodePool.NodeImage,
 				NodeInstanceType:       updatedNodePool.NodeInstanceType,
 				SecurityGroups:         updatedNodePool.SecurityGroups,
 				Labels:                 updatedNodePool.Labels,
 				Tags:                   input.Tags,
 				CurrentTemplateVersion: currentTemplateVersion,
-				UseInstanceStore:       updatedNodePool.UseInstanceStore,
 			}
 			ctx = workflow.WithActivityOptions(ctx, aoWithHeartBeat)
 			f := workflow.ExecuteActivity(ctx, eksWorkflow.UpdateAsgActivityName, activityInput)

From e12575fb2a2b6e51ef29384d84cf117e664a33be Mon Sep 17 00:00:00 2001
From: Magyari Sandor Szilard <sancyx@gmail.com>
Date: Tue, 24 Aug 2021 11:43:49 +0200
Subject: [PATCH 06/11] update unit tests

---
 .../eksadapter/node_pool_processor_test.go    |   6 +
 .../eks/eksprovider/driver/cluster_updater.go |  56 +++-
 .../driver/cluster_updater_test.go            | 283 ++++++++++++------
 .../workflow/create_asg_activity.go           |   4 +
 .../workflow/create_node_pool_workflow.go     |  15 +
 .../workflow/update_asg_activity.go           |   6 +-
 .../eksworkflow/activity_update_node_group.go |  22 +-
 .../eksworkflow/workflow_update_node_pool.go  |   9 +-
 .../cluster/distribution/eks/node_pool.go     |   1 +
 src/cluster/eks_update_cluster.go             |   9 +-
 templates/eks/amazon-eks-nodepool-cf.yaml     |  10 +-
 11 files changed, 286 insertions(+), 135 deletions(-)

diff --git a/internal/cluster/distribution/eks/eksadapter/node_pool_processor_test.go b/internal/cluster/distribution/eks/eksadapter/node_pool_processor_test.go
index 773888c1ec..2554c92414 100644
--- a/internal/cluster/distribution/eks/eksadapter/node_pool_processor_test.go
+++ b/internal/cluster/distribution/eks/eksadapter/node_pool_processor_test.go
@@ -216,6 +216,12 @@ func TestNodePoolProcessorProcessNewNodePool(t *testing.T) {
 					Image:        "image-id",
 					InstanceType: "instance-type",
 					SubnetID:     "subnet-id",
+					Volumes: &eks.NodePoolVolumes{
+						InstanceRoot: &eks.NodePoolVolume{
+							Type:    "gp3",
+							Storage: eks.EBS_STORAGE,
+						},
+					},
 				},
 			},
 		},
diff --git a/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go b/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go
index d4308eb24b..af0b89ea44 100644
--- a/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go
+++ b/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater.go
@@ -396,24 +396,12 @@ func newNodePoolsFromUpdateRequest(
 	requestedUpdatedNodePools = make(map[string]*pkgEks.NodePool, len(requestedNodePools))
 	for nodePoolName, nodePool := range requestedNodePools {
 		if existingNodePools[nodePoolName] {
-			requestedUpdatedNodePools[nodePoolName] = nodePool
-		} else {
-			if len(nodePool.InstanceType) == 0 {
-				return nil, nil, nil, pkgErrors.ErrorInstancetypeFieldIsEmpty
-			}
-
-			if len(nodePool.Image) == 0 {
-				return nil, nil, nil, pkgErrors.ErrorAmazonImageFieldIsEmpty
-			}
-
-			if len(nodePool.SpotPrice) == 0 {
-				nodePool.SpotPrice = eks.DefaultSpotPrice
-			}
-
 			// convert deprecated params in case no Volumes struct is specified
 			if nodePool.Volumes == nil {
 				volumes := pkgEks.NodePoolVolumes{}
-				instanceRootVolume := pkgEks.NodePoolVolume{}
+				instanceRootVolume := pkgEks.NodePoolVolume{
+					Storage: pkgEks.EBS_STORAGE,
+				}
 				isInstanceRoot := false
 
 				if nodePool.VolumeSize > 0 {
@@ -446,6 +434,44 @@ func newNodePoolsFromUpdateRequest(
 				}
 			}
 
+			requestedUpdatedNodePools[nodePoolName] = nodePool
+		} else {
+			if len(nodePool.InstanceType) == 0 {
+				return nil, nil, nil, pkgErrors.ErrorInstancetypeFieldIsEmpty
+			}
+
+			if len(nodePool.Image) == 0 {
+				return nil, nil, nil, pkgErrors.ErrorAmazonImageFieldIsEmpty
+			}
+
+			if len(nodePool.SpotPrice) == 0 {
+				nodePool.SpotPrice = eks.DefaultSpotPrice
+			}
+
+			// convert deprecated params in case no Volumes struct is specified
+			if nodePool.Volumes == nil {
+				nodePool.Volumes = &pkgEks.NodePoolVolumes{
+					InstanceRoot: &pkgEks.NodePoolVolume{
+						Type:    "gp3",
+						Storage: pkgEks.EBS_STORAGE,
+					},
+				}
+				if nodePool.VolumeSize > 0 {
+					nodePool.Volumes.InstanceRoot.Size = nodePool.VolumeSize
+				}
+				if nodePool.VolumeType != "" {
+					nodePool.Volumes.InstanceRoot.Type = nodePool.VolumeType
+				}
+				if nodePool.VolumeEncryption != nil {
+					nodePool.Volumes.InstanceRoot.Encryption = nodePool.VolumeEncryption
+				}
+				if nodePool.UseInstanceStore != nil && *nodePool.UseInstanceStore {
+					nodePool.Volumes.KubeletRoot = &pkgEks.NodePoolVolume{
+						Storage: pkgEks.INSTANCE_STORE_STORAGE,
+					}
+				}
+			}
+
 			requestedNewNodePools[nodePoolName] = nodePool
 		}
 	}
diff --git a/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater_test.go b/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater_test.go
index 8e8c641258..93c170c612 100644
--- a/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater_test.go
+++ b/internal/cluster/distribution/eks/eksprovider/driver/cluster_updater_test.go
@@ -45,16 +45,19 @@ func TestNewASGsFromRequestedUpdatedNodePools(t *testing.T) {
 			input: inputType{
 				requestedUpdatedNodePools: map[string]*ekscluster.NodePool{
 					"pool1": {
-						InstanceType:     "instance-type-1",
-						SpotPrice:        "0.1",
-						Autoscaling:      true,
-						MinCount:         1,
-						MaxCount:         1,
-						Count:            1,
-						VolumeEncryption: nil,
-						VolumeSize:       1,
-						VolumeType:       "",
-						Image:            "image-1",
+						InstanceType: "instance-type-1",
+						SpotPrice:    "0.1",
+						Autoscaling:  true,
+						MinCount:     1,
+						MaxCount:     1,
+						Count:        1,
+						Volumes: &ekscluster.NodePoolVolumes{
+							InstanceRoot: &ekscluster.NodePoolVolume{
+								Storage: "ebs",
+								Size:    1,
+							},
+						},
+						Image: "image-1",
 						Labels: map[string]string{
 							"label-1": "value-1",
 						},
@@ -75,12 +78,17 @@ func TestNewASGsFromRequestedUpdatedNodePools(t *testing.T) {
 						MinCount:     0,
 						MaxCount:     0,
 						Count:        2,
-						VolumeEncryption: &ekscluster.NodePoolVolumeEncryption{
-							Enabled: true,
+						Volumes: &ekscluster.NodePoolVolumes{
+							InstanceRoot: &ekscluster.NodePoolVolume{
+								Storage: "ebs",
+								Encryption: &ekscluster.NodePoolVolumeEncryption{
+									Enabled: true,
+								},
+								Size: 2,
+								Type: "gp2",
+							},
 						},
-						VolumeSize: 2,
-						VolumeType: "gp2",
-						Image:      "image-2",
+						Image: "image-2",
 						Labels: map[string]string{
 							"label-2": "value-2",
 						},
@@ -101,13 +109,18 @@ func TestNewASGsFromRequestedUpdatedNodePools(t *testing.T) {
 						MinCount:     3,
 						MaxCount:     3,
 						Count:        3,
-						VolumeEncryption: &ekscluster.NodePoolVolumeEncryption{
-							Enabled:          true,
-							EncryptionKeyARN: "encryption-key-arn-3",
+						Volumes: &ekscluster.NodePoolVolumes{
+							InstanceRoot: &ekscluster.NodePoolVolume{
+								Storage: "ebs",
+								Encryption: &ekscluster.NodePoolVolumeEncryption{
+									Enabled:          true,
+									EncryptionKeyARN: "encryption-key-arn-3",
+								},
+								Size: 3,
+								Type: "gp3",
+							},
 						},
-						VolumeSize: 3,
-						VolumeType: "gp3",
-						Image:      "image-3",
+						Image: "image-3",
 						Labels: map[string]string{
 							"label-3": "value-3",
 						},
@@ -139,17 +152,20 @@ func TestNewASGsFromRequestedUpdatedNodePools(t *testing.T) {
 			},
 			expectedUpdatedNodePools: []workflow.AutoscaleGroup{
 				{
-					Name:                 "pool1",
-					NodeSpotPrice:        "0.1",
-					Autoscaling:          true,
-					NodeMinCount:         1,
-					NodeMaxCount:         1,
-					Count:                1,
-					NodeVolumeEncryption: nil,
-					NodeVolumeSize:       1,
-					NodeVolumeType:       "",
-					NodeImage:            "image-1",
-					NodeInstanceType:     "instance-type-1",
+					Name:          "pool1",
+					NodeSpotPrice: "0.1",
+					Autoscaling:   true,
+					NodeMinCount:  1,
+					NodeMaxCount:  1,
+					Count:         1,
+					Volumes: &eks.NodePoolVolumes{
+						InstanceRoot: &eks.NodePoolVolume{
+							Storage: eks.EBS_STORAGE,
+							Size:    1,
+						},
+					},
+					NodeImage:        "image-1",
+					NodeInstanceType: "instance-type-1",
 					SecurityGroups: []string{
 						"security-group-1",
 						"security-group-11",
@@ -168,11 +184,16 @@ func TestNewASGsFromRequestedUpdatedNodePools(t *testing.T) {
 					NodeMinCount:  0,
 					NodeMaxCount:  0,
 					Count:         2,
-					NodeVolumeEncryption: &eks.NodePoolVolumeEncryption{
-						Enabled: true,
+					Volumes: &eks.NodePoolVolumes{
+						InstanceRoot: &eks.NodePoolVolume{
+							Encryption: &eks.NodePoolVolumeEncryption{
+								Enabled: true,
+							},
+							Storage: eks.EBS_STORAGE,
+							Type:    "gp2",
+							Size:    2,
+						},
 					},
-					NodeVolumeSize:   2,
-					NodeVolumeType:   "gp2",
 					NodeImage:        "image-2",
 					NodeInstanceType: "instance-type-2",
 					SecurityGroups: []string{
@@ -193,12 +214,17 @@ func TestNewASGsFromRequestedUpdatedNodePools(t *testing.T) {
 					NodeMinCount:  3,
 					NodeMaxCount:  3,
 					Count:         3,
-					NodeVolumeEncryption: &eks.NodePoolVolumeEncryption{
-						Enabled:          true,
-						EncryptionKeyARN: "encryption-key-arn-3",
+					Volumes: &eks.NodePoolVolumes{
+						InstanceRoot: &eks.NodePoolVolume{
+							Storage: "ebs",
+							Encryption: &eks.NodePoolVolumeEncryption{
+								Enabled:          true,
+								EncryptionKeyARN: "encryption-key-arn-3",
+							},
+							Size: 3,
+							Type: "gp3",
+						},
 					},
-					NodeVolumeSize:   3,
-					NodeVolumeType:   "gp3",
 					NodeImage:        "image-3",
 					NodeInstanceType: "instance-type-3",
 					SecurityGroups: []string{
@@ -251,9 +277,13 @@ func TestNewASGsFromRequestedUpdatedNodePools(t *testing.T) {
 						MinCount:     1,
 						MaxCount:     1,
 						Count:        1,
-						VolumeSize:   1,
-						VolumeType:   "",
-						Image:        "image-1",
+						Volumes: &ekscluster.NodePoolVolumes{
+							InstanceRoot: &ekscluster.NodePoolVolume{
+								Storage: "ebs",
+								Size:    1,
+							},
+						},
+						Image: "image-1",
 						Labels: map[string]string{
 							"label-1": "value-1",
 						},
@@ -272,14 +302,18 @@ func TestNewASGsFromRequestedUpdatedNodePools(t *testing.T) {
 			},
 			expectedUpdatedNodePools: []workflow.AutoscaleGroup{
 				{
-					Name:             "pool1",
-					NodeSpotPrice:    "0.1",
-					Autoscaling:      true,
-					NodeMinCount:     1,
-					NodeMaxCount:     1,
-					Count:            1,
-					NodeVolumeSize:   1,
-					NodeVolumeType:   "",
+					Name:          "pool1",
+					NodeSpotPrice: "0.1",
+					Autoscaling:   true,
+					NodeMinCount:  1,
+					NodeMaxCount:  1,
+					Count:         1,
+					Volumes: &eks.NodePoolVolumes{
+						InstanceRoot: &eks.NodePoolVolume{
+							Storage: "ebs",
+							Size:    1,
+						},
+					},
 					NodeImage:        "image-1",
 					NodeInstanceType: "instance-type-1",
 					SecurityGroups: []string{
@@ -464,6 +498,7 @@ func TestNewNodePoolsFromUpdateRequest(t *testing.T) {
 		expectedErr                       error
 	}
 
+	useInstanceStore := true
 	testCases := []struct {
 		caseDescription string
 		input           inputType
@@ -511,6 +546,7 @@ func TestNewNodePoolsFromUpdateRequest(t *testing.T) {
 						VolumeEncryption: nil,
 						VolumeSize:       2,
 						VolumeType:       "gp2",
+						UseInstanceStore: &useInstanceStore,
 						Image:            "image-2",
 						Labels: map[string]string{
 							"label-2": "value-2",
@@ -576,15 +612,25 @@ func TestNewNodePoolsFromUpdateRequest(t *testing.T) {
 				},
 				expectedRequestedNewNodePools: map[string]*ekscluster.NodePool{
 					"new-pool-2": {
-						InstanceType:     "instance-type-2",
-						SpotPrice:        "0.2",
-						Autoscaling:      false,
-						MinCount:         0,
-						MaxCount:         0,
-						Count:            2,
-						VolumeEncryption: nil,
+						InstanceType: "instance-type-2",
+						SpotPrice:    "0.2",
+						Autoscaling:  false,
+						MinCount:     0,
+						MaxCount:     0,
+						Count:        2,
+						Volumes: &ekscluster.NodePoolVolumes{
+							InstanceRoot: &ekscluster.NodePoolVolume{
+								Storage: "ebs",
+								Size:    2,
+								Type:    "gp2",
+							},
+							KubeletRoot: &ekscluster.NodePoolVolume{
+								Storage: "instance-store",
+							},
+						},
 						VolumeSize:       2,
 						VolumeType:       "gp2",
+						UseInstanceStore: &useInstanceStore,
 						Image:            "image-2",
 						Labels: map[string]string{
 							"label-2": "value-2",
@@ -602,6 +648,17 @@ func TestNewNodePoolsFromUpdateRequest(t *testing.T) {
 						MinCount:     0,
 						MaxCount:     0,
 						Count:        4,
+						Volumes: &ekscluster.NodePoolVolumes{
+							InstanceRoot: &ekscluster.NodePoolVolume{
+								Encryption: &ekscluster.NodePoolVolumeEncryption{
+									Enabled:          true,
+									EncryptionKeyARN: "encryption-key-arn-4",
+								},
+								Storage: "ebs",
+								Size:    4,
+								Type:    "io1",
+							},
+						},
 						VolumeEncryption: &ekscluster.NodePoolVolumeEncryption{
 							Enabled:          true,
 							EncryptionKeyARN: "encryption-key-arn-4",
@@ -627,6 +684,16 @@ func TestNewNodePoolsFromUpdateRequest(t *testing.T) {
 						MinCount:     3,
 						MaxCount:     3,
 						Count:        3,
+						Volumes: &ekscluster.NodePoolVolumes{
+							InstanceRoot: &ekscluster.NodePoolVolume{
+								Storage: "ebs",
+								Encryption: &ekscluster.NodePoolVolumeEncryption{
+									Enabled: true,
+								},
+								Size: 33333,
+								Type: "gp3",
+							},
+						},
 						VolumeEncryption: &ekscluster.NodePoolVolumeEncryption{
 							Enabled: true,
 						},
@@ -754,16 +821,19 @@ func TestNewNodePoolsFromRequestedNewNodePools(t *testing.T) {
 			input: inputType{
 				requestedNewNodePools: map[string]*ekscluster.NodePool{
 					"pool-1": {
-						InstanceType:     "instance-type-1",
-						SpotPrice:        "0.1",
-						Autoscaling:      true,
-						MinCount:         1,
-						MaxCount:         1,
-						Count:            1,
-						VolumeEncryption: nil,
-						VolumeSize:       1,
-						VolumeType:       "",
-						Image:            "image-1",
+						InstanceType: "instance-type-1",
+						SpotPrice:    "0.1",
+						Autoscaling:  true,
+						MinCount:     1,
+						MaxCount:     1,
+						Count:        1,
+						Volumes: &ekscluster.NodePoolVolumes{
+							InstanceRoot: &ekscluster.NodePoolVolume{
+								Storage: "ebs",
+								Size:    1,
+							},
+						},
+						Image: "image-1",
 						Labels: map[string]string{
 							"label-1": "value-1",
 						},
@@ -784,12 +854,17 @@ func TestNewNodePoolsFromRequestedNewNodePools(t *testing.T) {
 						MinCount:     0,
 						MaxCount:     0,
 						Count:        2,
-						VolumeEncryption: &ekscluster.NodePoolVolumeEncryption{
-							Enabled: true,
+						Volumes: &ekscluster.NodePoolVolumes{
+							InstanceRoot: &ekscluster.NodePoolVolume{
+								Encryption: &ekscluster.NodePoolVolumeEncryption{
+									Enabled: true,
+								},
+								Storage: "ebs",
+								Size:    2,
+								Type:    "gp2",
+							},
 						},
-						VolumeSize: 2,
-						VolumeType: "gp2",
-						Image:      "image-2",
+						Image: "image-2",
 						Labels: map[string]string{
 							"label-2": "value-2",
 						},
@@ -802,13 +877,18 @@ func TestNewNodePoolsFromRequestedNewNodePools(t *testing.T) {
 						MinCount:     0,
 						MaxCount:     0,
 						Count:        3,
-						VolumeEncryption: &ekscluster.NodePoolVolumeEncryption{
-							Enabled:          true,
-							EncryptionKeyARN: "encryption-key-arn-3",
+						Volumes: &ekscluster.NodePoolVolumes{
+							InstanceRoot: &ekscluster.NodePoolVolume{
+								Encryption: &ekscluster.NodePoolVolumeEncryption{
+									Enabled:          true,
+									EncryptionKeyARN: "encryption-key-arn-3",
+								},
+								Storage: "ebs",
+								Size:    3,
+								Type:    "gp3",
+							},
 						},
-						VolumeSize: 3,
-						VolumeType: "gp3",
-						Image:      "image-3",
+						Image: "image-3",
 						Labels: map[string]string{
 							"label-3": "value-3",
 						},
@@ -836,12 +916,15 @@ func TestNewNodePoolsFromRequestedNewNodePools(t *testing.T) {
 							MinSize: 1,
 							MaxSize: 1,
 						},
-						VolumeEncryption: nil,
-						VolumeSize:       1,
-						VolumeType:       "",
-						InstanceType:     "instance-type-1",
-						Image:            "image-1",
-						SpotPrice:        "0.1",
+						Volumes: &eks.NodePoolVolumes{
+							InstanceRoot: &eks.NodePoolVolume{
+								Storage: "ebs",
+								Size:    1,
+							},
+						},
+						InstanceType: "instance-type-1",
+						Image:        "image-1",
+						SpotPrice:    "0.1",
 						SecurityGroups: []string{
 							"security-group-1",
 							"security-group-11",
@@ -859,11 +942,16 @@ func TestNewNodePoolsFromRequestedNewNodePools(t *testing.T) {
 							MinSize: 0,
 							MaxSize: 0,
 						},
-						VolumeEncryption: &eks.NodePoolVolumeEncryption{
-							Enabled: true,
+						Volumes: &eks.NodePoolVolumes{
+							InstanceRoot: &eks.NodePoolVolume{
+								Storage: "ebs",
+								Encryption: &eks.NodePoolVolumeEncryption{
+									Enabled: true,
+								},
+								Size: 2,
+								Type: "gp2",
+							},
 						},
-						VolumeSize:   2,
-						VolumeType:   "gp2",
 						InstanceType: "instance-type-2",
 						Image:        "image-2",
 						SpotPrice:    "0.2",
@@ -880,12 +968,17 @@ func TestNewNodePoolsFromRequestedNewNodePools(t *testing.T) {
 							MinSize: 0,
 							MaxSize: 0,
 						},
-						VolumeEncryption: &eks.NodePoolVolumeEncryption{
-							Enabled:          true,
-							EncryptionKeyARN: "encryption-key-arn-3",
+						Volumes: &eks.NodePoolVolumes{
+							InstanceRoot: &eks.NodePoolVolume{
+								Storage: "ebs",
+								Encryption: &eks.NodePoolVolumeEncryption{
+									Enabled:          true,
+									EncryptionKeyARN: "encryption-key-arn-3",
+								},
+								Size: 3,
+								Type: "gp3",
+							},
 						},
-						VolumeSize:   3,
-						VolumeType:   "gp3",
 						InstanceType: "instance-type-3",
 						Image:        "image-3",
 						SpotPrice:    "0.3",
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go b/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
index 12c014bd29..a0aaac7d82 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
@@ -431,6 +431,10 @@ func createASGAsync(
 		return sdkcadence.NewReadyFuture(ctx, nil, errors.Wrap(err, "node pool subnets could not be determined"))
 	}
 
+	if nodePool.Volumes == nil {
+		nodePool.Volumes = &eks.NodePoolVolumes{}
+	}
+
 	activityInput := CreateAsgActivityInput{
 		EKSActivityInput: eksActivityInput,
 		ClusterID:        eksCluster.Cluster.ID,
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go b/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go
index 1da46c7c42..f4eddaf262 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go
@@ -207,6 +207,21 @@ func (w CreateNodePoolWorkflow) Execute(ctx workflow.Context, input CreateNodePo
 		}
 	}()
 
+	if input.NodePool.Volumes == nil {
+		input.NodePool.Volumes = &eks.NodePoolVolumes{
+			InstanceRoot: &eks.NodePoolVolume{
+				Storage: "ebs",
+			},
+		}
+	}
+	// set KubeletRoot.Storage to none if it's not specified
+	if input.NodePool.Volumes.KubeletRoot == nil {
+		input.NodePool.Volumes.KubeletRoot = &eks.NodePoolVolume{}
+	}
+	if "" == input.NodePool.Volumes.KubeletRoot.Storage {
+		input.NodePool.Volumes.KubeletRoot.Storage = eks.NONE_STORAGE
+	}
+
 	// select default AMI size for InstanceRoot volume in case it's EBS
 	if input.NodePool.Volumes != nil && input.NodePool.Volumes.InstanceRoot.Storage == eks.EBS_STORAGE {
 		amiSize, err := getAMISize(ctx, eksActivityInput, input.NodePool.Image)
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/update_asg_activity.go b/internal/cluster/distribution/eks/eksprovider/workflow/update_asg_activity.go
index 91af1a4b99..04312d0760 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/update_asg_activity.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/update_asg_activity.go
@@ -65,7 +65,7 @@ type UpdateAsgActivityInput struct {
 	NodeMinCount     int
 	NodeMaxCount     int
 	Count            int
-	NodeVolumes      *eks.NodePoolVolumes
+	NodeVolumes      eks.NodePoolVolumes
 	NodeImage        string
 	NodeInstanceType string
 
@@ -250,7 +250,7 @@ func (a *UpdateAsgActivity) Execute(ctx context.Context, input UpdateAsgActivity
 		),
 		sdkCloudformation.NewOptionalStackParameter(
 			"NodeVolumeType",
-			input.NodeVolumes.InstanceRoot.Type != "" || input.CurrentTemplateVersion.IsLessThan("2.4.0"), // Note: older templates cannot use non-existing previous value.
+			(input.NodeVolumes.InstanceRoot != nil && input.NodeVolumes.InstanceRoot.Type != "") || input.CurrentTemplateVersion.IsLessThan("2.4.0"), // Note: older templates cannot use non-existing previous value.
 			nodeVolumeType,
 		),
 
@@ -276,7 +276,7 @@ func (a *UpdateAsgActivity) Execute(ctx context.Context, input UpdateAsgActivity
 		),
 		sdkCloudformation.NewOptionalStackParameter(
 			"KubeletRootVolumeType",
-			input.NodeVolumes.KubeletRoot.Type != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"), // Note: older templates cannot use non-existing previous value.
+			(input.NodeVolumes.KubeletRoot != nil && input.NodeVolumes.KubeletRoot.Type != "") || input.CurrentTemplateVersion.IsLessThan("2.5.0"), // Note: older templates cannot use non-existing previous value.
 			kubeletRootVolumeType,
 		),
 
diff --git a/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go b/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
index abe32d7363..57fe7b7750 100644
--- a/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
+++ b/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
@@ -62,7 +62,7 @@ type UpdateNodeGroupActivityInput struct {
 	NodePoolName    string
 	NodePoolVersion string
 
-	NodeVolumes     *eks.NodePoolVolumes
+	NodeVolumes     eks.NodePoolVolumes
 	NodeImage       string
 	DesiredCapacity int64
 	SecurityGroups  []string
@@ -114,12 +114,14 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 		nodeLabels = append(nodeLabels, fmt.Sprintf("%v=%v", cluster.NodePoolVersionLabelKey, input.NodePoolVersion))
 	}
 
+	nodeVolumeStorage := ""
 	nodeVolumeEncryptionEnabled := ""
 	nodeVolumeEncryptionKeyARN := ""
 	nodeVolumeType := ""
 	nodeVolumeSize := 0
 
-	if eks.EBS_STORAGE == input.NodeVolumes.InstanceRoot.Storage {
+	if input.NodeVolumes.InstanceRoot != nil && eks.EBS_STORAGE == input.NodeVolumes.InstanceRoot.Storage {
+		nodeVolumeStorage = input.NodeVolumes.InstanceRoot.Storage
 		if input.NodeVolumes.InstanceRoot.Encryption != nil {
 			nodeVolumeEncryptionEnabled = strconv.FormatBool(input.NodeVolumes.InstanceRoot.Encryption.Enabled)
 		} else if input.CurrentTemplateVersion.IsLessThan("2.1.0") &&
@@ -148,11 +150,13 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 		nodeVolumeSize = input.NodeVolumes.InstanceRoot.Size
 	}
 
+	kubeletRootVolumeStorage := ""
 	kubeletRootVolumeEncryptionEnabled := ""
 	kubeletRootVolumeEncryptionKeyARN := ""
 	kubeletRootVolumeType := ""
 	kubeletRootVolumeSize := 0
-	if eks.EBS_STORAGE == input.NodeVolumes.KubeletRoot.Storage {
+	if input.NodeVolumes.KubeletRoot != nil && eks.EBS_STORAGE == input.NodeVolumes.KubeletRoot.Storage {
+		kubeletRootVolumeStorage = input.NodeVolumes.KubeletRoot.Storage
 		if input.NodeVolumes.KubeletRoot.Encryption != nil {
 			kubeletRootVolumeEncryptionEnabled = strconv.FormatBool(input.NodeVolumes.KubeletRoot.Encryption.Enabled)
 		} else if input.CurrentTemplateVersion.IsLessThan("2.5.0") &&
@@ -240,8 +244,8 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 		// InstanceRoot / Node volume params
 		sdkCloudFormation.NewOptionalStackParameter(
 			"NodeVolumeStorage",
-			input.NodeVolumes.InstanceRoot.Storage != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"),
-			input.NodeVolumes.InstanceRoot.Storage,
+			nodeVolumeStorage != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"),
+			nodeVolumeStorage,
 		),
 		sdkCloudFormation.NewOptionalStackParameter(
 			"NodeVolumeEncryptionEnabled",
@@ -260,14 +264,14 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 		),
 		sdkCloudFormation.NewOptionalStackParameter(
 			"NodeVolumeType",
-			input.NodeVolumes.InstanceRoot.Type != "" || input.CurrentTemplateVersion.IsLessThan("2.4.0"), // Note: older templates cannot use non-existing previous value.
+			(input.NodeVolumes.InstanceRoot != nil && input.NodeVolumes.InstanceRoot.Type != "") || input.CurrentTemplateVersion.IsLessThan("2.4.0"), // Note: older templates cannot use non-existing previous value.
 			nodeVolumeType,
 		),
 		// KubeletRoot volume params
 		sdkCloudFormation.NewOptionalStackParameter(
 			"KubeletRootVolumeStorage",
-			input.NodeVolumes.KubeletRoot.Storage != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"),
-			input.NodeVolumes.KubeletRoot.Storage,
+			kubeletRootVolumeStorage != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"),
+			kubeletRootVolumeStorage,
 		),
 		sdkCloudFormation.NewOptionalStackParameter(
 			"KubeletRootVolumeEncryptionEnabled",
@@ -286,7 +290,7 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 		),
 		sdkCloudFormation.NewOptionalStackParameter(
 			"KubeletRootVolumeType",
-			input.NodeVolumes.KubeletRoot.Type != "" || input.CurrentTemplateVersion.IsLessThan("2.5.0"), // Note: older templates cannot use non-existing previous value.
+			(input.NodeVolumes.KubeletRoot != nil && input.NodeVolumes.KubeletRoot.Type != "") || input.CurrentTemplateVersion.IsLessThan("2.5.0"), // Note: older templates cannot use non-existing previous value.
 			kubeletRootVolumeType,
 		),
 
diff --git a/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go b/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
index 1d4f3a97e5..cbfa866a0c 100644
--- a/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
+++ b/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
@@ -206,7 +206,12 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 		}
 
 		if effectiveVolumes.KubeletRoot.Storage == "" {
-			effectiveVolumes.KubeletRoot.Storage = parameters.KubeletRootVolumeStorage
+			// set default none value for KubeletRoot.Storage for old templates
+			if currentTemplateVersion.IsLessThan("2.5.0") {
+				effectiveVolumes.KubeletRoot.Storage = eks.NONE_STORAGE
+			} else {
+				effectiveVolumes.KubeletRoot.Storage = parameters.KubeletRootVolumeStorage
+			}
 		}
 
 		if effectiveVolumes.KubeletRoot.Encryption == nil &&
@@ -299,7 +304,7 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 			StackName:              input.StackName,
 			NodePoolName:           input.NodePoolName,
 			NodePoolVersion:        nodePoolVersion,
-			NodeVolumes:            effectiveVolumes,
+			NodeVolumes:            *effectiveVolumes,
 			NodeImage:              input.NodeImage,
 			SecurityGroups:         input.SecurityGroups,
 			MaxBatchSize:           input.Options.MaxBatchSize,
diff --git a/internal/cluster/distribution/eks/node_pool.go b/internal/cluster/distribution/eks/node_pool.go
index 477bf6331c..c71b2aef4d 100644
--- a/internal/cluster/distribution/eks/node_pool.go
+++ b/internal/cluster/distribution/eks/node_pool.go
@@ -49,6 +49,7 @@ type NewNodePool struct {
 const (
 	EBS_STORAGE            = "ebs"
 	INSTANCE_STORE_STORAGE = "instance-store"
+	NONE_STORAGE           = "none"
 )
 
 // Validate semantically validates the new node pool.
diff --git a/src/cluster/eks_update_cluster.go b/src/cluster/eks_update_cluster.go
index 4d786bbfaf..3c05f9a30e 100644
--- a/src/cluster/eks_update_cluster.go
+++ b/src/cluster/eks_update_cluster.go
@@ -282,7 +282,12 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 				}
 
 				if effectiveVolumes.KubeletRoot.Storage == "" {
-					effectiveVolumes.KubeletRoot.Storage = parameters.KubeletRootVolumeStorage
+					// set default none value for KubeletRoot.Storage for old templates
+					if currentTemplateVersion.IsLessThan("2.5.0") {
+						effectiveVolumes.KubeletRoot.Storage = eks.NONE_STORAGE
+					} else {
+						effectiveVolumes.KubeletRoot.Storage = parameters.KubeletRootVolumeStorage
+					}
 				}
 
 				if effectiveVolumes.KubeletRoot.Encryption == nil &&
@@ -380,7 +385,7 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 				NodeMinCount:           updatedNodePool.NodeMinCount,
 				NodeMaxCount:           updatedNodePool.NodeMaxCount,
 				Count:                  updatedNodePool.Count,
-				NodeVolumes:            effectiveVolumes,
+				NodeVolumes:            *effectiveVolumes,
 				NodeImage:              updatedNodePool.NodeImage,
 				NodeInstanceType:       updatedNodePool.NodeInstanceType,
 				SecurityGroups:         updatedNodePool.SecurityGroups,
diff --git a/templates/eks/amazon-eks-nodepool-cf.yaml b/templates/eks/amazon-eks-nodepool-cf.yaml
index 0b959f05cb..cd2bdb1a8c 100644
--- a/templates/eks/amazon-eks-nodepool-cf.yaml
+++ b/templates/eks/amazon-eks-nodepool-cf.yaml
@@ -625,15 +625,7 @@ Parameters:
 
   KubeletRootVolumeType:
       Type: String
-      Default: "gp3"
-      AllowedValues:
-          - gp2
-          - gp3
-          - io1
-          - io2
-          - sc1
-          - st1
-          - standard
+      Default: ""
       Description: Volume type of the EBS block device mapping of the node launch template used for the node pool's nodes. See more information at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-blockdevicemapping-ebs.html#cfn-ec2-launchtemplate-blockdevicemapping-ebs-volumetype.
 
   StackTags:

From 8b4138a72dbc9f19e0a9f69355b48eaec90ac435 Mon Sep 17 00:00:00 2001
From: Magyari Sandor Szilard <sancyx@gmail.com>
Date: Tue, 24 Aug 2021 23:59:51 +0300
Subject: [PATCH 07/11] openAPI: add volumes to nodepool update request

---
 .gen/pipeline/api/openapi.yaml                   |  2 ++
 .../model_eks_update_node_pool_request.go        |  2 ++
 .../model_eks_update_node_pool_request_all_of.go |  2 ++
 .../pipeline/model_update_node_pool_request.go   |  2 ++
 apis/pipeline/pipeline.yaml                      | 16 +++++++++-------
 5 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/.gen/pipeline/api/openapi.yaml b/.gen/pipeline/api/openapi.yaml
index 164979c5ee..65d83bcf19 100644
--- a/.gen/pipeline/api/openapi.yaml
+++ b/.gen/pipeline/api/openapi.yaml
@@ -23192,6 +23192,8 @@ components:
             here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
           nullable: true
           type: boolean
+        volumes:
+          $ref: '#/components/schemas/EKSNodePoolVolumes'
         options:
           $ref: '#/components/schemas/BaseUpdateNodePoolOptions'
     PkeAwsUpdateNodePoolRequest_allOf:
diff --git a/.gen/pipeline/pipeline/model_eks_update_node_pool_request.go b/.gen/pipeline/pipeline/model_eks_update_node_pool_request.go
index 7fcfb71023..8ab52193ab 100644
--- a/.gen/pipeline/pipeline/model_eks_update_node_pool_request.go
+++ b/.gen/pipeline/pipeline/model_eks_update_node_pool_request.go
@@ -47,5 +47,7 @@ type EksUpdateNodePoolRequest struct {
 	// Setup available instance stores (NVMe disks) to use for Kubelet root if available. As a result emptyDir volumes will be provisioned on local instance storage disks. You can check out available instance storages here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
 	UseInstanceStore *bool `json:"useInstanceStore,omitempty"`
 
+	Volumes *EksNodePoolVolumes `json:"volumes,omitempty"`
+
 	Options BaseUpdateNodePoolOptions `json:"options,omitempty"`
 }
diff --git a/.gen/pipeline/pipeline/model_eks_update_node_pool_request_all_of.go b/.gen/pipeline/pipeline/model_eks_update_node_pool_request_all_of.go
index b2cc320fea..1652d83c61 100644
--- a/.gen/pipeline/pipeline/model_eks_update_node_pool_request_all_of.go
+++ b/.gen/pipeline/pipeline/model_eks_update_node_pool_request_all_of.go
@@ -40,5 +40,7 @@ type EksUpdateNodePoolRequestAllOf struct {
 	// Setup available instance stores (NVMe disks) to use for Kubelet root if available. As a result emptyDir volumes will be provisioned on local instance storage disks. You can check out available instance storages here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
 	UseInstanceStore *bool `json:"useInstanceStore,omitempty"`
 
+	Volumes *EksNodePoolVolumes `json:"volumes,omitempty"`
+
 	Options BaseUpdateNodePoolOptions `json:"options,omitempty"`
 }
diff --git a/.gen/pipeline/pipeline/model_update_node_pool_request.go b/.gen/pipeline/pipeline/model_update_node_pool_request.go
index 5489cd6145..cf43d618b0 100644
--- a/.gen/pipeline/pipeline/model_update_node_pool_request.go
+++ b/.gen/pipeline/pipeline/model_update_node_pool_request.go
@@ -46,5 +46,7 @@ type UpdateNodePoolRequest struct {
 	// Setup available instance stores (NVMe disks) to use for Kubelet root if available. As a result emptyDir volumes will be provisioned on local instance storage disks. You can check out available instance storages here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
 	UseInstanceStore *bool `json:"useInstanceStore,omitempty"`
 
+	Volumes *EksNodePoolVolumes `json:"volumes,omitempty"`
+
 	Options BaseUpdateNodePoolOptions `json:"options,omitempty"`
 }
diff --git a/apis/pipeline/pipeline.yaml b/apis/pipeline/pipeline.yaml
index d5f67e185f..d98b48b83c 100644
--- a/apis/pipeline/pipeline.yaml
+++ b/apis/pipeline/pipeline.yaml
@@ -4671,7 +4671,7 @@ components:
                         (default ebs gp3 50GiB with control plane
                         configuration default or AWS account default
                         encryption).
-                    
+
                         The storage of the instance root device
                         volume is constrained by the AMI used to launch
                         the EKS node pool node instance.
@@ -4698,7 +4698,7 @@ components:
         EKSNodePoolVolumeEBS:
             description: Configuration of EBS volumes mounted onto an EKS node
                 pool node instance.
-                
+
                 EBS volumes are the default to be used, if no configuration is
                 specified.
             example: |
@@ -4714,7 +4714,7 @@ components:
             properties:
                 encryption:
                     $ref: '#/components/schemas/EKSNodePoolVolumeEncryption'
-                size: 
+                size:
                     description: Size of the EBS volume in GiBs of the nodes in
                         the pool (default 50 GiB).
                     type: integer
@@ -4737,14 +4737,14 @@ components:
         EKSNodePoolVolumeInstanceStore:
             description: Configuration of instance store volumes mounted onto
                 an EKS node pool node instance.
-                
+
                 Instance store volumes are encrypted at rest by default using an
                 XTS-AES-256 block cipher implemented in a hardware module on the
                 instance.
-                
+
                 The size and type of an instance store volume is fixed based on
                 the instance type the volume is attached to.
-                
+
                 For more details see
                 https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
             example: |
@@ -4765,7 +4765,7 @@ components:
         EKSNodePoolVolumeEncryption:
             description: Encryption details of the instance volumes in an EKS
                 node pool (default null -> control plane configuration -> AWS
-                account default). 
+                account default).
             example: |
                 {
                     "enabled": true,
@@ -4894,6 +4894,8 @@ components:
                             nullable: true
                             description: Setup available instance stores (NVMe disks) to use for Kubelet root if available. As a result emptyDir volumes will be provisioned on local instance storage disks. You can check out available instance storages here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes.
                             type: boolean
+                        volumes:
+                            $ref: '#/components/schemas/EKSNodePoolVolumes'
                         options:
                             $ref: '#/components/schemas/BaseUpdateNodePoolOptions'
 

From a0cceb3e389000859b8dd77c6798d153d0e1f721 Mon Sep 17 00:00:00 2001
From: Magyari Sandor Szilard <sancyx@gmail.com>
Date: Wed, 25 Aug 2021 16:45:19 +0300
Subject: [PATCH 08/11] add further validation around volume handling

---
 .../clusteradapter/distribution_eks.go        |  4 +
 .../distribution/eks/ekscluster/eks.go        | 40 ++++++++--
 .../workflow/create_asg_activity.go           | 10 +--
 .../workflow/create_node_pool_workflow.go     | 15 ++++
 .../eksworkflow/activity_update_node_group.go |  6 +-
 .../eksworkflow/workflow_update_node_pool.go  | 75 ++++++++++++------
 .../cluster/distribution/eks/node_pool.go     | 21 ++++-
 internal/cluster/distribution/eks/service.go  | 30 ++++++++
 pkg/errors/errors.go                          |  8 +-
 src/cluster/eks_update_cluster.go             | 76 ++++++++++++-------
 10 files changed, 211 insertions(+), 74 deletions(-)

diff --git a/internal/cluster/clusteradapter/distribution_eks.go b/internal/cluster/clusteradapter/distribution_eks.go
index 5e7ac8b506..390bcd1edf 100644
--- a/internal/cluster/clusteradapter/distribution_eks.go
+++ b/internal/cluster/clusteradapter/distribution_eks.go
@@ -75,6 +75,10 @@ func (s eksService) UpdateNodePool(ctx context.Context, clusterID uint, nodePool
 		// TODO: return a service error
 		return "", errors.Wrap(err, "failed to decode node pool update")
 	}
+	err = nodePoolUpdate.Validate()
+	if err != nil {
+		return "", err
+	}
 
 	return s.service.UpdateNodePool(ctx, clusterID, nodePoolName, nodePoolUpdate)
 }
diff --git a/internal/cluster/distribution/eks/ekscluster/eks.go b/internal/cluster/distribution/eks/ekscluster/eks.go
index 3a2aa1047f..33c75ae95b 100644
--- a/internal/cluster/distribution/eks/ekscluster/eks.go
+++ b/internal/cluster/distribution/eks/ekscluster/eks.go
@@ -202,6 +202,7 @@ const (
 	DEFAULT_SUBNET1_CIDR   = "192.168.80.0/20"
 	EBS_STORAGE            = "ebs"
 	INSTANCE_STORE_STORAGE = "instance-store"
+	NONE_STORAGE           = "none"
 )
 
 // Validate checks Amazon's node fields
@@ -251,9 +252,22 @@ func (a *NodePool) Validate(npName string) error {
 		a.SpotPrice = eks2.DefaultSpotPrice
 	}
 
-	if a.Volumes != nil && a.Volumes.InstanceRoot != nil && a.Volumes.KubeletRoot != nil &&
-		a.Volumes.InstanceRoot.Storage == INSTANCE_STORE_STORAGE && a.Volumes.KubeletRoot.Storage == EBS_STORAGE {
-		return pkgErrors.ErrorAmazonEksNodePoolIncompatibleVolumes
+	if a.Volumes != nil {
+		if a.Volumes.InstanceRoot != nil &&
+			EBS_STORAGE != a.Volumes.InstanceRoot.Storage && INSTANCE_STORE_STORAGE != a.Volumes.InstanceRoot.Storage {
+			return pkgErrors.ErrorAmazonEksNodePoolInvalidInstanceRootVolumeType
+		}
+
+		if a.Volumes.KubeletRoot != nil &&
+			EBS_STORAGE != a.Volumes.KubeletRoot.Storage && INSTANCE_STORE_STORAGE != a.Volumes.KubeletRoot.Storage &&
+			NONE_STORAGE != a.Volumes.KubeletRoot.Storage {
+			return pkgErrors.ErrorAmazonEksNodePoolInvalidKubeletRootVolumeType
+		}
+
+		if a.Volumes.InstanceRoot != nil && a.Volumes.KubeletRoot != nil &&
+			a.Volumes.InstanceRoot.Storage == INSTANCE_STORE_STORAGE && a.Volumes.KubeletRoot.Storage == EBS_STORAGE {
+			return pkgErrors.ErrorAmazonEksNodePoolIncompatibleVolumes
+		}
 	}
 
 	// --- [Label validation]--- //
@@ -296,11 +310,23 @@ func (a *NodePool) ValidateForUpdate(npName string) error {
 		}
 	}
 
-	if a.Volumes != nil && a.Volumes.InstanceRoot != nil && a.Volumes.KubeletRoot != nil &&
-		a.Volumes.InstanceRoot.Storage == INSTANCE_STORE_STORAGE && a.Volumes.KubeletRoot.Storage == EBS_STORAGE {
-		return pkgErrors.ErrorAmazonEksNodePoolIncompatibleVolumes
-	}
+	if a.Volumes != nil {
+		if a.Volumes.InstanceRoot != nil &&
+			EBS_STORAGE != a.Volumes.InstanceRoot.Storage && INSTANCE_STORE_STORAGE != a.Volumes.InstanceRoot.Storage {
+			return pkgErrors.ErrorAmazonEksNodePoolInvalidInstanceRootVolumeType
+		}
+
+		if a.Volumes.KubeletRoot != nil &&
+			EBS_STORAGE != a.Volumes.KubeletRoot.Storage && INSTANCE_STORE_STORAGE != a.Volumes.KubeletRoot.Storage &&
+			NONE_STORAGE != a.Volumes.KubeletRoot.Storage {
+			return pkgErrors.ErrorAmazonEksNodePoolInvalidKubeletRootVolumeType
+		}
 
+		if a.Volumes.InstanceRoot != nil && a.Volumes.KubeletRoot != nil &&
+			a.Volumes.InstanceRoot.Storage == INSTANCE_STORE_STORAGE && a.Volumes.KubeletRoot.Storage == EBS_STORAGE {
+			return pkgErrors.ErrorAmazonEksNodePoolIncompatibleVolumes
+		}
+	}
 	// --- [Label validation]--- //
 	if err := pkgCommon.ValidateNodePoolLabels(npName, a.Labels); err != nil {
 		return err
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go b/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
index a0aaac7d82..5e29eae063 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/create_asg_activity.go
@@ -328,19 +328,19 @@ func (a *CreateAsgActivity) Execute(ctx context.Context, input CreateAsgActivity
 }
 
 func getDefaultedTemplateVolumeParams(volume *eks.NodePoolVolume, defaultNodeVolumeEncryption *eks.NodePoolVolumeEncryption) (string, int, string, string, string) {
-	storageType := ""
+	storage := ""
 	size := 0
 	nodeVolumeEncryptionEnabled := "" // Note: defaulting to AWS account default encryption settings.
 	nodeVolumeEncryptionKeyARN := ""
 	nodeVolumeType := ""
 
 	if volume == nil {
-		return storageType, size, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType
+		return storage, size, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType
 	}
 
-	storageType = volume.Storage
+	storage = volume.Storage
 
-	if eks.EBS_STORAGE == storageType {
+	if eks.EBS_STORAGE == storage {
 		size = volume.Size
 
 		if volume.Encryption != nil {
@@ -365,7 +365,7 @@ func getDefaultedTemplateVolumeParams(volume *eks.NodePoolVolume, defaultNodeVol
 			nodeVolumeType = "gp3"
 		}
 	}
-	return storageType, size, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType
+	return storage, size, nodeVolumeEncryptionEnabled, nodeVolumeEncryptionKeyARN, nodeVolumeType
 }
 
 // Register registers the stored node pool deletion activity.
diff --git a/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go b/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go
index f4eddaf262..8d57d2e2c6 100644
--- a/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go
+++ b/internal/cluster/distribution/eks/eksprovider/workflow/create_node_pool_workflow.go
@@ -222,6 +222,21 @@ func (w CreateNodePoolWorkflow) Execute(ctx workflow.Context, input CreateNodePo
 		input.NodePool.Volumes.KubeletRoot.Storage = eks.NONE_STORAGE
 	}
 
+	volumes := input.NodePool.Volumes
+	if eks.INSTANCE_STORE_STORAGE == volumes.InstanceRoot.Storage {
+		volumes.InstanceRoot.Encryption = nil
+		// could not be set to empty value
+		volumes.InstanceRoot.Type = "gp3"
+		volumes.InstanceRoot.Size = 0
+	}
+
+	if eks.INSTANCE_STORE_STORAGE == volumes.KubeletRoot.Storage ||
+		eks.NONE_STORAGE == volumes.KubeletRoot.Storage {
+		volumes.KubeletRoot.Encryption = nil
+		volumes.KubeletRoot.Type = ""
+		volumes.KubeletRoot.Size = 0
+	}
+
 	// select default AMI size for InstanceRoot volume in case it's EBS
 	if input.NodePool.Volumes != nil && input.NodePool.Volumes.InstanceRoot.Storage == eks.EBS_STORAGE {
 		amiSize, err := getAMISize(ctx, eksActivityInput, input.NodePool.Image)
diff --git a/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go b/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
index 57fe7b7750..e0ba039803 100644
--- a/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
+++ b/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
@@ -114,14 +114,13 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 		nodeLabels = append(nodeLabels, fmt.Sprintf("%v=%v", cluster.NodePoolVersionLabelKey, input.NodePoolVersion))
 	}
 
-	nodeVolumeStorage := ""
+	nodeVolumeStorage := input.NodeVolumes.InstanceRoot.Storage
 	nodeVolumeEncryptionEnabled := ""
 	nodeVolumeEncryptionKeyARN := ""
 	nodeVolumeType := ""
 	nodeVolumeSize := 0
 
 	if input.NodeVolumes.InstanceRoot != nil && eks.EBS_STORAGE == input.NodeVolumes.InstanceRoot.Storage {
-		nodeVolumeStorage = input.NodeVolumes.InstanceRoot.Storage
 		if input.NodeVolumes.InstanceRoot.Encryption != nil {
 			nodeVolumeEncryptionEnabled = strconv.FormatBool(input.NodeVolumes.InstanceRoot.Encryption.Enabled)
 		} else if input.CurrentTemplateVersion.IsLessThan("2.1.0") &&
@@ -150,13 +149,12 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 		nodeVolumeSize = input.NodeVolumes.InstanceRoot.Size
 	}
 
-	kubeletRootVolumeStorage := ""
+	kubeletRootVolumeStorage := input.NodeVolumes.KubeletRoot.Storage
 	kubeletRootVolumeEncryptionEnabled := ""
 	kubeletRootVolumeEncryptionKeyARN := ""
 	kubeletRootVolumeType := ""
 	kubeletRootVolumeSize := 0
 	if input.NodeVolumes.KubeletRoot != nil && eks.EBS_STORAGE == input.NodeVolumes.KubeletRoot.Storage {
-		kubeletRootVolumeStorage = input.NodeVolumes.KubeletRoot.Storage
 		if input.NodeVolumes.KubeletRoot.Encryption != nil {
 			kubeletRootVolumeEncryptionEnabled = strconv.FormatBool(input.NodeVolumes.KubeletRoot.Encryption.Enabled)
 		} else if input.CurrentTemplateVersion.IsLessThan("2.5.0") &&
diff --git a/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go b/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
index cbfa866a0c..550808daa5 100644
--- a/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
+++ b/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
@@ -187,22 +187,32 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 		if effectiveVolumes.InstanceRoot.Storage == "" {
 			effectiveVolumes.InstanceRoot.Storage = parameters.NodeVolumeStorage
 		}
-
-		if effectiveVolumes.InstanceRoot.Encryption == nil &&
-			parameters.NodeVolumeEncryptionEnabled != "" {
-			isNodeVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.NodeVolumeEncryptionEnabled)
-			if err != nil {
-				return errors.WrapIf(err, "invalid node volume encryption enabled value")
+		// load EBS volume related params only in case storage == ebs
+		if eks.EBS_STORAGE == effectiveVolumes.InstanceRoot.Storage {
+			if effectiveVolumes.InstanceRoot.Encryption == nil &&
+				parameters.NodeVolumeEncryptionEnabled != "" {
+				isNodeVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.NodeVolumeEncryptionEnabled)
+				if err != nil {
+					return errors.WrapIf(err, "invalid node volume encryption enabled value")
+				}
+
+				effectiveVolumes.InstanceRoot.Encryption = &eks.NodePoolVolumeEncryption{
+					Enabled:          isNodeVolumeEncryptionEnabled,
+					EncryptionKeyARN: parameters.NodeVolumeEncryptionKeyARN,
+				}
 			}
 
-			effectiveVolumes.InstanceRoot.Encryption = &eks.NodePoolVolumeEncryption{
-				Enabled:          isNodeVolumeEncryptionEnabled,
-				EncryptionKeyARN: parameters.NodeVolumeEncryptionKeyARN,
+			if effectiveVolumes.InstanceRoot.Size == 0 {
+				effectiveVolumes.InstanceRoot.Size = parameters.NodeVolumeSize
 			}
-		}
-
-		if effectiveVolumes.InstanceRoot.Size == 0 {
-			effectiveVolumes.InstanceRoot.Size = parameters.NodeVolumeSize
+			if effectiveVolumes.InstanceRoot.Type == "" {
+				effectiveVolumes.InstanceRoot.Type = "gp3"
+			}
+		} else if eks.INSTANCE_STORE_STORAGE == effectiveVolumes.InstanceRoot.Storage {
+			effectiveVolumes.InstanceRoot.Encryption = nil
+			// can not be set to empty string
+			effectiveVolumes.InstanceRoot.Type = "gp3"
+			effectiveVolumes.InstanceRoot.Size = 0
 		}
 
 		if effectiveVolumes.KubeletRoot.Storage == "" {
@@ -214,21 +224,36 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 			}
 		}
 
-		if effectiveVolumes.KubeletRoot.Encryption == nil &&
-			parameters.KubeletRootVolumeEncryptionEnabled != "" {
-			isVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.KubeletRootVolumeEncryptionEnabled)
-			if err != nil {
-				return errors.WrapIf(err, "invalid kubelet root volume encryption enabled value")
+		// load EBS volume related params only in case storage == ebs
+		if eks.EBS_STORAGE == effectiveVolumes.KubeletRoot.Storage {
+			if effectiveVolumes.KubeletRoot.Encryption == nil &&
+				parameters.KubeletRootVolumeEncryptionEnabled != "" {
+				isVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.KubeletRootVolumeEncryptionEnabled)
+				if err != nil {
+					return errors.WrapIf(err, "invalid kubelet root volume encryption enabled value")
+				}
+
+				effectiveVolumes.KubeletRoot.Encryption = &eks.NodePoolVolumeEncryption{
+					Enabled:          isVolumeEncryptionEnabled,
+					EncryptionKeyARN: parameters.KubeletRootVolumeEncryptionKeyARN,
+				}
 			}
 
-			effectiveVolumes.KubeletRoot.Encryption = &eks.NodePoolVolumeEncryption{
-				Enabled:          isVolumeEncryptionEnabled,
-				EncryptionKeyARN: parameters.KubeletRootVolumeEncryptionKeyARN,
+			if effectiveVolumes.KubeletRoot.Size == 0 {
+				effectiveVolumes.KubeletRoot.Size = parameters.KubeletRootVolumeSize
 			}
-		}
-
-		if effectiveVolumes.KubeletRoot.Size == 0 {
-			effectiveVolumes.KubeletRoot.Size = parameters.KubeletRootVolumeSize
+			// set default size in case it's still 0
+			if effectiveVolumes.KubeletRoot.Size == 0 {
+				effectiveVolumes.KubeletRoot.Size = 50
+			}
+			if effectiveVolumes.KubeletRoot.Type == "" {
+				effectiveVolumes.KubeletRoot.Type = "gp3"
+			}
+		} else if eks.INSTANCE_STORE_STORAGE == effectiveVolumes.KubeletRoot.Storage ||
+			eks.NONE_STORAGE == effectiveVolumes.KubeletRoot.Storage {
+			effectiveVolumes.KubeletRoot.Encryption = nil
+			effectiveVolumes.KubeletRoot.Type = ""
+			effectiveVolumes.KubeletRoot.Size = 0
 		}
 
 		if effectiveSecurityGroups == nil &&
diff --git a/internal/cluster/distribution/eks/node_pool.go b/internal/cluster/distribution/eks/node_pool.go
index c71b2aef4d..2f6e7576d2 100644
--- a/internal/cluster/distribution/eks/node_pool.go
+++ b/internal/cluster/distribution/eks/node_pool.go
@@ -82,10 +82,23 @@ func (n NewNodePool) Validate() error {
 		violations = append(violations, "instance type cannot be empty")
 	}
 
-	if n.Volumes != nil && n.Volumes.InstanceRoot != nil && n.Volumes.KubeletRoot != nil &&
-		n.Volumes.InstanceRoot.Storage == INSTANCE_STORE_STORAGE && n.Volumes.KubeletRoot.Storage == EBS_STORAGE {
-		violations = append(violations, "`volumes.kubeletRoot.storage` can not be of type `ebs` in case "+
-			"`volumes.instanceRoot.storage = instance-store`")
+	if n.Volumes != nil {
+		if n.Volumes.InstanceRoot != nil &&
+			EBS_STORAGE != n.Volumes.InstanceRoot.Storage && INSTANCE_STORE_STORAGE != n.Volumes.InstanceRoot.Storage {
+			violations = append(violations, "Invalid value specified in `volumes.instanceRoot.storage`. Valid values are: ebs, instance-storage.")
+		}
+
+		if n.Volumes.KubeletRoot != nil &&
+			EBS_STORAGE != n.Volumes.KubeletRoot.Storage && INSTANCE_STORE_STORAGE != n.Volumes.KubeletRoot.Storage ||
+			NONE_STORAGE != n.Volumes.KubeletRoot.Storage {
+			violations = append(violations, "Invalid value specified in `volumes.kubeletRoot.storage`. Valid values are: ebs, instance-storage, none.")
+		}
+
+		if n.Volumes != nil && n.Volumes.InstanceRoot != nil && n.Volumes.KubeletRoot != nil &&
+			n.Volumes.InstanceRoot.Storage == INSTANCE_STORE_STORAGE && n.Volumes.KubeletRoot.Storage == EBS_STORAGE {
+			violations = append(violations, "`volumes.kubeletRoot.storage` can not be of type `ebs` in case "+
+				"`volumes.instanceRoot.storage = instance-store`")
+		}
 	}
 
 	if len(violations) > 0 {
diff --git a/internal/cluster/distribution/eks/service.go b/internal/cluster/distribution/eks/service.go
index 60c92cedea..33be17bffc 100644
--- a/internal/cluster/distribution/eks/service.go
+++ b/internal/cluster/distribution/eks/service.go
@@ -106,6 +106,36 @@ type NodePoolUpdateDrainOptions struct {
 	PodSelector string `mapstructure:"podSelector"`
 }
 
+// Validate semantically validates the node pool update parameters.
+func (n NodePoolUpdate) Validate() error {
+	var violations []string
+
+	if n.Volumes != nil {
+		if n.Volumes.InstanceRoot != nil &&
+			EBS_STORAGE != n.Volumes.InstanceRoot.Storage && INSTANCE_STORE_STORAGE != n.Volumes.InstanceRoot.Storage {
+			violations = append(violations, "Invalid value specified in `volumes.instanceRoot.storage`. Valid values are: ebs, instance-storage.")
+		}
+
+		if n.Volumes.KubeletRoot != nil &&
+			EBS_STORAGE != n.Volumes.KubeletRoot.Storage && INSTANCE_STORE_STORAGE != n.Volumes.KubeletRoot.Storage &&
+			NONE_STORAGE != n.Volumes.KubeletRoot.Storage {
+			violations = append(violations, "Invalid value specified in `volumes.kubeletRoot.storage`. Valid values are: ebs, instance-storage, none.")
+		}
+
+		if n.Volumes != nil && n.Volumes.InstanceRoot != nil && n.Volumes.KubeletRoot != nil &&
+			n.Volumes.InstanceRoot.Storage == INSTANCE_STORE_STORAGE && n.Volumes.KubeletRoot.Storage == EBS_STORAGE {
+			violations = append(violations, "`volumes.kubeletRoot.storage` can not be of type `ebs` in case "+
+				"`volumes.instanceRoot.storage = instance-store`")
+		}
+	}
+
+	if len(violations) > 0 {
+		return cluster.NewValidationError("invalid node pool creation request", violations)
+	}
+
+	return nil
+}
+
 // NodePool encapsulates information about a cluster node pool.
 type NodePool struct {
 	Name        string            `mapstructure:"name"`
diff --git a/pkg/errors/errors.go b/pkg/errors/errors.go
index f9e7d16c45..2f9d8f710f 100644
--- a/pkg/errors/errors.go
+++ b/pkg/errors/errors.go
@@ -23,9 +23,11 @@ var (
 	ErrorAmazonImageFieldIsEmpty      = errors.New("Required field 'image' is empty ")
 	ErrorInstancetypeFieldIsEmpty     = errors.New("Required field 'instanceType' is empty ")
 
-	ErrorAmazonEksFieldIsEmpty                = errors.New("Required field 'eks' is empty.")
-	ErrorAmazonEksNodePoolFieldIsEmpty        = errors.New("At least one 'nodePool' is required.")
-	ErrorAmazonEksNodePoolIncompatibleVolumes = errors.New("`volumes.kubeletRoot.storage` can not be of type `ebs` in case " +
+	ErrorAmazonEksFieldIsEmpty                          = errors.New("Required field 'eks' is empty.")
+	ErrorAmazonEksNodePoolFieldIsEmpty                  = errors.New("At least one 'nodePool' is required.")
+	ErrorAmazonEksNodePoolInvalidInstanceRootVolumeType = errors.New("Invalid value specified in `volumes.instanceRoot.storage`. Valid values are: ebs, instance-storage.")
+	ErrorAmazonEksNodePoolInvalidKubeletRootVolumeType  = errors.New("Invalid value specified in `volumes.kubeletRoot.storage`. Valid values are: ebs, instance-storage, none.")
+	ErrorAmazonEksNodePoolIncompatibleVolumes           = errors.New("`volumes.kubeletRoot.storage` can not be of type `ebs` in case " +
 		"`volumes.instanceRoot.storage = instance-store`")
 
 	ErrorNodePoolMinMaxFieldError      = errors.New("'maxCount' must be greater than 'minCount'")
diff --git a/src/cluster/eks_update_cluster.go b/src/cluster/eks_update_cluster.go
index 3c05f9a30e..be1412cf82 100644
--- a/src/cluster/eks_update_cluster.go
+++ b/src/cluster/eks_update_cluster.go
@@ -263,22 +263,32 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 				if effectiveVolumes.InstanceRoot.Storage == "" {
 					effectiveVolumes.InstanceRoot.Storage = parameters.NodeVolumeStorage
 				}
-
-				if effectiveVolumes.InstanceRoot.Encryption == nil &&
-					parameters.NodeVolumeEncryptionEnabled != "" {
-					isNodeVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.NodeVolumeEncryptionEnabled)
-					if err != nil {
-						return errors.WrapIf(err, "invalid node volume encryption enabled value")
+				// load EBS volume related params only in case storage == ebs
+				if eks.EBS_STORAGE == effectiveVolumes.InstanceRoot.Storage {
+					if effectiveVolumes.InstanceRoot.Encryption == nil &&
+						parameters.NodeVolumeEncryptionEnabled != "" {
+						isNodeVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.NodeVolumeEncryptionEnabled)
+						if err != nil {
+							return errors.WrapIf(err, "invalid node volume encryption enabled value")
+						}
+
+						effectiveVolumes.InstanceRoot.Encryption = &eks.NodePoolVolumeEncryption{
+							Enabled:          isNodeVolumeEncryptionEnabled,
+							EncryptionKeyARN: parameters.NodeVolumeEncryptionKeyARN,
+						}
 					}
 
-					effectiveVolumes.InstanceRoot.Encryption = &eks.NodePoolVolumeEncryption{
-						Enabled:          isNodeVolumeEncryptionEnabled,
-						EncryptionKeyARN: parameters.NodeVolumeEncryptionKeyARN,
+					if effectiveVolumes.InstanceRoot.Size == 0 {
+						effectiveVolumes.InstanceRoot.Size = parameters.NodeVolumeSize
 					}
-				}
-
-				if effectiveVolumes.InstanceRoot.Size == 0 {
-					effectiveVolumes.InstanceRoot.Size = parameters.NodeVolumeSize
+					if effectiveVolumes.InstanceRoot.Type == "" {
+						effectiveVolumes.InstanceRoot.Type = "gp3"
+					}
+				} else if eks.INSTANCE_STORE_STORAGE == effectiveVolumes.InstanceRoot.Storage {
+					effectiveVolumes.InstanceRoot.Encryption = nil
+					// can not be set to empty string
+					effectiveVolumes.InstanceRoot.Type = "gp3"
+					effectiveVolumes.InstanceRoot.Size = 0
 				}
 
 				if effectiveVolumes.KubeletRoot.Storage == "" {
@@ -289,22 +299,36 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 						effectiveVolumes.KubeletRoot.Storage = parameters.KubeletRootVolumeStorage
 					}
 				}
-
-				if effectiveVolumes.KubeletRoot.Encryption == nil &&
-					parameters.KubeletRootVolumeEncryptionEnabled != "" {
-					isVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.KubeletRootVolumeEncryptionEnabled)
-					if err != nil {
-						return errors.WrapIf(err, "invalid kubelet root volume encryption enabled value")
+				// load EBS volume related params only in case storage == ebs
+				if eks.EBS_STORAGE == effectiveVolumes.KubeletRoot.Storage {
+					if effectiveVolumes.KubeletRoot.Encryption == nil &&
+						parameters.KubeletRootVolumeEncryptionEnabled != "" {
+						isVolumeEncryptionEnabled, err := strconv.ParseBool(parameters.KubeletRootVolumeEncryptionEnabled)
+						if err != nil {
+							return errors.WrapIf(err, "invalid kubelet root volume encryption enabled value")
+						}
+
+						effectiveVolumes.KubeletRoot.Encryption = &eks.NodePoolVolumeEncryption{
+							Enabled:          isVolumeEncryptionEnabled,
+							EncryptionKeyARN: parameters.KubeletRootVolumeEncryptionKeyARN,
+						}
 					}
 
-					effectiveVolumes.KubeletRoot.Encryption = &eks.NodePoolVolumeEncryption{
-						Enabled:          isVolumeEncryptionEnabled,
-						EncryptionKeyARN: parameters.KubeletRootVolumeEncryptionKeyARN,
+					if effectiveVolumes.KubeletRoot.Size == 0 {
+						effectiveVolumes.KubeletRoot.Size = parameters.KubeletRootVolumeSize
 					}
-				}
-
-				if effectiveVolumes.KubeletRoot.Size == 0 {
-					effectiveVolumes.KubeletRoot.Size = parameters.KubeletRootVolumeSize
+					// set default size in case it's still 0
+					if effectiveVolumes.KubeletRoot.Size == 0 {
+						effectiveVolumes.KubeletRoot.Size = 50
+					}
+					if effectiveVolumes.KubeletRoot.Type == "" {
+						effectiveVolumes.KubeletRoot.Type = "gp3"
+					}
+				} else if eks.INSTANCE_STORE_STORAGE == effectiveVolumes.KubeletRoot.Storage ||
+					eks.NONE_STORAGE == effectiveVolumes.KubeletRoot.Storage {
+					effectiveVolumes.KubeletRoot.Encryption = nil
+					effectiveVolumes.KubeletRoot.Type = ""
+					effectiveVolumes.KubeletRoot.Size = 0
 				}
 			}
 

From 3abc6cef257037e85d3f29c473af23510c97defc Mon Sep 17 00:00:00 2001
From: Magyari Sandor Szilard <sancyx@gmail.com>
Date: Wed, 25 Aug 2021 16:51:59 +0300
Subject: [PATCH 09/11] add none storage option to OpenAPI spec

---
 .gen/pipeline/api/openapi.yaml                | 19 ++++++++++++++++++
 .../model_eks_node_pool_volume_none.go        | 18 +++++++++++++++++
 apis/pipeline/pipeline.yaml                   | 20 +++++++++++++++++++
 3 files changed, 57 insertions(+)
 create mode 100644 .gen/pipeline/pipeline/model_eks_node_pool_volume_none.go

diff --git a/.gen/pipeline/api/openapi.yaml b/.gen/pipeline/api/openapi.yaml
index 65d83bcf19..135ecb63cd 100644
--- a/.gen/pipeline/api/openapi.yaml
+++ b/.gen/pipeline/api/openapi.yaml
@@ -18886,11 +18886,13 @@ components:
         mapping:
           ebs: '#/components/schemas/EKSNodePoolVolumeEBS'
           instance-store: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
+          none: EKSNodePoolVolumeInstanceNone
         propertyName: storage
       nullable: true
       oneOf:
       - $ref: '#/components/schemas/EKSNodePoolVolumeEBS'
       - $ref: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
+      - $ref: '#/components/schemas/EKSNodePoolVolumeInstanceNone'
     EKSNodePoolVolumes:
       description: An associative collection of EKS node pool node instance volume
         configuration objects keyed by their semantical volume names (example instanceRoot,
@@ -18973,6 +18975,23 @@ components:
       required:
       - storage
       type: object
+    EKSNodePoolVolumeNone:
+      description: We need this struct to be able to remove a volume in case of an
+        update for example.
+      example: |
+        {
+            "storage": "none"
+        }
+      properties:
+        storage:
+          description: Type of the mounted volume's storage on the node instances
+            of the node pool.
+          enum:
+          - instance-store
+          type: string
+      required:
+      - storage
+      type: object
     EKSNodePoolVolumeEncryption:
       description: Encryption details of the instance volumes in an EKS node pool
         (default null -> control plane configuration -> AWS account default).
diff --git a/.gen/pipeline/pipeline/model_eks_node_pool_volume_none.go b/.gen/pipeline/pipeline/model_eks_node_pool_volume_none.go
new file mode 100644
index 0000000000..642e2aa5da
--- /dev/null
+++ b/.gen/pipeline/pipeline/model_eks_node_pool_volume_none.go
@@ -0,0 +1,18 @@
+/*
+ * Pipeline API
+ *
+ * Pipeline is a feature rich application platform, built for containers on top of Kubernetes to automate the DevOps experience, continuous application development and the lifecycle of deployments. 
+ *
+ * API version: latest
+ * Contact: info@banzaicloud.com
+ * Generated by: OpenAPI Generator (https://openapi-generator.tech)
+ */
+
+package pipeline
+
+// EksNodePoolVolumeNone - We need this struct to be able to remove a volume in case of an update for example.
+type EksNodePoolVolumeNone struct {
+
+	// Type of the mounted volume's storage on the node instances of the node pool.
+	Storage string `json:"storage"`
+}
diff --git a/apis/pipeline/pipeline.yaml b/apis/pipeline/pipeline.yaml
index d98b48b83c..605700cb16 100644
--- a/apis/pipeline/pipeline.yaml
+++ b/apis/pipeline/pipeline.yaml
@@ -4639,10 +4639,12 @@ components:
                 mapping:
                     ebs: '#/components/schemas/EKSNodePoolVolumeEBS'
                     instance-store: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
+                    none: 'EKSNodePoolVolumeInstanceNone'
             nullable: true
             oneOf:
                 - $ref: '#/components/schemas/EKSNodePoolVolumeEBS'
                 - $ref: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
+                - $ref: '#/components/schemas/EKSNodePoolVolumeInstanceNone'
 
         EKSNodePoolVolumes:
             description: An associative collection of EKS node pool node
@@ -4762,6 +4764,24 @@ components:
                 - storage
             type: object
 
+        EKSNodePoolVolumeNone:
+            description: We need this struct to be able to remove a volume in case of an update for example.
+
+            example: |
+                {
+                    "storage": "none"
+                }
+            properties:
+                storage:
+                    description: Type of the mounted volume's storage on the
+                        node instances of the node pool.
+                    type: string
+                    enum:
+                        - instance-store
+            required:
+                - storage
+            type: object
+
         EKSNodePoolVolumeEncryption:
             description: Encryption details of the instance volumes in an EKS
                 node pool (default null -> control plane configuration -> AWS

From 35d8e31ce6637bc251cf0b87ea8322229f2a8c0d Mon Sep 17 00:00:00 2001
From: Magyari Sandor Szilard <sancyx@gmail.com>
Date: Wed, 25 Aug 2021 21:08:27 +0300
Subject: [PATCH 10/11] small fixes

---
 .../eks/eksworkflow/activity_update_node_group.go             | 3 +--
 .../distribution/eks/eksworkflow/workflow_update_node_pool.go | 4 ++++
 internal/cluster/distribution/eks/node_pool.go                | 2 +-
 src/cluster/eks_update_cluster.go                             | 4 ++++
 4 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go b/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
index e0ba039803..3f892faed4 100644
--- a/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
+++ b/internal/cluster/distribution/eks/eksworkflow/activity_update_node_group.go
@@ -117,7 +117,7 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 	nodeVolumeStorage := input.NodeVolumes.InstanceRoot.Storage
 	nodeVolumeEncryptionEnabled := ""
 	nodeVolumeEncryptionKeyARN := ""
-	nodeVolumeType := ""
+	nodeVolumeType := "gp3"
 	nodeVolumeSize := 0
 
 	if input.NodeVolumes.InstanceRoot != nil && eks.EBS_STORAGE == input.NodeVolumes.InstanceRoot.Storage {
@@ -141,7 +141,6 @@ func (a UpdateNodeGroupActivity) Execute(ctx context.Context, input UpdateNodeGr
 			nodeVolumeEncryptionKeyARN = a.defaultNodeVolumeEncryption.EncryptionKeyARN
 		}
 
-		nodeVolumeType = "gp3"
 		if input.NodeVolumes.InstanceRoot.Type != "" {
 			nodeVolumeType = input.NodeVolumes.InstanceRoot.Type
 		}
diff --git a/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go b/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
index 550808daa5..ac083fd3d9 100644
--- a/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
+++ b/internal/cluster/distribution/eks/eksworkflow/workflow_update_node_pool.go
@@ -186,6 +186,10 @@ func (w UpdateNodePoolWorkflow) Execute(ctx workflow.Context, input UpdateNodePo
 
 		if effectiveVolumes.InstanceRoot.Storage == "" {
 			effectiveVolumes.InstanceRoot.Storage = parameters.NodeVolumeStorage
+			// set default ebs value for InstanceRoot.Storage for old templates
+			if currentTemplateVersion.IsLessThan("2.5.0") {
+				effectiveVolumes.InstanceRoot.Storage = eks.EBS_STORAGE
+			}
 		}
 		// load EBS volume related params only in case storage == ebs
 		if eks.EBS_STORAGE == effectiveVolumes.InstanceRoot.Storage {
diff --git a/internal/cluster/distribution/eks/node_pool.go b/internal/cluster/distribution/eks/node_pool.go
index 2f6e7576d2..bdf885e528 100644
--- a/internal/cluster/distribution/eks/node_pool.go
+++ b/internal/cluster/distribution/eks/node_pool.go
@@ -89,7 +89,7 @@ func (n NewNodePool) Validate() error {
 		}
 
 		if n.Volumes.KubeletRoot != nil &&
-			EBS_STORAGE != n.Volumes.KubeletRoot.Storage && INSTANCE_STORE_STORAGE != n.Volumes.KubeletRoot.Storage ||
+			EBS_STORAGE != n.Volumes.KubeletRoot.Storage && INSTANCE_STORE_STORAGE != n.Volumes.KubeletRoot.Storage &&
 			NONE_STORAGE != n.Volumes.KubeletRoot.Storage {
 			violations = append(violations, "Invalid value specified in `volumes.kubeletRoot.storage`. Valid values are: ebs, instance-storage, none.")
 		}
diff --git a/src/cluster/eks_update_cluster.go b/src/cluster/eks_update_cluster.go
index be1412cf82..9694c3d8a8 100644
--- a/src/cluster/eks_update_cluster.go
+++ b/src/cluster/eks_update_cluster.go
@@ -262,6 +262,10 @@ func (w EKSUpdateClusterWorkflow) Execute(ctx workflow.Context, input EKSUpdateC
 
 				if effectiveVolumes.InstanceRoot.Storage == "" {
 					effectiveVolumes.InstanceRoot.Storage = parameters.NodeVolumeStorage
+					// set default ebs value for InstanceRoot.Storage for old templates
+					if currentTemplateVersion.IsLessThan("2.5.0") {
+						effectiveVolumes.InstanceRoot.Storage = eks.EBS_STORAGE
+					}
 				}
 				// load EBS volume related params only in case storage == ebs
 				if eks.EBS_STORAGE == effectiveVolumes.InstanceRoot.Storage {

From d5bfc56289acc518a73459fdd3a2e8c847e498ea Mon Sep 17 00:00:00 2001
From: Magyari Sandor Szilard <sancyx@gmail.com>
Date: Mon, 30 Aug 2021 16:23:56 +0200
Subject: [PATCH 11/11] fix Open API spec

---
 .gen/pipeline/api/openapi.yaml | 4 ++--
 apis/pipeline/pipeline.yaml    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.gen/pipeline/api/openapi.yaml b/.gen/pipeline/api/openapi.yaml
index 135ecb63cd..1b740e9f2d 100644
--- a/.gen/pipeline/api/openapi.yaml
+++ b/.gen/pipeline/api/openapi.yaml
@@ -18886,13 +18886,13 @@ components:
         mapping:
           ebs: '#/components/schemas/EKSNodePoolVolumeEBS'
           instance-store: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
-          none: EKSNodePoolVolumeInstanceNone
+          none: EKSNodePoolVolumeNone
         propertyName: storage
       nullable: true
       oneOf:
       - $ref: '#/components/schemas/EKSNodePoolVolumeEBS'
       - $ref: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
-      - $ref: '#/components/schemas/EKSNodePoolVolumeInstanceNone'
+      - $ref: '#/components/schemas/EKSNodePoolVolumeNone'
     EKSNodePoolVolumes:
       description: An associative collection of EKS node pool node instance volume
         configuration objects keyed by their semantical volume names (example instanceRoot,
diff --git a/apis/pipeline/pipeline.yaml b/apis/pipeline/pipeline.yaml
index 605700cb16..7c5b852b1d 100644
--- a/apis/pipeline/pipeline.yaml
+++ b/apis/pipeline/pipeline.yaml
@@ -4639,12 +4639,12 @@ components:
                 mapping:
                     ebs: '#/components/schemas/EKSNodePoolVolumeEBS'
                     instance-store: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
-                    none: 'EKSNodePoolVolumeInstanceNone'
+                    none: 'EKSNodePoolVolumeNone'
             nullable: true
             oneOf:
                 - $ref: '#/components/schemas/EKSNodePoolVolumeEBS'
                 - $ref: '#/components/schemas/EKSNodePoolVolumeInstanceStore'
-                - $ref: '#/components/schemas/EKSNodePoolVolumeInstanceNone'
+                - $ref: '#/components/schemas/EKSNodePoolVolumeNone'
 
         EKSNodePoolVolumes:
             description: An associative collection of EKS node pool node