Closed z0rc closed 6 months ago
Yes, we have been awaiting this capability for a long time. That said, we might defer a little bit, waiting for the enhancement expected in v5.34.0 next week.
[!NOTE] UPDATE: We are actively working on this. Currently bothered by this issue which can cause clusters to get destroyed and recreated in the upgrade process.
It appears the upgrade path will have at least one manual step.
My preference is for us to entirely drop the ConfigMap support, though we probably will have to allow for API_AND_CONFIG_MAP
.
We will need to work through a lot of scenarios to make sure we can give everyone a smooth upgrade path and don't break things in the process. Please have patience.
@z0rc Please try v4.0.0-rc1 (#206) and let us know what you think.
Note: at present, v4.0.0-rc1 is not available via the Terraform registry. Use a git
ref instead:
source = "github.com/cloudposse/terraform-aws-eks-cluster?ref=v4.0.0-rc1"
Describe the Feature
https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/ and https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#authentication-modes
Upcoming terraform-provider-aws v5.33.0, see https://github.com/hashicorp/terraform-provider-aws/pull/35037
Expected Behavior
Module should allow setting cluster's
access_config
and adding associations viaaws_eks_access_entry
andaws_eks_access_policy_association
.Use Case
Preserving sanity by not having to deal with
aws-auth
ConfigMap.Describe Ideal Solution
Ideally there should be a way for existing cluster/state to migrate from
authentication_mode = "CONFIGMAP"
toauthentication_mode = "API"
Alternatives Considered
Not using this module.
Additional Context
No response