Enable EKS access entries authentication option

thoughtbot · Dec 16, 2024 · c725251 · c725251
1 parent 1a77025
commit c725251
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 10 deletions.
diff --git a/aws/cluster/main.tf b/aws/cluster/main.tf
@@ -16,16 +16,18 @@ module "network" {
 module "eks_cluster" {
   source = "./modules/eks-cluster"
 
-  enabled_cluster_log_types = var.enabled_cluster_log_types
-  endpoint_private_access   = var.endpoint_private_access
-  endpoint_public_access    = var.endpoint_public_access
-  k8s_version               = var.k8s_version
-  log_retention_in_days     = var.log_retention_in_days
-  name                      = module.cluster_name.full
-  private_subnet_ids        = module.network.private_subnet_ids
-  public_subnet_ids         = module.network.public_subnet_ids
-  tags                      = var.tags
-  vpc                       = module.network.vpc
+  auth_mode                                  = var.auth_mode
+  bootstrap_cluster_creator_admin_permission = var.bootstrap_cluster_creator_admin_permission
+  enabled_cluster_log_types                  = var.enabled_cluster_log_types
+  endpoint_private_access                    = var.endpoint_private_access
+  endpoint_public_access                     = var.endpoint_public_access
+  k8s_version                                = var.k8s_version
+  log_retention_in_days                      = var.log_retention_in_days
+  name                                       = module.cluster_name.full
+  private_subnet_ids                         = module.network.private_subnet_ids
+  public_subnet_ids                          = module.network.public_subnet_ids
+  tags                                       = var.tags
+  vpc                                        = module.network.vpc
 
   depends_on = [module.node_role]
 }

diff --git a/aws/cluster/modules/eks-cluster/main.tf b/aws/cluster/modules/eks-cluster/main.tf
@@ -9,6 +9,11 @@ resource "aws_eks_cluster" "this" {
   tags                      = var.tags
   version                   = var.k8s_version
 
+  access_config {
+    authentication_mode                         = var.auth_mode
+    bootstrap_cluster_creator_admin_permissions = var.bootstrap_cluster_creator_admin_permission
+  }
+
   vpc_config {
     security_group_ids      = [aws_security_group.control_plane.id]
     subnet_ids              = concat(var.private_subnet_ids, var.public_subnet_ids)

diff --git a/aws/cluster/modules/eks-cluster/variables.tf b/aws/cluster/modules/eks-cluster/variables.tf
@@ -1,3 +1,14 @@
+variable "auth_mode" {
+  type        = string
+  description = "Authentiation mode associated with the cluster Access config"
+  default     = "API_AND_CONFIG_MAP"
+}
+variable "bootstrap_cluster_creator_admin_permission" {
+  type        = bool
+  description = "Bootstrap access config values to the cluster"
+  default     = false
+}
+
 variable "enabled_cluster_log_types" {
   type        = list(string)
   default     = ["api", "audit"]