Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The aws-auth submodule for the aws/eks module no longer validates #3077

Closed
zenbones opened this issue Jun 25, 2024 · 7 comments
Closed

The aws-auth submodule for the aws/eks module no longer validates #3077

zenbones opened this issue Jun 25, 2024 · 7 comments

Comments

@zenbones
Copy link

In the terraform-aws-modules/eks/aws module version 19.17.2 this worked...

module "eks" {
  manage_aws_auth_configmap = true
  aws_auth_roles = [
    {
      rolearn  = data.aws_iam_role.karpenter_instance.arn
      username = "system:node:{{EC2PrivateDNSName}}"
      groups   = ["system:bootstrappers", "system:nodes"]
    },
  ]
  aws_auth_users = var.eks_additional_users
}

But with version 20.14.0 I get...

 Error: Unsupported argument
│
│   on eks-cluster.tf line 90, in module "eks":
│   90:   manage_aws_auth_configmap = true
│
│ An argument named "manage_aws_auth_configmap" is not expected here.
╵
╷
│ Error: Unsupported argument
│
│   on eks-cluster.tf line 91, in module "eks":
│   91:   aws_auth_roles = [
│
│ An argument named "aws_auth_roles" is not expected here.
╵
╷
│ Error: Unsupported argument
│
│   on eks-cluster.tf line 98, in module "eks":
│   98:   aws_auth_users = var.eks_additional_users
│
│ An argument named "aws_auth_users" is not expected here.

But checking the docs for aws-auth, the example seems to show that this should still work.

@bryantbiggs
Copy link
Member

that is not true - its no longer in the root module, you need to define a new sub-module definition to use that

@zenbones
Copy link
Author

First, thank you for the response. The docs should probably be updated... And not to be too dense, but by submodule definition, I should insert something like...

module "eks" {
  aws_auth = {
    manage_aws_auth_configmap = true
    aws_auth_roles = [
      {
        rolearn  = data.aws_iam_role.karpenter_instance.arn
        username = "system:node:{{EC2PrivateDNSName}}"
        groups   = ["system:bootstrappers", "system:nodes"]
      },
    ]
    aws_auth_users = var.eks_additional_users
  }
}

...because I make my way through these things by documentation as opposed to actually knowing what I'm doing.

@zenbones
Copy link
Author

I figured out the module declaration. Thnks.

@mkuzmentsov
Copy link

@zenbones what's the proper module declaration? I'm experiencing the same issue.

@photonbit
Copy link

Whether something is true or not it is complex topic, but I can say that I found the same issue. I understand that this is a change in the contract of the module, and as such it should be treated gently.

For other humans arriving here, taking the original example that opened the issue:

module "eks" {
  manage_aws_auth_configmap = true
  aws_auth_roles = [
    {
      rolearn  = data.aws_iam_role.karpenter_instance.arn
      username = "system:node:{{EC2PrivateDNSName}}"
      groups   = ["system:bootstrappers", "system:nodes"]
    },
  ]
  aws_auth_users = var.eks_additional_users
}

We need to move all auth related things to a new module definition, like

module "eks" {
   source = "terraform-aws-modules/eks/aws"
   cluster_name = "...."
   # All the rest of cluster configuration that was not moved
}

module "aws_auth" {
  source = "terraform-aws-modules/eks/aws//modules/aws-auth"
  manage_aws_auth_configmap = true
  aws_auth_roles = [
    {
      rolearn  = data.aws_iam_role.karpenter_instance.arn
      username = "system:node:{{EC2PrivateDNSName}}"
      groups   = ["system:bootstrappers", "system:nodes"]
    },
  ]
  aws_auth_users = var.eks_additional_users
}

Copy link

github-actions bot commented Aug 7, 2024

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants