diff --git a/docs/_partials/destroy.md b/docs/_partials/destroy.md index b571c34473..a781832bc5 100644 --- a/docs/_partials/destroy.md +++ b/docs/_partials/destroy.md @@ -1,4 +1,8 @@ ```sh +# Necessary to avoid removing Terraform's permissions too soon before its finished +# cleaning up the resources it deployed inside the cluster +terraform state rm 'module.eks.aws_eks_access_entry.this["cluster_creator_admin"]' || true + terraform destroy -target="module.eks_blueprints_addons" -auto-approve terraform destroy -target="module.eks" -auto-approve terraform destroy -auto-approve diff --git a/patterns/agones-game-controller/main.tf b/patterns/agones-game-controller/main.tf index 93890ed39a..02b57d01fe 100644 --- a/patterns/agones-game-controller/main.tf +++ b/patterns/agones-game-controller/main.tf @@ -48,6 +48,10 @@ module "eks" { cluster_version = local.cluster_version cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + vpc_id = module.vpc.vpc_id control_plane_subnet_ids = module.vpc.private_subnets subnet_ids = module.vpc.public_subnets diff --git a/patterns/appmesh-mtls/main.tf b/patterns/appmesh-mtls/main.tf index 4f2eea71fa..2a0a92d080 100644 --- a/patterns/appmesh-mtls/main.tf +++ b/patterns/appmesh-mtls/main.tf @@ -60,6 +60,10 @@ module "eks" { cluster_version = "1.29" cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets diff --git a/patterns/aws-vpc-cni-network-policy/main.tf b/patterns/aws-vpc-cni-network-policy/main.tf index 83b6f04cbc..3c75a361f5 100644 --- a/patterns/aws-vpc-cni-network-policy/main.tf +++ b/patterns/aws-vpc-cni-network-policy/main.tf @@ -55,6 +55,10 @@ module "eks" { cluster_version = "1.29" # Must be 1.25 or higher cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets diff --git a/patterns/elastic-fabric-adapter/main.tf b/patterns/elastic-fabric-adapter/main.tf index 412301f740..ac8a584cf9 100644 --- a/patterns/elastic-fabric-adapter/main.tf +++ b/patterns/elastic-fabric-adapter/main.tf @@ -57,6 +57,10 @@ module "eks" { cluster_version = local.cluster_version cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + cluster_addons = { coredns = {} kube-proxy = {} @@ -252,7 +256,7 @@ resource "kubernetes_daemonset" "aws_efa_k8s_device_plugin" { container { name = "aws-efa-k8s-device-plugin" - image = "602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-efa-k8s-device-plugin:v0.4.3" + image = "602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-efa-k8s-device-plugin:v0.4.4" volume_mount { name = "device-plugin" diff --git a/patterns/external-secrets/main.tf b/patterns/external-secrets/main.tf index 1fea9b1149..0a72d8dc1b 100644 --- a/patterns/external-secrets/main.tf +++ b/patterns/external-secrets/main.tf @@ -64,6 +64,10 @@ module "eks" { cluster_version = "1.29" cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets diff --git a/patterns/fargate-serverless/main.tf b/patterns/fargate-serverless/main.tf index 9c9037e7d0..1a975926a2 100644 --- a/patterns/fargate-serverless/main.tf +++ b/patterns/fargate-serverless/main.tf @@ -56,6 +56,10 @@ module "eks" { cluster_version = "1.29" cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets diff --git a/patterns/istio/main.tf b/patterns/istio/main.tf index 28cf08b927..14ce6118e1 100644 --- a/patterns/istio/main.tf +++ b/patterns/istio/main.tf @@ -58,6 +58,10 @@ module "eks" { cluster_version = "1.29" cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + cluster_addons = { coredns = {} kube-proxy = {} diff --git a/patterns/kubecost/main.tf b/patterns/kubecost/main.tf index 40fb5aa746..146f76f6ff 100644 --- a/patterns/kubecost/main.tf +++ b/patterns/kubecost/main.tf @@ -66,6 +66,10 @@ module "eks" { cluster_version = "1.29" cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + # EKS Addons cluster_addons = { aws-ebs-csi-driver = { diff --git a/patterns/private-public-ingress/main.tf b/patterns/private-public-ingress/main.tf index fa77496057..9f3e4421fd 100644 --- a/patterns/private-public-ingress/main.tf +++ b/patterns/private-public-ingress/main.tf @@ -43,6 +43,10 @@ module "eks" { cluster_version = "1.29" cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets diff --git a/patterns/stateful/main.tf b/patterns/stateful/main.tf index 807ee986be..ceff9ffdbf 100644 --- a/patterns/stateful/main.tf +++ b/patterns/stateful/main.tf @@ -61,6 +61,10 @@ module "eks" { cluster_version = "1.29" cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets diff --git a/patterns/tls-with-aws-pca-issuer/main.tf b/patterns/tls-with-aws-pca-issuer/main.tf index b459c7ccd2..4ab60a6baf 100644 --- a/patterns/tls-with-aws-pca-issuer/main.tf +++ b/patterns/tls-with-aws-pca-issuer/main.tf @@ -58,6 +58,10 @@ module "eks" { cluster_version = "1.29" cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets diff --git a/patterns/vpc-lattice/client-server-communication/eks.tf b/patterns/vpc-lattice/client-server-communication/eks.tf index 54ff8c5cc4..87813a9da9 100644 --- a/patterns/vpc-lattice/client-server-communication/eks.tf +++ b/patterns/vpc-lattice/client-server-communication/eks.tf @@ -10,6 +10,10 @@ module "eks" { cluster_version = "1.29" cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + vpc_id = module.cluster_vpc.vpc_id subnet_ids = module.cluster_vpc.private_subnets diff --git a/patterns/wireguard-with-cilium/eks.tf b/patterns/wireguard-with-cilium/eks.tf index 720cd547f7..9a8f7b3a85 100644 --- a/patterns/wireguard-with-cilium/eks.tf +++ b/patterns/wireguard-with-cilium/eks.tf @@ -10,6 +10,10 @@ module "eks" { cluster_version = "1.29" cluster_endpoint_public_access = true + # Give the Terraform identity admin access to the cluster + # which will allow resources to be deployed into the cluster + enable_cluster_creator_admin_permissions = true + # EKS Addons cluster_addons = { coredns = {}