From 6ab34f3d9e276c7ed66fda7521e4f9bf37fdd0b4 Mon Sep 17 00:00:00 2001
From: Michael Beaumont <mjboamail@gmail.com>
Date: Tue, 21 Jul 2020 15:34:13 +0200
Subject: [PATCH 1/3] Don't replace service account with update-aws-node

---
 pkg/addons/default/aws_node.go      | 12 ++++++++++++
 pkg/addons/default/aws_node_test.go |  6 +++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/pkg/addons/default/aws_node.go b/pkg/addons/default/aws_node.go
index 757418ddd0..78cac629f5 100644
--- a/pkg/addons/default/aws_node.go
+++ b/pkg/addons/default/aws_node.go
@@ -76,6 +76,18 @@ func UpdateAWSNode(rawClient kubernetes.RawClientInterface, region string, plan
 			continue
 		}
 
+		// Leave service account if it exists
+		// to avoid overwriting annotations
+		if resource.GVK.Kind == "ServiceAccount" {
+			_, exists, err := resource.Get()
+			if err != nil {
+				return false, err
+			}
+			if exists {
+				continue
+			}
+		}
+
 		status, err := resource.CreateOrReplace(plan)
 		if err != nil {
 			return false, err
diff --git a/pkg/addons/default/aws_node_test.go b/pkg/addons/default/aws_node_test.go
index e3c2cf785d..7486061dec 100644
--- a/pkg/addons/default/aws_node_test.go
+++ b/pkg/addons/default/aws_node_test.go
@@ -3,6 +3,7 @@ package defaultaddons_test
 import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega/gstruct"
 
 	. "github.com/weaveworks/eksctl/pkg/addons/default"
 
@@ -56,7 +57,10 @@ var _ = Describe("default addons - aws-node", func() {
 
 			_, err := UpdateAWSNode(rawClient, "eu-west-1", false)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(rawClient.Collection.UpdatedItems()).To(HaveLen(4))
+			Expect(rawClient.Collection.UpdatedItems()).To(HaveLen(3))
+			Expect(rawClient.Collection.UpdatedItems()).ToNot(ContainElement(PointTo(MatchFields(IgnoreMissing|IgnoreExtras, Fields{
+				"TypeMeta": MatchFields(IgnoreMissing|IgnoreExtras, Fields{"Kind": Equal("ServiceAccount")}),
+			}))))
 			Expect(rawClient.Collection.CreatedItems()).To(HaveLen(10))
 
 			rawClient.ClientSetUseUpdatedObjects = true // for verification of updated objects

From 22890e9a7b31f73413b8b28ecc35ae5922027938 Mon Sep 17 00:00:00 2001
From: Michael Beaumont <mjboamail@gmail.com>
Date: Tue, 21 Jul 2020 16:33:43 +0200
Subject: [PATCH 2/3] Slight refactor of UpdateAWSNode

---
 pkg/addons/default/aws_node.go | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/pkg/addons/default/aws_node.go b/pkg/addons/default/aws_node.go
index 78cac629f5..ae0e6d367d 100644
--- a/pkg/addons/default/aws_node.go
+++ b/pkg/addons/default/aws_node.go
@@ -45,7 +45,8 @@ func UpdateAWSNode(rawClient kubernetes.RawClientInterface, region string, plan
 		if err != nil {
 			return false, err
 		}
-		if resource.GVK.Kind == "DaemonSet" {
+		switch resource.GVK.Kind {
+		case "DaemonSet":
 			daemonSet, ok := resource.Info.Object.(*appsv1.DaemonSet)
 			if !ok {
 				return false, fmt.Errorf("expected type %T; got %T", &appsv1.Deployment{}, resource.Info.Object)
@@ -67,18 +68,16 @@ func UpdateAWSNode(rawClient kubernetes.RawClientInterface, region string, plan
 			if err != nil {
 				return false, err
 			}
-		}
-
-		if resource.GVK.Kind == "CustomResourceDefinition" && plan {
-			// eniconfigs.crd.k8s.amazonaws.com CRD is only partially defined in the
-			// manifest, and causes a range of issue in plan mode, we can skip it
-			logger.Info(resource.LogAction(plan, "replaced"))
-			continue
-		}
-
-		// Leave service account if it exists
-		// to avoid overwriting annotations
-		if resource.GVK.Kind == "ServiceAccount" {
+		case "CustomResourceDefinition":
+			if plan {
+				// eniconfigs.crd.k8s.amazonaws.com CRD is only partially defined in the
+				// manifest, and causes a range of issue in plan mode, we can skip it
+				logger.Info(resource.LogAction(plan, "replaced"))
+				continue
+			}
+		case "ServiceAccount":
+			// Leave service account if it exists
+			// to avoid overwriting annotations
 			_, exists, err := resource.Get()
 			if err != nil {
 				return false, err

From d1cffe689b3ded46332eb3849c65f4fcb085441c Mon Sep 17 00:00:00 2001
From: Michael Beaumont <mjboamail@gmail.com>
Date: Tue, 21 Jul 2020 16:37:26 +0200
Subject: [PATCH 3/3] Add log message when skipping service account

---
 pkg/addons/default/aws_node.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/addons/default/aws_node.go b/pkg/addons/default/aws_node.go
index ae0e6d367d..fb92ce3c51 100644
--- a/pkg/addons/default/aws_node.go
+++ b/pkg/addons/default/aws_node.go
@@ -83,6 +83,7 @@ func UpdateAWSNode(rawClient kubernetes.RawClientInterface, region string, plan
 				return false, err
 			}
 			if exists {
+				logger.Info(resource.LogAction(plan, "skipped existing"))
 				continue
 			}
 		}