diff --git a/CHANGELOG.md b/CHANGELOG.md index e1ade17..a5864e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ project adheres to [Semantic Versioning](http://semver.org/). - Updated minimum version of Terraform to avoid a bug (by @dpiddockcmp) - Fix cluster_oidc_issuer_url output from list to string (by @chewvader) - Fix idempotency issues for node groups with no remote_access configuration (by @jeffmhastings) +- Fix aws-auth config map for managed node groups (by @wbertelsen) - Added support to create IAM OpenID Connect Identity Provider to enable EKS Identity Roles for Service Accounts (IRSA). (by @alaa) - Adding node group iam role arns to outputs. (by @mukgupta) - **Breaking:** Change logic of security group whitelisting. Will always whitelist worker security group on control plane security group either provide one or create new one. See Important notes below for upgrade notes (by @ryanooi) diff --git a/aws_auth.tf b/aws_auth.tf index aabf6fd..f72654d 100644 --- a/aws_auth.tf +++ b/aws_auth.tf @@ -42,6 +42,16 @@ data "template_file" "worker_role_arns" { } } +data "template_file" "node_group_arns" { + count = var.create_eks ? local.worker_group_managed_node_group_count : 0 + template = file("${path.module}/templates/worker-role.tpl") + + vars = { + worker_role_arn = lookup(var.node_groups[count.index], "iam_role_arn", aws_iam_role.node_groups[0].arn) + platform = "linux" # Hardcoded because the EKS API currently only supports linux for managed node groups + } +} + resource "kubernetes_config_map" "aws_auth" { count = var.create_eks && var.manage_aws_auth ? 1 : 0 @@ -51,11 +61,12 @@ resource "kubernetes_config_map" "aws_auth" { } data = { - mapRoles = <