feat: Add support for EKS Auto Mode and EKS Hybrid nodes #3225
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Waiting to try this one. |
antonbabenko
approved these changes
Dec 3, 2024
README.md
Outdated
|
|
||
| When enabling `authentication_mode = "API_AND_CONFIG_MAP"`, EKS will automatically create an access entry for the IAM role(s) used by managed node group(s) and Fargate profile(s). There are no additional actions required by users. For self-managed node groups and the Karpenter sub-module, this project automatically adds the access entry on behalf of users so there are no additional actions required by users. | ||
|
|
||
| On clusters that were created prior to CAM support, there will be an existing access entry for the cluster creator. This was previously not visible when using `aws-auth` ConfigMap, but will become visible when access entry is enabled. |
There was a problem hiding this comment.
CAM = cluster access management. I'll update to use the expanded form for clarity
examples/eks-hybrid-nodes/main.tf
Outdated
| hybrid-all = { | ||
| cidr_blocks = [local.remote_network_cidr] | ||
| description = "Allow all traffic from remote node/pod network" | ||
| from_port = "-1" |
There was a problem hiding this comment.
Can be a number like in the top block
There was a problem hiding this comment.
was able to remove these since the protocol is all
|
we'll go ahead and merge this since it supports creating clusters with EKS Auto Mode and EKS Hybrid nodes, and also supports opting into EKS Auto Mode - the only scenario which is not support at this time is opting into EKS Auto Mode utilizing the built-in nodepools ( |
antonbabenko
pushed a commit
that referenced
this pull request
Dec 4, 2024
## [20.31.0](v20.30.1...v20.31.0) (2024-12-04) ### Features * Add support for EKS Auto Mode and EKS Hybrid nodes ([#3225](#3225)) ([3b974d3](3b974d3))
|
This PR is included in version 20.31.0 🎉 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
systemand/orgeneral-purposeenable_security_groups_for_podsto maintain current cluster IAM role policy behavior; this can be disabled for those not using security groups for pods. This variable and the attachment of theAmazonEKSVPCResourceControllerpolicy will be removed in the next breaking changeMotivation and Context
Breaking Changes
How Has This Been Tested?
examples/*to demonstrate and validate my change(s)examples/*projectspre-commit run -aon my pull request