Replicate eksctl cluster creation with OIDC

Question

I'd like to recreate this functionality in CDK

eksctl create cluster \
    --name <<cluster-name>> \
    --region <<region>> \
    --with-oidc \
    --nodes=3

My cdk cluster creation looks like this (in python)

cluster = eks.Cluster(
            self, "my-cluster",
            cluster_name="my-cluster",
            version=eks.KubernetesVersion.V1_21,
        )

When I try to add an iamserviceaccount to the cluster I get this error

Error: unable to create iamserviceaccount(s) without IAM OIDC provider enabled

I then have to add OIDC via eksctl, but I'd like to be able to do it in CDK, I couldn't find anything in the documentation to help me do this, was wondering if anyone had some advice?

score 0 · Answer 1 · answered Mar 28 '22 at 09:04

In TypeScript you can do something like this:

new OpenIdConnectProvider(this, 'OidcProvider', {
    url: this.cluster.clusterOpenIdConnectIssuerUrl
});

and then you should be able to deal with the IAM roles. Here, the OpenIdConnectProvider is the one from the aws-eks package, not the aws-iam package.

score 0 · Answer 2 · answered Mar 28 '22 at 22:41

I ended up specifying an alb_controller in the cluster definition, and this automatically created the oidc provider in IAM.

cluster = eks.Cluster(
    self, "my-cluster",
    cluster_name="my-cluster",
    version=eks.KubernetesVersion.V1_21,
    alb_controller={
        "version": eks.AlbControllerVersion.V2_3_1,
    }
)

Replicate eksctl cluster creation with OIDC

2 Answers2