New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate ssh.enableSsm
and disallow enabling it
#3989
Conversation
a0aefae
to
06005bb
Compare
The link checker check is failing because gopherize.me is returning a 500. |
if ng.SSH != nil { | ||
if enableSSM := ng.SSH.EnableSSM; enableSSM != nil { | ||
if !*enableSSM { | ||
return errors.New("SSM agent is now built into EKS AMIs and cannot be disabled") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it can be disabled by using a custom AMI right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question. The SSM policy will always be added to the node role now, including for custom AMIs, just like we add certain default policies like the CNI plugin policy (if withOIDC
is not set), but it can be disabled/overridden by providing attachPolicyARNs
.
Description
SSM is now enabled by default and cannot be disabled.
Closes #3882
TODO:
Checklist
README.md
, or theuserdocs
directory)area/nodegroup
) and kind (e.g.kind/improvement
)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 馃く