Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[aws-eks] Can we remove the use of {cluster resource,kubectl} provider completely if the situation is changed?

See original GitHub issue

❓ General Issue

This is a summary of my understandings and questions about why we don’t use CfnCluster directly, and whether it’ll be forever like this. Correct me if I’m wrong. Thanks.

If I understand correctly, the following issues are major reasons why we have {cluster resource,kubectl} providers.

  1. EKS RBAC is tied to who created the cluster:
  2. CF doesn’t support some features that REST supports(?)

So we use a cluster resource provider to delegate the creation/management of a EKS cluster. We have 2 roles so far:

  • adminRole( == kubectlRole): Creates and manage EKS cluster, and issues kubectl command. For CF to automation. Cannot be changed.
  • mastersRole: For users. Users assume this. Can be chagned.

Quickstart Amazon EKS takes similar approach for this, but with custom AWSQS::EKS::Cluster type: (I feel like re:inventing wheels around the limitations, not fixing the core problem. It looks like it would support import since it implements update handler, but more complex. Why it isn’t public/upstream?)

The Question

  1. Would it be possible if situations changed? What if we have AdminRole option? What if we have EKS API to manage IAM permissions to a cluster? Even if without the fix, what if new eks.Cluster() spawns a nested stack that has a cloudFormationExecutionRoleArn: adminRole? Or can we put AWS::EKS::Cluster directly on our stack, and delegate only unsupported options such as endpointPrivateAccess?

  2. If all the restrictions are gone, so all the providers become obsolete, how do we migrate after that? Would it be simply setting the deletion policy to Retain and importing them to the main stack?


Other information

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

foriequal0commented, Dec 14, 2020

I understand that. Thank you for replying the question 😃

github-actions[bot]commented, Dec 14, 2020


Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Deleting an Amazon EKS cluster - AWS Documentation
You can delete a cluster with eksctl , the AWS Management Console, or the AWS CLI. Select the tab with the name of...
Read more >
Deregistering a cluster - Amazon EKS - AWS Documentation
If you are finished using a connected cluster, you can deregister it. After it's deregistered, the cluster is no longer visible in the...
Read more >
What is Amazon EKS? - Amazon EKS
Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install,...
Read more >
Backup and restore your Amazon EKS cluster resources ...
In this blog post, we will focus on how to use Velero to back up, restore, and migrate your Amazon EKS cluster resources...
Read more >
Troubleshoot the API server endpoint of an Amazon EKS ...
You can 't run kubectl commands on the cluster after you change the endpoint access from public to private; Your cluster is stuck...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found