'Replicate eksctl cluster creation with OIDC
I'd like to recreate this functionality in CDK
eksctl create cluster \
--name <<cluster-name>> \
--region <<region>> \
--with-oidc \
--nodes=3
My cdk cluster creation looks like this (in python)
cluster = eks.Cluster(
self, "my-cluster",
cluster_name="my-cluster",
version=eks.KubernetesVersion.V1_21,
)
When I try to add an iamserviceaccount to the cluster I get this error
Error: unable to create iamserviceaccount(s) without IAM OIDC provider enabled
I then have to add OIDC via eksctl, but I'd like to be able to do it in CDK, I couldn't find anything in the documentation to help me do this, was wondering if anyone had some advice?
Solution 1:[1]
In TypeScript you can do something like this:
new OpenIdConnectProvider(this, 'OidcProvider', {
url: this.cluster.clusterOpenIdConnectIssuerUrl
});
and then you should be able to deal with the IAM roles. Here, the OpenIdConnectProvider is the one from the aws-eks package, not the aws-iam package.
Solution 2:[2]
I ended up specifying an alb_controller in the cluster definition, and this automatically created the oidc provider in IAM.
cluster = eks.Cluster(
self, "my-cluster",
cluster_name="my-cluster",
version=eks.KubernetesVersion.V1_21,
alb_controller={
"version": eks.AlbControllerVersion.V2_3_1,
}
)
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Thomas Krause |
| Solution 2 | h33 |