Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add support for EKS Auto Mode and EKS Hybrid nodes #3225

Merged

Conversation

bryantbiggs
Copy link
Member

@bryantbiggs bryantbiggs commented Dec 1, 2024

Description

  • Add support for EKS Auto Mode
    • Adds new role creation for EKS Auto Mode node role when using built-in nodepools system and/or general-purpose
  • Add support for EKS Hybrid nodes
  • Add variable enable_security_groups_for_pods to maintain current cluster IAM role policy behavior; this can be disabled for those not using security groups for pods. This variable and the attachment of the AmazonEKSVPCResourceController policy will be removed in the next breaking change

Motivation and Context

Breaking Changes

  • No

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

@jatin-mehrotra-colorkrew

Waiting to try this one.

Copy link
Member

@antonbabenko antonbabenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very good and very detailed examples! 💪

My questions are minor and very much optional.

README.md Outdated

When enabling `authentication_mode = "API_AND_CONFIG_MAP"`, EKS will automatically create an access entry for the IAM role(s) used by managed node group(s) and Fargate profile(s). There are no additional actions required by users. For self-managed node groups and the Karpenter sub-module, this project automatically adds the access entry on behalf of users so there are no additional actions required by users.

On clusters that were created prior to CAM support, there will be an existing access entry for the cluster creator. This was previously not visible when using `aws-auth` ConfigMap, but will become visible when access entry is enabled.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is CAM support?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CAM = cluster access management. I'll update to use the expanded form for clarity

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

corrected in c24470b

hybrid-all = {
cidr_blocks = [local.remote_network_cidr]
description = "Allow all traffic from remote node/pod network"
from_port = "-1"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be a number like in the top block

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was able to remove these since the protocol is all

@bryantbiggs
Copy link
Member Author

FYI - hashicorp/terraform-provider-aws#40411

@bryantbiggs bryantbiggs marked this pull request as ready for review December 4, 2024 15:11
@bryantbiggs
Copy link
Member Author

we'll go ahead and merge this since it supports creating clusters with EKS Auto Mode and EKS Hybrid nodes, and also supports opting into EKS Auto Mode - the only scenario which is not support at this time is opting into EKS Auto Mode utilizing the built-in nodepools (system, general-purpose). This requires hashicorp/terraform-provider-aws#40411 to be resolved to support that scenario

@bryantbiggs bryantbiggs merged commit 3b974d3 into terraform-aws-modules:master Dec 4, 2024
22 checks passed
@bryantbiggs bryantbiggs deleted the feat/reinvent-2024 branch December 4, 2024 15:24
antonbabenko pushed a commit that referenced this pull request Dec 4, 2024
## [20.31.0](v20.30.1...v20.31.0) (2024-12-04)

### Features

* Add support for EKS Auto Mode and EKS Hybrid nodes ([#3225](#3225)) ([3b974d3](3b974d3))
@antonbabenko
Copy link
Member

This PR is included in version 20.31.0 🎉

Copy link

github-actions bot commented Jan 4, 2025

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 4, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

please update EKS Automode.
3 participants