-
Notifications
You must be signed in to change notification settings - Fork 295
Move IAMRoleWorker definition from network stack to node pool stack #1521
Move IAMRoleWorker definition from network stack to node pool stack #1521
Conversation
kube-aws fails to delete a node pool from stack because of IAMRoleWorker definitions in network stack. This commit fixes it by moving the definition from network stack to node pool stacks. Closes kubernetes-retired#1518
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Codecov Report
@@ Coverage Diff @@
## master #1521 +/- ##
=======================================
Coverage 25.46% 25.46%
=======================================
Files 97 97
Lines 5003 5003
=======================================
Hits 1274 1274
Misses 3582 3582
Partials 147 147 Continue to review full report at Codecov.
|
Hi many thanks for looking into this issue. One question, what happens for the users that have deployed already with the IAMRoleWorker in their network stacks? What does the migration look like? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey! You've done a great job fixing this!
To be clear this unfortunately breaks the aws-iam-authenticaator support for kubelet auth, but I think we have no easy fix for that. Perhaps we should update the authenticator config via a k8s pod that fetches all the worker roles? But that's an another story.
LGTM. Thanks again for your contribution
@davidmccormick Oops, I missed your comment. I haven't actually tried it yet but I didn't taken so much care because it affects users who created clusters with the kube-aws built manually from the master after #1490. But anyway, it should fail due to the network stack trying to delete the worker roles already referenced by the worker stacks. We'd need to retain the worker role definition and outputs, exports in the network stack to enable that upgrade path. |
…ubernetes-retired#1521) kube-aws fails to delete a node pool from stack because of IAMRoleWorker definitions in network stack. This commit fixes it by moving the definition from network stack to node pool stacks. Closes kubernetes-retired#1518
kube-aws fails to delete a node pool from stack because of
IAMRoleWorker definitions in network stack. This commit fixes it by
moving the definition from network stack to node pool stacks.
Closes #1518