feat: Add support for pod identity association on EKS addons (#3203)

2026-03-19 07:53:46 +01:00 · 2024-11-08 21:56:56 +00:00
parent d2e6262188
commit a224334fc8
23 changed files with 97 additions and 39 deletions
--- a/tests/eks-managed-node-group/main.tf
+++ b/tests/eks-managed-node-group/main.tf
@@ -45,6 +45,10 @@ module "eks" {
    coredns = {
      most_recent = true
    }
+    eks-pod-identity-agent = {
+      before_compute = true
+      most_recent    = true
+    }
    kube-proxy = {
      most_recent = true
    }
@@ -58,6 +62,10 @@ module "eks" {
          WARM_PREFIX_TARGET       = "1"
        }
      })
+      pod_identity_association = [{
+        role_arn        = module.aws_vpc_cni_ipv6_pod_identity.iam_role_arn
+        service_account = "aws-node"
+      }]
    }
  }

@@ -366,8 +374,7 @@ module "eks" {
  access_entries = {
    # One access entry with a policy associated
    ex-single = {
-      kubernetes_groups = []
-      principal_arn     = aws_iam_role.this["single"].arn
+      principal_arn = aws_iam_role.this["single"].arn

      policy_associations = {
        single = {
@@ -382,8 +389,7 @@ module "eks" {

    # Example of adding multiple policies to a single access entry
    ex-multiple = {
-      kubernetes_groups = []
-      principal_arn     = aws_iam_role.this["multiple"].arn
+      principal_arn = aws_iam_role.this["multiple"].arn

      policy_associations = {
        ex-one = {
@@ -489,6 +495,18 @@ module "vpc" {
  tags = local.tags
 }

+module "aws_vpc_cni_ipv6_pod_identity" {
+  source  = "terraform-aws-modules/eks-pod-identity/aws"
+  version = "~> 1.6"
+
+  name = "aws-vpc-cni-ipv6"
+
+  attach_aws_vpc_cni_policy = true
+  aws_vpc_cni_enable_ipv6   = true
+
+  tags = local.tags
+}
+
 module "ebs_kms_key" {
  source  = "terraform-aws-modules/kms/aws"
  version = "~> 2.1"