eksctl icon indicating copy to clipboard operation
eksctl copied to clipboard

Published 20 hours ago verified publisher icon eksctl-io

Enable the use of config-file for identitymapping creation

Open adamjohnson01 opened this issue 3 years ago • 4 comments

Description

Enables creating IAM Identity Mappings using the config file as requested in #4631

Checklist

  • [ ] Added tests that cover your change (if possible)
  • [x] Added/modified documentation as required (such as the README.md, or the userdocs directory)
  • [x] Manually tested
  • [x] Made sure the title of the PR is a good description that can go into the release notes
  • [x] (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

BONUS POINTS checklist: complete for good vibes and maybe prizes?! :exploding_head:

  • [ ] Backfilled missing tests for code in same general area :tada:
  • [ ] Refactored something and made the world a better place :star2:

adamjohnson01 avatar Jun 26 '22 22:06 adamjohnson01

@adamjohnson01, thanks for the PR! It LGTM, but since it adds a new field to the ClusterConfig schema, we also need to handle creating IAM identity mappings as part of eksctl create cluster. Without it, the feature is incomplete and we can't get it out. Can you work on adding that? You can use the task management code for create cluster as a reference, it should be straightforward.

@cPu1, sure. I actually thought the same thing last night after I created the PR. I will add that as well.

adamjohnson01 avatar Jun 27 '22 09:06 adamjohnson01

Create cluster with IAM identity mappings

2022-06-27 23:16:51 [ℹ] eksctl version 0.105.0-dev+43f30788.2022-06-27T23:00:21Z 2022-06-27 23:16:51 [ℹ] using region eu-west-1 2022-06-27 23:16:51 [✔] using existing VPC (vpc-********) and subnets (private:map[eu-west-1a:{subnet-**** eu-west-1a 10.10.92.0/24 0} eu-west-1b:{subnet-**** eu-west-1b 10.10.93.0/24 0} eu-west-1c:{subnet-**** eu-west-1c 10.10.94.0/24 0} eu-west-1d:{subnet-**** eu-west-1d 10.10.95.0/24 0}] public:map[]) 2022-06-27 23:16:51 [!] custom VPC/subnets will be used; if resulting cluster doesn't function as expected, make sure to review the configuration of VPC/subnets 2022-06-27 23:16:51 [ℹ] using Kubernetes version 1.21 2022-06-27 23:16:51 [ℹ] creating EKS cluster "maps" in "eu-west-1" region with 2022-06-27 23:16:51 [ℹ] will create a CloudFormation stack for cluster itself and 0 nodegroup stack(s) 2022-06-27 23:16:51 [ℹ] will create a CloudFormation stack for cluster itself and 0 managed nodegroup stack(s) 2022-06-27 23:16:51 [ℹ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=eu-west-1 --cluster=maps' 2022-06-27 23:16:51 [ℹ] Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "maps" in "eu-west-1" 2022-06-27 23:16:51 [ℹ] CloudWatch logging will not be enabled for cluster "maps" in "eu-west-1" 2022-06-27 23:16:51 [ℹ] you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=eu-west-1 --cluster=maps' 2022-06-27 23:16:51 [ℹ] 2 sequential tasks: { create cluster control plane "maps", 4 sequential sub-tasks: { wait for control plane to become ready, associate IAM OIDC provider, 2 sequential sub-tasks: { create IAM role for serviceaccount "kube-system/aws-node", create serviceaccount "kube-system/aws-node", }, restart daemonset "kube-system/aws-node", } } 2022-06-27 23:16:51 [ℹ] building cluster stack "eksctl-maps-cluster" 2022-06-27 23:16:51 [ℹ] deploying stack "eksctl-maps-cluster" 2022-06-27 23:17:21 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:17:51 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:18:52 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:19:52 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:20:52 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:21:52 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:22:52 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:23:52 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:24:52 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:25:52 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:26:53 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:27:53 [ℹ] waiting for CloudFormation stack "eksctl-maps-cluster" 2022-06-27 23:29:54 [ℹ] building iamserviceaccount stack "eksctl-maps-addon-iamserviceaccount-kube-system-aws-node" 2022-06-27 23:29:54 [ℹ] deploying stack "eksctl-maps-addon-iamserviceaccount-kube-system-aws-node" 2022-06-27 23:29:54 [ℹ] waiting for CloudFormation stack "eksctl-maps-addon-iamserviceaccount-kube-system-aws-node" 2022-06-27 23:30:24 [ℹ] waiting for CloudFormation stack "eksctl-maps-addon-iamserviceaccount-kube-system-aws-node" 2022-06-27 23:30:24 [ℹ] serviceaccount "kube-system/aws-node" already exists 2022-06-27 23:30:24 [ℹ] updated serviceaccount "kube-system/aws-node" 2022-06-27 23:30:24 [ℹ] daemonset "kube-system/aws-node" restarted 2022-06-27 23:30:24 [ℹ] waiting for the control plane availability... 2022-06-27 23:30:25 [✔] saved kubeconfig as "/home/user/.kube/config" 2022-06-27 23:30:25 [ℹ] no tasks 2022-06-27 23:30:25 [✔] all EKS cluster resources for "maps" have been created 2022-06-27 23:30:26 [ℹ] kubectl command should work with "/home/user/.kube/config", try 'kubectl get nodes' 2022-06-27 23:30:26 [ℹ] iamIdentityMappings configuration detected, updating the auth ConfigMap 2022-06-27 23:30:26 [ℹ] checking arn arn:aws:iam::000000000000:role/myRole against entries in the auth ConfigMap 2022-06-27 23:30:26 [ℹ] adding identity "arn:aws:iam::000000000000:role/myRole" to auth ConfigMap 2022-06-27 23:30:26 [ℹ] adding account "000000000000" to auth ConfigMap 2022-06-27 23:30:26 [✔] EKS cluster "maps" in "eu-west-1" region is ready

adamjohnson01 avatar Jun 28 '22 13:06 adamjohnson01

Thanks for the contribution! 🎉 I have left some comments but otherwise LGTM. We can merge it as soon as the requested changes are addressed.

@cPu1 , all the changes have been addressed. Let me know if there is anything else.

adamjohnson01 avatar Aug 09 '22 08:08 adamjohnson01

Thanks for the contribution! tada I have left some comments but otherwise LGTM. We can merge it as soon as the requested changes are addressed.

@cPu1 , all the changes have been addressed. Let me know if there is anything else.

Thanks @adamjohnson01. I skimmed through the changes and it LGTM. We are planning a code-freeze to get some features out this week, so we'll be able to merge your PR next week.

cPu1 avatar Aug 10 '22 08:08 cPu1

Thanks @adamjohnson01. I skimmed through the changes and it LGTM. We are planning a code-freeze to get some features out this week, so we'll be able to merge your PR next week.

@cPu1, will this be merged soon? We are keen to start using the functionality.

adamjohnson01 avatar Aug 30 '22 08:08 adamjohnson01

@cPu1, I have made all of the requested changes. Let me know if there is anything else.

adamjohnson01 avatar Sep 02 '22 20:09 adamjohnson01

@cPu1 bump

jacklei avatar Sep 10 '22 01:09 jacklei

@adamjohnson01, apologies for the delay in getting this merged. Thanks for the contribution!

cPu1 avatar Sep 12 '22 13:09 cPu1

@adamjohnson01, apologies for the delay in getting this merged. Thanks for the contribution!

@cPu1, no problem! 🙂

adamjohnson01 avatar Sep 12 '22 14:09 adamjohnson01