search

kubernetes-retired / kube-aws

[EOL] A command-line tool to declaratively manage Kubernetes clusters on AWS
Apache License 2.0
1.12k stars 295 forks source link

Upgrade aws auth, fix CF template bug #1887

Closed flah00 closed 4 years ago

flah00 commented 4 years ago

Description

Versions

Installing the aws-iam-authenticator

AWS authenticator expects IAM roles for controllers and workers already exist. As it is currently configured, the aws-iam-authenticator must be enabled after the initial kube-aws apply. This is because the exports on the root stack, for workers, are not available to the control plane stack during creation, ie

+00:06:18 CREATE_FAILED test-Controlplane-13Y4STRG1AGDV "No export named test-NodePoolPool1eWorkerIAMRoleArn found"

flah00 commented 4 years ago

Once the aws iam authenticator is enabled, the root stack can no longer be deleted, because the root stack exports a variable the control plane relies on. To delete the root stack you must first delete the control plane. 

Export k8s-NodePoolPool1eWorkerIAMRoleArn cannot be deleted as it is in use by k8s-Controlplane-1VKY701ZEUMW4
dominicgunn commented 4 years ago

Hey @flah00,

Thanks again for the work. Could you add a comment about that root stack deletion somewhere appropriate so that it doesn't just exist in this PR?

k8s-ci-robot commented 4 years ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To complete the pull request process, please assign justinsb You can assign the PR to them by writing /assign @justinsb in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/kubernetes-incubator/kube-aws/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
dominicgunn commented 4 years ago

/approved /lgtm