provide kubernetesNetworkConfig.serviceIpv6Cidr as output attribute of aws_eks_cluster

[youwalther65]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Is your request related to a new offering from AWS?

AWS EKS supports IPv6 cluster now. EKS will return a kubernetesNetworkConfig which contains the randomly choosen serviceIpv6Cidr

$ aws eks describe-cluster --name my-ipv6-cluster
{
"cluster": {
"name": "my-ipv6-cluster",
"arn": "arn:aws:eks:eu-west-1::cluster/my-ipv6-cluster",
…
"kubernetesNetworkConfig": {
"serviceIpv6Cidr": "fd16:44b2:c6d7::/108",
"ipFamily": "ipv6"
},
…

Currently aws_eks_cluster data source only supports service_ipv4_cidr

Is your request related to a problem? Please describe.

unmanaged nodegroups and MNG with custom LT must supply this to the bootstrap.sh script as a reqwuired inut:
https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh#L304

Describe the solution you'd like.

module.eks should provide an output attribute one can use to feed this into bootstrap_extra_args

Describe alternatives you've considered.

################################################################################
locals {

file must exist at least "touch" it ;-)

output_file = "eks-ipv6-svc-cidr.txt"
}

################################################################################

get EKS IPv6 service CIDR

data source "aws_eks_cluster" does not yet support IPv6, see: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster

################################################################################
resource "null_resource" "get-ipv6-svc-cidr" {
count = var.enable_ipv6_cluster ? 1 : 0

triggers = { always_run = "${timestamp()}" }

requires a recent AWS v2 CLI version which supports all EKS IPv6 attributes

provisioner "local-exec" {
command = "export AWS_REGION=${local.region}; export AWS_DEFAULT_REGION=${local.region}; /usr/local/bin/aws eks describe-cluster --name ${module.eks.cluster_id} --query 'cluster.kubernetesNetworkConfig.serviceIpv6Cidr' --output text | tr -d '\n' > ${path.module}/${local.output_file}"
}
}

data "local_file" "ipv6-svc-cidr" {
filename = "${path.module}/${local.output_file}"
depends_on = [null_resource.get-ipv6-svc-cidr]
}

Additional context

Without providing IPv6 CIDR range the bootstrap.sh will fail. Worker nodes in IPv6 EKS cluster must register with their IPv6 address to have kubelet choose proper communication with API server.

[iancward]

It should be noted that the eks bootstrap.sh script, if you don't provide the IP address options, will obtain the requisite data via a call to the describe-cluster API method.

That being said, this is still a big gap, as anything downstream that needs the cluster service IP range (e.g. anything that works with cluster DNS), you have to shell out and get the data.

[github-actions]

This functionality has been released in v4.34.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.