Skip to content

Commit

Permalink
EKS Auto Mode should not require setting default addons or OIDC (#8082)
Browse files Browse the repository at this point in the history
  • Loading branch information
TiberiuGC authored Dec 13, 2024
1 parent 84ac23d commit 07a7564
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 6 deletions.
13 changes: 7 additions & 6 deletions pkg/apis/eksctl.io/v1alpha5/validation.go
Original file line number Diff line number Diff line change
Expand Up @@ -616,8 +616,13 @@ func (c *ClusterConfig) validateKubernetesNetworkConfig() error {
switch strings.ToLower(c.KubernetesNetworkConfig.IPFamily) {
case strings.ToLower(IPV4Family), "":
case strings.ToLower(IPV6Family):
if missing := c.addonContainsManagedAddons([]string{VPCCNIAddon, CoreDNSAddon, KubeProxyAddon}); len(missing) != 0 {
return fmt.Errorf("the default core addons must be defined for IPv6; missing addon(s): %s", strings.Join(missing, ", "))
if !c.IsAutoModeEnabled() {
if missing := c.addonContainsManagedAddons([]string{VPCCNIAddon, CoreDNSAddon, KubeProxyAddon}); len(missing) != 0 {
return fmt.Errorf("the default core addons must be defined for IPv6; missing addon(s): %s; either define them or use EKS Auto Mode", strings.Join(missing, ", "))
}
if c.IAM == nil || c.IAM != nil && IsDisabled(c.IAM.WithOIDC) {
return fmt.Errorf("oidc needs to be enabled if IPv6 is set; either set it or use EKS Auto Mode")
}
}

unsupportedVersion, err := c.unsupportedVPCCNIAddonVersion()
Expand All @@ -629,10 +634,6 @@ func (c *ClusterConfig) validateKubernetesNetworkConfig() error {
return fmt.Errorf("%s version must be at least version %s for IPv6", VPCCNIAddon, minimumVPCCNIVersionForIPv6)
}

if c.IAM == nil || c.IAM != nil && IsDisabled(c.IAM.WithOIDC) {
return fmt.Errorf("oidc needs to be enabled if IPv6 is set")
}

if version, err := utils.CompareVersions(c.Metadata.Version, Version1_21); err != nil {
return fmt.Errorf("failed to convert %s cluster version to semver: %w", c.Metadata.Version, err)
} else if version == -1 {
Expand Down
30 changes: 30 additions & 0 deletions pkg/apis/eksctl.io/v1alpha5/validation_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1159,6 +1159,20 @@ var _ = Describe("ClusterConfig validation", func() {
})
})

When("ipFamily is set to IPv6, no managed addons are provided, but auto-mode is used", func() {
It("accepts the setting", func() {
cfg.VPC.NAT = nil
cfg.IAM = &api.ClusterIAM{
WithOIDC: api.Enabled(),
}
cfg.AutoModeConfig = &api.AutoModeConfig{
Enabled: aws.Bool(true),
}
err = api.ValidateClusterConfig(cfg)
Expect(err).To(BeNil())
})
})

When("the vpc-cni version is configured", func() {
When("the version of the vpc-cni is too low", func() {
It("returns an error", func() {
Expand Down Expand Up @@ -1258,6 +1272,22 @@ var _ = Describe("ClusterConfig validation", func() {
})
})

When("iam is not set, but auto-mode is used", func() {
It("accepts the setting", func() {
cfg.VPC.NAT = nil
cfg.Addons = append(cfg.Addons,
&api.Addon{Name: api.KubeProxyAddon},
&api.Addon{Name: api.CoreDNSAddon},
&api.Addon{Name: api.VPCCNIAddon},
)
cfg.AutoModeConfig = &api.AutoModeConfig{
Enabled: aws.Bool(true),
}
err = api.ValidateClusterConfig(cfg)
Expect(err).To(BeNil())
})
})

When("iam is set but OIDC is disabled", func() {
It("returns an error", func() {
cfg.IAM = &api.ClusterIAM{
Expand Down

0 comments on commit 07a7564

Please # to comment.