CLI Flag for KMS Encryption

[trevorrobertsjr]

Before creating a feature request, please search existing feature requests to see if you find a similar one. If there is a similar feature request please up-vote it and/or add your comments to it instead

Why do you want this feature?
It would be helpful to users if the CLI has feature parity compared to using a YAML file when enabling KMS encryption during cluster creation.
I checked the create_cluster.go, the cluster.go, and the cmdutils.go files, but neither have a reference to this functionality.

What feature/behavior/change do you want?
Ideally, the CLI flag (ex: --secretsencryption) would have two behaviors:

1. if no KMS ARN is specified, eksctl creates a KMS key and uses it as the input parameter to the EKS cluster creation.
   eksctl create cluster --name=mycluster --nodes=3 --managed --secretsencryption

2. If the user specifies the KMS ARN, use that KMS key as the input parameter to the EKS cluster creation.
   eksctl create cluster --name=mycluster --nodes=3 --managed --secretsencryption=myARN

[martina-if]

Hi @trevorrobertsjr, thank you for reporting this use case. When designing eksctl we follow the convention that advanced features exist only in the config file so there won't be feature parity between CLI flags and the config file by design. The main reason for this is that we aim to keep a clean and simple UX and adding all the flags would be overwhelming.

In addition, we want to promote the use of config files as best practices for managing clusters so I would like to encourage you to try it out :)