Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC605: EKS L2 Rewrite #646

Merged
merged 27 commits into from
Dec 10, 2024
Merged

RFC605: EKS L2 Rewrite #646

merged 27 commits into from
Dec 10, 2024

Conversation

xazhao
Copy link
Contributor

@xazhao xazhao commented Oct 29, 2024

This is a request for comments about Rewrite EKS L2 Construct. See #605 for additional details.

APIs are signed off by @iliapolo.


By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache-2.0 license

@xazhao xazhao marked this pull request as ready for review November 4, 2024 06:45
@iliapolo iliapolo self-assigned this Nov 6, 2024
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
@mergify mergify bot dismissed iliapolo’s stale review November 13, 2024 08:17

Pull request has been modified.

text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
@markusl
Copy link
Contributor

markusl commented Dec 3, 2024

Is EKS Auto Mode supported in the new construct?

@xazhao
Copy link
Contributor Author

xazhao commented Dec 3, 2024

Is EKS Auto Mode supported in the new construct?

Yes because EKS Auto Mode is natively supported in CfnCluster L1 resource, there's no blocker to support it in the new construct. We will decide a proper API for EKS Auto Mode and it will be added to the construct as a new feature.

@markusl
Copy link
Contributor

markusl commented Dec 3, 2024

Is EKS Auto Mode supported in the new construct?

Yes because EKS Auto Mode is natively supported in CfnCluster L1 resource, there's no blocker to support it in the new construct. We will decide a proper API for EKS Auto Mode and it will be added to the construct as a new feature.

Thanks! This sounds good. Is there any estimate for the release with Auto Mode?

@xazhao
Copy link
Contributor Author

xazhao commented Dec 3, 2024

Is EKS Auto Mode supported in the new construct?

Yes because EKS Auto Mode is natively supported in CfnCluster L1 resource, there's no blocker to support it in the new construct. We will decide a proper API for EKS Auto Mode and it will be added to the construct as a new feature.

Thanks! This sounds good. Is there any estimate for the release with Auto Mode?

The current estimate is 2025 Q1.

text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Show resolved Hide resolved
Grant Admin Access to an IAM role

```
cluster.grantAdmin('adminAccess', roleArn, eks.AccessScopeType.CLUSTER);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make the second argument here accept an IGrantable and not a string?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this function return something? an AccessEntry maybe?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the access scope argument mandatory? what would be the API for granting admin on a specific namespace?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This API is basically the current grantAccess() with hardcode values: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_eks.Cluster.html#grantwbraccessid-principal-accesspolicies

Can we make the second argument here accept an IGrantable and not a string?

Yes I agree.

Does this function return something? an AccessEntry maybe?

It's the same as current API which is void.

Is the access scope argument mandatory? what would be the API for granting admin on a specific namespace?

Actually I think we should remove the third argument to make grantAdmin() easier to use. So something like:

cluster.grantAdmin('adminAccess', role);

It will add AmazonEKSClusterAdminPolicy to the role. There's also AmazonEKSAdminPolicy which can be applied to a namespace. Have 2 grantAdmin is a bit confusing. Customers can use the general grant method for granting admin on a specific namespace. We can add moregrantXXX() later.

text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
text/0605-eks-rewrite.md Outdated Show resolved Hide resolved
xazhao and others added 8 commits December 3, 2024 22:40
Co-authored-by: Eli Polonsky <epolon@amazon.com>
Co-authored-by: Eli Polonsky <epolon@amazon.com>
Co-authored-by: Eli Polonsky <epolon@amazon.com>
Co-authored-by: Eli Polonsky <epolon@amazon.com>
Co-authored-by: Eli Polonsky <epolon@amazon.com>
Co-authored-by: Eli Polonsky <epolon@amazon.com>
@iliapolo iliapolo added the status/api-approved API Bar Raiser signed-off the API of this RFC label Dec 5, 2024
@xazhao xazhao merged commit 7354379 into main Dec 10, 2024
2 checks passed
@xazhao xazhao deleted the eks-v2 branch December 10, 2024 04:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status/api-approved API Bar Raiser signed-off the API of this RFC
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants