Supports toggling eks auto mode on and off

lorengordon · lorengordon · commit 9b1bf2a0a243 · 2025-02-22T08:43:05.000-08:00
The API has a number of constraints that make this a litle difficult, but it does work. 1. The node_role_arn cannot be changed without recreating the cluster. This is an API limitation, not a terraform provider bug. https://docs.aws.amazon.com/eks/latest/APIReference/API_ComputeConfigRequest.html 2. If node_pools is not empty, then the node_role_arn *must* be provided. 3. If the node_role_arn is provided, then node_pools must not be empty! If you enable Auto Mode and set node_pools to a non-empty value, which requires setting node_role_arn, you cannot later change node_pools to an empty value, unless you also unset the node_role_arn. But if you unset the node_role_arn, then the cluster will be recreated due to the first point above. So, we *can* support disabling auto-mode without recreating a cluster, but only if node_pools is not empty and if node_role_arn does not change. Fixes terraform-aws-modules#3273
diff --git a/examples/eks-auto-mode/main.tf b/examples/eks-auto-mode/main.tf
@@ -38,6 +38,10 @@ module "eks" {
 
   enable_cluster_creator_admin_permissions = true
 
+  # Set `bootstrap_self_managed_addons` to false to support disabling auto mode,
+  # without recreating the cluster
+  bootstrap_self_managed_addons = false
+
   cluster_compute_config = {
     enabled    = true
     node_pools = ["general-purpose"]
diff --git a/main.tf b/main.tf
@@ -57,8 +57,8 @@ resource "aws_eks_cluster" "this" {
 
     content {
       enabled       = local.auto_mode_enabled
-      node_pools    = local.auto_mode_enabled ? try(compute_config.value.node_pools, []) : null
-      node_role_arn = local.auto_mode_enabled && length(try(compute_config.value.node_pools, [])) > 0 ? try(compute_config.value.node_role_arn, aws_iam_role.eks_auto[0].arn, null) : null
+      node_pools    = try(compute_config.value.node_pools, [])
+      node_role_arn = length(try(compute_config.value.node_pools, [])) > 0 ? try(compute_config.value.node_role_arn, aws_iam_role.eks_auto[0].arn, null) : null
     }
   }
 
@@ -848,7 +848,7 @@ resource "aws_eks_identity_provider_config" "this" {
 ################################################################################
 
 locals {
-  create_node_iam_role = local.create && var.create_node_iam_role && local.auto_mode_enabled
+  create_node_iam_role = local.create && var.create_node_iam_role
   node_iam_role_name   = coalesce(var.node_iam_role_name, "${var.cluster_name}-eks-auto")
 }
 

Original file line number	Diff line number	Diff line change
`@@ -57,8 +57,8 @@ resource "aws_eks_cluster" "this" {`
`57`	`57`
`58`	`58`	`content {`
`59`	`59`	`enabled = local.auto_mode_enabled`
`60`		`- node_pools = local.auto_mode_enabled ? try(compute_config.value.node_pools, []) : null`
`61`		`- node_role_arn = local.auto_mode_enabled && length(try(compute_config.value.node_pools, [])) > 0 ? try(compute_config.value.node_role_arn, aws_iam_role.eks_auto[0].arn, null) : null`
	`60`	`+ node_pools = try(compute_config.value.node_pools, [])`
	`61`	`+ node_role_arn = length(try(compute_config.value.node_pools, [])) > 0 ? try(compute_config.value.node_role_arn, aws_iam_role.eks_auto[0].arn, null) : null`
`62`	`62`	`}`
`63`	`63`	`}`
`64`	`64`
`@@ -848,7 +848,7 @@ resource "aws_eks_identity_provider_config" "this" {`
`848`	`848`	`################################################################################`
`849`	`849`
`850`	`850`	`locals {`
`851`		`- create_node_iam_role = local.create && var.create_node_iam_role && local.auto_mode_enabled`
	`851`	`+ create_node_iam_role = local.create && var.create_node_iam_role`
`852`	`852`	`node_iam_role_name = coalesce(var.node_iam_role_name, "${var.cluster_name}-eks-auto")`
`853`	`853`	`}`
`854`	`854`