Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: Replaced aws-auth ConfigMap entries with access entries #1920

Merged
merged 1 commit into from
Apr 18, 2024
Merged

refactor: Replaced aws-auth ConfigMap entries with access entries #1920

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 11 additions & 13 deletions patterns/karpenter/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ locals {

module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "~> 19.21"
version = "~> 20.0"

cluster_name = local.name
cluster_version = "1.29"
Expand All @@ -72,18 +72,7 @@ module "eks" {
create_cluster_security_group = false
create_node_security_group = false

manage_aws_auth_configmap = true
aws_auth_roles = [
# We need to add in the Karpenter node IAM role for nodes launched by Karpenter
{
rolearn = module.eks_blueprints_addons.karpenter.node_iam_role_arn
username = "system:node:{{EC2PrivateDNSName}}"
groups = [
"system:bootstrappers",
"system:nodes",
]
},
]
enable_cluster_creator_admin_permissions = true

fargate_profiles = {
karpenter = {
Expand Down Expand Up @@ -154,10 +143,12 @@ module "eks_blueprints_addons" {
}

enable_karpenter = true

karpenter = {
repository_username = data.aws_ecrpublic_authorization_token.token.user_name
repository_password = data.aws_ecrpublic_authorization_token.token.password
}

karpenter_node = {
# Use static name so that it matches what is defined in `karpenter.yaml` example manifest
iam_role_use_name_prefix = false
Expand All @@ -166,6 +157,13 @@ module "eks_blueprints_addons" {
tags = local.tags
}

resource "aws_eks_access_entry" "karpenter_node_access_entry" {
cluster_name = module.eks.cluster_name
principal_arn = module.eks_blueprints_addons.karpenter.node_iam_role_arn
kubernetes_groups = []
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line is causing an issue when you try to re-apply terraform

aws_eks_access_entry.karpenter_node_access_entry: Modifying... [id=<Karpnter-iam-role-arn>]
╷
│ Error: updating EKS Access Entry (<Karpnter-iam-role-arn>): operation error EKS: UpdateAccessEntry, https response error StatusCode: 400, RequestID: e55f3b9f-b1e0-4c30-bfc8-a1a86b8f024e, InvalidParameterException: The username must not begin with system:
│ 
│   with aws_eks_access_entry.karpenter_node_access_entry,
│   on addons.tf line 230, in resource "aws_eks_access_entry" "karpenter_node_access_entry":
│  230: resource "aws_eks_access_entry" "karpenter_node_access_entry" {

Fix is to remove the line

kubernetes_groups = [] from this resource

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the line should not have been there. @vara-bonthu Do you want to send a PR or want me to do it?

type = "EC2_LINUX"
}

################################################################################
# Supporting Resources
################################################################################
Expand Down
Loading