0

Just looking for some clarification if possible..

If we look at the below cluster.yaml for eksctl;

metadata:
  name: blah
  region: blah
  version: blah
managedNodeGroups:
  - name: blah
    instance_type: blah
    blah
    blah
    blah
    iam:
      withAddonPolicies:
        appMesh: true
        xray: true

I'm not using this to build the cluster, it's being built using Terraform.. but I'm looking for clarification as to how to apply the addon policies using TF? Is it simply using the aws_eks_addon resource?

So would it simply look like:

resource "aws_eks_addon" "xray" {
  cluster_name = aws_eks_cluster.example.name
  addon_name   = "xray"
}

Am I barking up the right tree?

TIA

ydaetskcoR
  • 53,225
  • 8
  • 158
  • 177
jonnybinthemix
  • 637
  • 1
  • 9
  • 29
  • Have you looked at https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon? Are you having any specific issues? If so could you edit your question to explain what problems you're having there please? – ydaetskcoR Jun 07 '21 at 13:41
  • I've looked at it, yes. I guess my question boils down to.. is an EKS Addon the same thing as an IAM Addon Policy? – jonnybinthemix Jun 07 '21 at 13:44
  • It's not clear where you are getting that cluster.yaml file from. Could you link to the source? – ydaetskcoR Jun 07 '21 at 14:21
  • It's just a yaml file to be used with eksctl, I believe it came from an appMesh example. – jonnybinthemix Jun 08 '21 at 06:18

1 Answers1

1

The nodeGroups.iam.withAddonPolicies in the eksctl YAML files is about adding extra IAM policies to a specified node group.

In your example in the question it's creating a managed node group with extra IAM policies allowing the nodes in the node group to use AWS App Mesh and X-Ray.

Cluster add-ons, on the other hand, add extra components to your cluster as a managed service. These would normally be deployed as a deployment via kubectl or helm etc and creates pods on your cluster to manage specific things. Currently this is limited to running CoreDNS, the VPC CNI plugin and kube-proxy so you wouldn't be able to apply your Terraform example as there is no xray cluster add-on.

ydaetskcoR
  • 53,225
  • 8
  • 158
  • 177