Update node group IAM role permissions to support IPv6
why
Previous permissions, using AWS managed policy AmazonEKS_CNI_Policy, are insufficient to enable proper functioning of the node when using IPv6
notes
Upgrading to this version, if you have node_role_cni_policy_enabled set to true (the default), will cause a new IAM policy to be created and your existing node group IAM role to have its permissions updated. This will cause a transient interruption in the ability of the node to manage its network interface, but it should heal itself with no interruption to existing services. It may cause a short (some seconds) delay in being able to deploy new Pods.
Nuru
commented
2 years ago
what
why
AmazonEKS_CNI_Policy, are insufficient to enable proper functioning of the node when using IPv6notes
Upgrading to this version, if you have
node_role_cni_policy_enabledset totrue(the default), will cause a new IAM policy to be created and your existing node group IAM role to have its permissions updated. This will cause a transient interruption in the ability of the node to manage its network interface, but it should heal itself with no interruption to existing services. It may cause a short (some seconds) delay in being able to deploy new Pods.references
AmazonEKS_CNI_Policy.