Update 17.x -> 18.x upgrade guide in light of recent return of auth map

[kc-sn]

Is your request related to a new offering from AWS?

Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.

• Not applicable

Is your request related to a problem? Please describe.

The recent change in v18.20.x bringing back the auth mapping is great, however, the upgrade guide is now outdated and it's unclear how to upgrade from a 17.x cluster to the latest 18.x for users who were dependent on the auth_map.

Describe the solution you'd like.

A concise guide on how to properly upgrade the provider given the functionalities return.

Describe alternatives you've considered.

Figuring it out ourselves and contributing to the documentation.

Additional context

None.

[beingamarnath]

@bryantbiggs Any updates here?

[bryantbiggs]

I am looking into providing more information for users upgrading from v17.x to v18.x here https://github.com/clowdhaus/eks-v17-v18-migrate - when ready it will be merged into the docs/.

Regarding the aws-auth configmap however, there is no material migration. Its more of a "upsert" operation

[saurabhkdm]

+1

[beingamarnath]

@bryantbiggs Can we expect any updates on this?

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions[bot]]

This issue was automatically closed because of stale in 10 days

[reedjosh]

Can you please at least link this issue in the upgrade guide?

In my mind the upgrade guide should always be relevant for transitioning from the latest minor release of the major versions. So in this case something like 17.24.x->18.31.x.

I realize we're a bit behind the times just now upgrading, but the current upgrade guide is a mess.

All that said, thank you for the work you have provided, and I'm sorry my first post in your project is a critical one.

[Snehil03]

Anyone manage to do the upgrade ?

[bryantbiggs]

So in this case something like 17.24.x->18.31.x.

That implies that with each new release of the current version, we are meant to re-evaluate the upgrade guide? that does not sound feasible nor applicable - there are no guarantees across a breaking change, that is why its categorized as "breaking"

Anyone manage to do the upgrade ?

Yes, a lot of folks have done the upgrade. Unfortunately, due to the plethora of options and configurations, there isn't a "one size fits all" of "here is exactly how you should migrate from A to B"

In terms of the aws-auth configmap, from v18.20+, using the manage_aws_auth_configmap will be the route nearly all will want to use when migrating. Setting this value to true and adding any additional roles outside of the IAM role used by nodegroups and Fargate profiles (which this module ensures those are added into the configmap when setting this to true to avoid the chicken vs. the egg scenario), should cover 99%+ of the use cases.

As always, use the Terraform plan output to understand what changes will be attempted by Terraform and work backwards from there if you need to make changes before applying

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions[bot]]

This issue was automatically closed because of stale in 10 days

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.