eksctl icon indicating copy to clipboard operation
eksctl copied to clipboard

Published 20 hours ago verified publisher icon eksctl-io

Allow specifying iamidentitymappings for users/groups in the eksctl config file schema

Open rayterrill opened this issue 3 years ago • 18 comments

What feature/behavior/change do you want?

Why do you want this feature?

A very similar mechanism already appears to exist in eksctl when provisioning nodegroups - the aws-auth configmap is already being manipulated to add the nodegroup iam role. Extending this to include iamidentitymappings would allow the eksctl schema to move closer to being able to more fully describe the cluster and all the pieces needed to get it going prior to building.

rayterrill avatar Jan 15 '22 19:01 rayterrill

Hey @rayterrill , we were going to add support to this but in anticipation of a new AWS API we decided against it- see https://github.com/weaveworks/eksctl/issues/874#issuecomment-795808745. However that was quite some time ago and it doesn't seemed to have progressed. I will poke about and see if we can get an update on it, if its not coming soon then I agree its worth adding support for specifying iamidentitymappings in the config file

aclevername avatar Jan 17 '22 10:01 aclevername

Sounds good @aclevername. Let me know too - happy to help add support for this if it fits in with the roadmap! Cheers!

rayterrill avatar Jan 17 '22 17:01 rayterrill

@rayterrill after chatting with some folks I think its worth doing this, lets not wait on the new AWS API.

Would you like to give it a go at implementing? If not we will add it to our backlog :smile:

aclevername avatar Jan 19 '22 13:01 aclevername

Yes let me take a crack at it - Fair warning, I'm still learning go, but I've made a few other contributions to this project and a few others. If y'all are willing to continue to help me learn + stick to standards I'm def willing to give it a go. This would be a big win for us.

rayterrill avatar Jan 19 '22 16:01 rayterrill

Yes let me take a crack at it - Fair warning, I'm still learning go, but I've made a few other contributions to this project and a few others. If y'all are willing to continue to help me learn + stick to standards I'm def willing to give it a go. This would be a big win for us.

absolutely! Give it a go, and feel free to open a draft PR. We can then help with any problems/question :smile:

aclevername avatar Jan 19 '22 16:01 aclevername

@rayterrill Thanks, and of course, we'll provide information or guidelines during pr reviews on how to proceed or where to check something. Don't worry about that. :) If you have a valid PR we'll help to get along with it.

Skarlso avatar Jan 19 '22 16:01 Skarlso

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Feb 19 '22 01:02 github-actions[bot]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Mar 24 '22 02:03 github-actions[bot]

Yes let me take a crack at it - Fair warning, I'm still learning go, but I've made a few other contributions to this project and a few others. If y'all are willing to continue to help me learn + stick to standards I'm def willing to give it a go. This would be a big win for us.

@rayterrill, did you get a chance to work on this? :slightly_smiling_face:

cPu1 avatar Mar 24 '22 07:03 cPu1

I didn't - We ended up going in a different direction (CAPI).

rayterrill avatar Mar 24 '22 20:03 rayterrill

I am happy to implement this.

adamjohnson01 avatar Mar 28 '22 19:03 adamjohnson01

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Apr 28 '22 02:04 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

github-actions[bot] avatar May 04 '22 02:05 github-actions[bot]

@adamjohnson01 Any progress on this one?

corinz avatar May 24 '22 14:05 corinz

Opening this issue since there's a lot of community interest here. @adamjohnson01 @corinz Please feel free to submit PRs, also let us know if you can't implement this, we will add it to our backlog 👍🏻

Himangini avatar May 24 '22 14:05 Himangini

Thank you @Himangini. I cannot implement this, although I see a lot of activity on issue #185 in the last couple years. Ultimately, we can find other ways to mod aws-auth but it is preferable (especially if the functionality already exists) to do it with the eksctl at the time of cluster creation. And of course, the AWS API needs an update, but doesn't seem like we're gonna get that any time soon!

corinz avatar May 24 '22 18:05 corinz

Unfortunately I have not had the time to do this but I will start working on it now.

adamjohnson01 avatar Jun 09 '22 08:06 adamjohnson01

@adamjohnson01 thanks for picking this up, let us know if you need any help 👍🏻

Unfortunately I have not had the time to do this but I will start working on it now.

Himangini avatar Jun 13 '22 18:06 Himangini

This has now been implemented! 🥳

adamjohnson01 avatar Sep 12 '22 14:09 adamjohnson01

This has now been implemented! partying_face

Indeed. Closed by https://github.com/weaveworks/eksctl/pull/5464.

cPu1 avatar Sep 12 '22 14:09 cPu1