Need to support Kubernetes 1.20

[jkmin96]

Heather posted about https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-1.20 today. Heather and I tested to create a cluster for 1.20 version of Kubernetes but it failed with this error.

$ terraform plan     
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.template_file.nfs-cloudconfig[0]: Refreshing state...
data.external.git_hash: Refreshing state...
data.template_cloudinit_config.nfs[0]: Refreshing state...
data.external.iac_tooling_version: Refreshing state...
module.eks.data.aws_iam_policy_document.cluster_elb_sl_role_creation[0]: Refreshing state...
module.eks.data.aws_iam_policy_document.cluster_assume_role_policy: Refreshing state...
module.eks.data.aws_ami.eks_worker: Refreshing state...
module.eks.data.aws_caller_identity.current: Refreshing state...
module.eks.data.aws_ami.eks_worker_windows: Refreshing state...
data.aws_caller_identity.terraform: Refreshing state...
module.nfs.data.aws_ami.ubuntu: Refreshing state...
module.eks.data.aws_partition.current: Refreshing state...
module.db.module.db_instance.data.aws_iam_policy_document.enhanced_monitoring: Refreshing state...
data.aws_availability_zones.available: Refreshing state...
module.eks.data.aws_iam_policy_document.workers_assume_role_policy: Refreshing state...

Error: Your query returned no results. Please change your search criteria and try again.

[manoatsas]

AWS EKS for K8s 1.20 requires these IAM polices - https://docs.aws.amazon.com/eks/latest/userguide/default-roles-users.html

[hahewlet]

The policy associated with the Users @jkmin96 and I used has the following set.

"eks:*"

[thpang]

I have successfully deploy SAS Viya 4 into a kubernetes cluster running v1.20.4. I did not run the plan command. Can you verify you have all off the IAM rules reflected here for your service account. Thx.

We don't encourage folks to run terraform plan but follow The Core Terraform Workflow page and it's contents. As state running plan is not typically a step one would use.

[thpang]

@jkmin96 any updates on this one? Just wondering when you'll be able to re-test. Thx.

[hahewlet]

@thpang The doc for this tool suggests we use terraform plan, https://github.com/sassoftware/viya4-iac-aws/blob/main/docs/user/TerraformUsage.md. Does that need to change?

[thpang]

Ok, we'll look at adjusting these items. Don't want to keep fighting with actual terraform docs here. Yes it needs to change.

[jkmin96]

I'm creating a cluster again. It is still in progress but I didn't see the error this time. I will let you know once it is done.

[jkmin96]

Cluster creation was successful with 1.20:

ip-192-168-110-210.us-east-2.compute.internal   Ready    <none>   3m28s   v1.20.4-eks-6b7464   stateful
ip-192-168-118-137.us-east-2.compute.internal   Ready    <none>   3m23s   v1.20.4-eks-6b7464   compute
ip-192-168-15-74.us-east-2.compute.internal     Ready    <none>   3m27s   v1.20.4-eks-6b7464   cas
ip-192-168-26-34.us-east-2.compute.internal     Ready    <none>   3m26s   v1.20.4-eks-6b7464   stateless
ip-192-168-46-65.us-east-2.compute.internal     Ready    <none>   3m27s   v1.20.4-eks-6b7464   cas
ip-192-168-49-193.us-east-2.compute.internal    Ready    <none>   3m28s   v1.20.4-eks-6b7464   connect
ip-192-168-75-76.us-east-2.compute.internal     Ready    <none>   3m28s   v1.20.4-eks-6b7464   cas
ip-192-168-8-233.us-east-2.compute.internal     Ready    <none>   3m28s   v1.20.4-eks-6b7464   stateless
ip-192-168-83-96.us-east-2.compute.internal     Ready    <none>   3m25s   v1.20.4-eks-6b7464
ip-192-168-9-87.us-east-2.compute.internal      Ready    <none>   3m23s   v1.20.4-eks-6b7464
ip-192-168-90-195.us-east-2.compute.internal    Ready    <none>   3m24s   v1.20.4-eks-6b7464   cas
ip-192-168-93-138.us-east-2.compute.internal    Ready    <none>   3m24s   v1.20.4-eks-6b7464   stateless
ip-192-168-96-69.us-east-2.compute.internal     Ready    <none>   3m28s   v1.20.4-eks-6b7464   stateless

[hahewlet]

I was also successful installing a 1.20 cluster today. Maybe the problem was with AWS, thought I could see 1.20 in the EKS list when creating a new cluster. Or maybe there was a problem with terraform or the aws module for terraform?