Nuru
commented
8 months ago Yes, we have been awaiting this capability for a long time. That said, we might defer a little bit, waiting for the enhancement expected in v5.34.0 next week.
[!NOTE] UPDATE: We are actively working on this. Currently bothered by this issue which can cause clusters to get destroyed and recreated in the upgrade process.
It appears the upgrade path will have at least one manual step.
My preference is for us to entirely drop the ConfigMap support, though we probably will have to allow for API_AND_CONFIG_MAP.
We will need to work through a lot of scenarios to make sure we can give everyone a smooth upgrade path and don't break things in the process. Please have patience.
Describe the Feature
https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/ and https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#authentication-modes
Upcoming terraform-provider-aws v5.33.0, see https://github.com/hashicorp/terraform-provider-aws/pull/35037
Expected Behavior
Module should allow setting cluster's
access_configand adding associations viaaws_eks_access_entryandaws_eks_access_policy_association.Use Case
Preserving sanity by not having to deal with
aws-authConfigMap.Describe Ideal Solution
Ideally there should be a way for existing cluster/state to migrate from
authentication_mode = "CONFIGMAP"toauthentication_mode = "API"Alternatives Considered
Not using this module.
Additional Context
No response