Support for EKS Managed Node Groups + aws-auth with K8s tf provider #5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Run aws-auth Update Commands in Sequence and not Parallel * Update changelog
This commit changes the way aws auth is managed. Before a local file was used the generate the template and a null resource to apply it. This is now switched to the terraform kubernetes provider.
* Finished first cut of managed node groups * Updated formatting and extra fields. * Updating Changelog and README * Fixing formatting * Fixing docs. * Updating required Version * Updating changelog * Adding example for managed node groups * Managed IAM Roles for Nodegroups now have correct policies. Tags can now be added to node groups. * Fixing bug where people could set source_security_group_ids without setting ssh key causing a race condition within the aws provider. * Adding lifecycle create_before_destroy * Adding random pet names for create_before_destroy * Updating per comments. * Updating required versions of terraform * Updating per comments. * Updating vars * Updating minimum version for terraform * Change worker_groups_managed_node_groups to node_groups * Using for_each on the random_pet * Adding changes recommended by @eytanhanig * Update node_groups.tf
* remove empty [] to mapRoles object in aws-auth
Simply having ${yamlencode(var.map_roles)} in mapRoles for aws-auth
creates a empty [] at the end after adding the default roles.
Changing it to be added only when its not empty
* Update aws_auth.tf
* Add destroy-time flag * Update changelog Fix cluster count * Fix cluster count * Fix docs * Fix outputs * Fix unsupported attribute on cluster_certificate_authority_data output Co-Authored-By: Daniel Piddock <[email protected]> * Remove unnecessary flatten from cluster_endpoint output Co-Authored-By: Daniel Piddock <[email protected]> * Improve description of var.enabled * Fix errors manifesting when used on an existing-cluster * Update README.md * Renamed destroy-time flag * Revert removal of changelog addition entry * Update flag name in readme * Update flag variable name * Update cluster referencing for consistency * Update flag name to `create_eks` * Fixed incorrect count-based reference to aws_eks_cluster.this (there's only one) * Replaced all incorrect aws_eks_cluster.this[count.index] references (there will be just one, so using '[0]'). * Changelog update, explicitly mentioning flag * Fixed interpolation deprecation warning * Fixed outputs to support conditional cluster * Applied create_eks to aws_auth.tf * Removed unused variable. Updated Changelog. Formatting. * Fixed references to aws_eks_cluster.this[0] that would raise errors when setting create_eks to false whilst having launch templates or launch configurations configured. * Readme and example updates. * Revert "Readme and example updates." This reverts commit 18a0746. * Updated readme section of conditionally creation with provider example. * Added conditions to node_groups. * Fixed reversed map_roles check * Update aws_auth.tf Revert this due to #611
* Tweaks to changelog * Fix examples link Existing one does not work. This is a permanent link to maintain the upgrade hints path
* add kubernetes provider configuration for managed_node_groups example * use dynamic block for remote_access * update changelog
* cluster_oidc_issuer_url to string change cluster_oidc_issuer_url output to return string * Update CHANGELOG.md adding entry to changelog * Update outputs.tf Co-Authored-By: Daniel Piddock <[email protected]>
* Fix aws-auth config map for managed node groups This change adds the IAM role used for each managed node group to the aws-auth config map. This fixes an issue where managed nodes could not access the EKS kubernetes API server. * update changelog * fix format * add comment Co-authored-by: Max Williams <[email protected]>
* wait for cluster to respond before creating auth config map * adds changelog entry * fixup tf format * fixup kubernetes required version * fixup missing local for kubeconfig_filename * combine wait for cluster into provisioner on cluster; change status check to /healthz on endpoint * fix: make kubernetes provider version more permissive
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
21 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
...