Remove of autoscaling IAM policy related stuff

[max-rocket-internet]

PR o'clock

Description

I think we want to remove the cluster-autoscaler policy from the module. One reason is to reduce complexity but also now that IRSA is GA for EKS, that makes a much more elegant solution.

Checklist

• Change added to CHANGELOG.md. All changes must be added and breaking changes and highlighted
• CI tests are passing
• README.md has been updated after any changes to variables and outputs. See https://github.com/terraform-aws-modules/terraform-aws-eks/#doc-generation

[max-rocket-internet]

@barryib or we just remove the whole lot now? Otherwise it's 2 breaking changes, one setting defaults to false and then another removing the vars and policy?

[barryib]

Can you please update your branch and upgrade to terraform-docs 0.8.1 ?

[barryib]

I think we can remove it and hold the merge for #710

[max-rocket-internet]

OK I think we should just remove it completely in one PR to avoid 2 breaking changes. I've written notes on the release with instructions.

[barryib]

Thanks @max-rocket-internet. Awesome as usual.

[sc250024]

@max-rocket-internet Not to bring up an already merged PR, but why were the ASG tags removed? From your description:

One reason is to reduce complexity but also now that IRSA is GA for EKS, that makes a much more elegant solution.

I understand removing the IAM stuff for complexity, but why does IRSA justify removing the tags from the ASGs? AFAIK, they're still needed for Cluster Autoscaler, no matter what mechanism the pods are using to authenticate with AWS. Did something change in that regard? How would a person keep them if they upgrade to v9.0.0 ?

[max-rocket-internet]

Hey @sc250024

why does IRSA justify removing the tags from the ASGs

The cluster-autoscaler needs some IAM policy and some tags on the ASGs.

Because we stopped managing the IAM policy (because IRSA is better for this) then I think it makes sense to move the cluster-autoscaler tags to the normal method that we already have for tagging ASGs: using worker_groups[]. tags e.g. here

Does that make sense?

[max-rocket-internet]

How would a person keep them if they upgrade to v9.0.0 ?

Just add this to your worker group: https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/examples/irsa/main.tf#L73-L83

[sc250024]

@max-rocket-internet Got it. I was already using IRSA for Cluster Autoscaler before v9.0.0, so I was already creating the IAM policy myself in another way. However, I was using the ASG tags.

Anyway, what you mentioned makes sense now. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.