Comments (8)
@bryantbiggs thanks for your thoughts on all this! I had not seen your upgrade guide, only the changelog in this repo. Thank you for pointing that out.
from terraform-aws-eks.
We're running into the same issue. Simply using terraform import
is not ideal and not a complete solution - we need something that will work for new and existing clusters created by this module.
We have a company-standard terraform module containing this one. We are creating clusters everyday and maintaining existing clusters with this same module. For existing clusters, we could just set authenticationMode
to API_AND_CONFIGMAP
with no access_entries
and let the EKS API set the two default access entries for cluster creator and worker nodes. This is what EKS automatically does when making this transition. Because of this, we cannot use the import
block because those resources don't exist when starting a terraform apply
.
So when we have an access entry defined (either manually or via the enable_cluster_creator_admin_permissions
property), this has to be a multi-step operation with the first one resulting in failure:
- Upgrade the module w/ new EKS Access Entries
- Run
terraform apply
, fully expecting it to fail with the error mentioned in this thread. - Run
terraform import
, as prescribed. - Re-run
terraform apply
to complete the operation.
Another option could be manually going through the clusters and running:
aws eks update-cluster-config \
--name <CLUSTER_NAME> \
--access-config authenticationMode=API_AND_CONFIG_MAP
before running terraform apply
. Coupled with the addition of a import
block in the module, this could avoid running into the error.
I think this will be our game plan. Thank you @yaroslav-nakonechnikov for raising this issue! This helped me think through this problem better 😄
from terraform-aws-eks.
you can use https://developer.hashicorp.com/terraform/language/import
from terraform-aws-eks.
Because of this, we cannot use the import block because those resources don't exist when starting a terraform apply
which is exactly why we cannot support it in this module
we need something that will work for new and existing clusters created by this module
I am open to thoughts, but I cannot do anything about resources created outside of this module. I don't know when they will or will not exist, I don't know what they will be named or what users will name their resources - its an unknown of unknowns problem
Have you seen the upgrade guide? If you followed the upgrade guide, you still have a multi-part process but without errors. Using https://github.com/clowdhaus/terraform-aws-eks-migrate-v19-to-v20 which was created specifically for aiding in the upgrade process will avoid the apply error you listed above in step 2
from terraform-aws-eks.
@bryantbiggs https://github.com/clowdhaus/terraform-aws-eks-migrate-v19-to-v20 mentioned only ones, with a note to have terraform 1.7+.
so it can't be used by all, and looks like a workaround.
still, i'd lile to see option, which won't force adding/removing access entries.
not all using single runner to run terraform deploy, so there is a possibility to utilize different roles.
and atm it looks like each role will be overriden by others.
Would be good if i'm wrong, so keeping process of upgrading further.
from terraform-aws-eks.
I think you need to familiarized yourself with how EKS provided access to clusters prior to cluster access entry, and what EKS is doing when you opt into cluster access entry on those clusters
from terraform-aws-eks.
just to be clear, this is the upgrade guide which we store under the docs/
directory https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/UPGRADE-20.0.md
in there, it refers to this one off repo used to aid in migrating from v19 to v20
from terraform-aws-eks.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
from terraform-aws-eks.
Related Issues (20)
- Cluster Security Group Change Issue HOT 7
- No tagging for managed node groups HOT 3
- access_entries with custom resources HOT 2
- Pre-bootstrap user data for al2023 HOT 7
- automatically added access entries on module upgrade to v20.x HOT 3
- DNS Regression with removal of SERVICE_IPV4_CIDR for AL2 EKS Managed Nodes HOT 1
- access_entries is not working for kubernetes terraform operations HOT 1
- Question regarding security group added default to EKS cluster via vpc_config HOT 3
- Add tag_specifications to ASG created by eks_managed_nodegroup HOT 3
- how to achieve blue-green deployment using this module. Could you please help with proper steps HOT 1
- AWS EKS Access Policy Association - ResourceNotFoundException: PrincipalArn Not Found HOT 9
- Terraform tries to recreate clusters previously using ConfigMap auth
- v20 does not support EKS cluster creation with authentication_mode=CONFIG_MAP HOT 6
- Karpenter example does not work, pods are pending (version 20.8.5) HOT 1
- Pod Identity Association missing from Karpenter module HOT 1
- EKS should be recreated when changing the value of create_kms_key
- The module should support eks add-ons deploy flag HOT 6
- Manage node group user data is not being parsed HOT 4
- eks-managed-node-group requires cluster_service_cidr when use_custom_launch_template = false HOT 1
- Module argument cluster_encryption_config does not handle a null value
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-eks.