feat: Add support for pod identity association on EKS addons (#3203)

2026-03-17 23:13:46 +01:00 · 2024-11-08 21:56:56 +00:00
parent d2e6262188
commit a224334fc8
23 changed files with 97 additions and 39 deletions
--- a/tests/self-managed-node-group/README.md
+++ b/tests/self-managed-node-group/README.md
@@ -18,18 +18,19 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.74 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.75 |

 ## Providers

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.74 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.75 |

 ## Modules

 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_aws_vpc_cni_ipv4_pod_identity"></a> [aws\_vpc\_cni\_ipv4\_pod\_identity](#module\_aws\_vpc\_cni\_ipv4\_pod\_identity) | terraform-aws-modules/eks-pod-identity/aws | ~> 1.6 |
 | <a name="module_disabled_self_managed_node_group"></a> [disabled\_self\_managed\_node\_group](#module\_disabled\_self\_managed\_node\_group) | ../../modules/self-managed-node-group | n/a |
 | <a name="module_ebs_kms_key"></a> [ebs\_kms\_key](#module\_ebs\_kms\_key) | terraform-aws-modules/kms/aws | ~> 2.0 |
 | <a name="module_eks"></a> [eks](#module\_eks) | ../.. | n/a |
--- a/tests/self-managed-node-group/main.tf
+++ b/tests/self-managed-node-group/main.tf
@@ -41,11 +41,18 @@ module "eks" {
    coredns = {
      most_recent = true
    }
+    eks-pod-identity-agent = {
+      most_recent = true
+    }
    kube-proxy = {
      most_recent = true
    }
    vpc-cni = {
      most_recent = true
+      pod_identity_association = [{
+        role_arn        = module.aws_vpc_cni_ipv4_pod_identity.iam_role_arn
+        service_account = "aws-node"
+      }]
    }
  }

@@ -388,6 +395,18 @@ module "vpc" {
  tags = local.tags
 }

+module "aws_vpc_cni_ipv4_pod_identity" {
+  source  = "terraform-aws-modules/eks-pod-identity/aws"
+  version = "~> 1.6"
+
+  name = "aws-vpc-cni-ipv4"
+
+  attach_aws_vpc_cni_policy = true
+  aws_vpc_cni_enable_ipv4   = true
+
+  tags = local.tags
+}
+
 data "aws_ami" "eks_default" {
  most_recent = true
  owners      = ["amazon"]
--- a/tests/self-managed-node-group/versions.tf
+++ b/tests/self-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.74"
+      version = ">= 5.75"
    }
  }
 }