Revert "Fix failure when VPC CNI is configured to use both iam.withOIDC and useDefaultPodIdentityAssociations"

dims · dims · commit be999ef19a35 · 2025-02-28T06:14:29.000-05:00
This reverts commit 93ba3bc. Signed-off-by: Davanum Srinivas <davanum@gmail.com>
diff --git a/pkg/actions/addon/tasks.go b/pkg/actions/addon/tasks.go
@@ -18,7 +18,7 @@ import (
 	"github.com/weaveworks/eksctl/pkg/utils/tasks"
 )
 
-func CreateAddonTasks(ctx context.Context, cfg *api.ClusterConfig, clusterProvider *eks.ClusterProvider, iamRoleCreator IAMRoleCreator, podIdentityIAMUpdater PodIdentityIAMUpdater, forceAll bool, timeout time.Duration, region string) (*tasks.TaskTree, *tasks.TaskTree, *tasks.GenericTask, []string) {
+func CreateAddonTasks(ctx context.Context, cfg *api.ClusterConfig, clusterProvider *eks.ClusterProvider, iamRoleCreator IAMRoleCreator, forceAll bool, timeout time.Duration, region string) (*tasks.TaskTree, *tasks.TaskTree, *tasks.GenericTask, []string) {
 	var addons []*api.Addon
 	var autoDefaultAddonNames []string
 	if !cfg.AddonsConfig.DisableDefaultAddons {
@@ -97,7 +97,7 @@ func CreateAddonTasks(ctx context.Context, cfg *api.ClusterConfig, clusterProvid
 				if err := addonManager.waitForAddonToBeActive(ctx, &api.Addon{Name: api.VPCCNIAddon}, api.DefaultWaitTimeout); err != nil {
 					return fmt.Errorf("waiting for %q to become active: %w", api.VPCCNIAddon, err)
 				}
-				return addonManager.Update(ctx, vpcCNIAddon, podIdentityIAMUpdater, clusterProvider.AWSProvider.WaitTimeout())
+				return addonManager.Update(ctx, vpcCNIAddon, nil, clusterProvider.AWSProvider.WaitTimeout())
 			},
 		}
 	}
@@ -174,11 +174,24 @@ func (t *createAddonTask) Do(errorCh chan error) error {
 
 func createAddonManager(ctx context.Context, clusterProvider *eks.ClusterProvider, cfg *api.ClusterConfig) (*Manager, error) {
 	var (
-		oidc *iamoidc.OpenIDConnectManager
+		oidc               *iamoidc.OpenIDConnectManager
+		oidcProviderExists bool
 	)
+	if api.IsEnabled(cfg.IAM.WithOIDC) {
+		var err error
+		oidc, err = clusterProvider.NewOpenIDConnectManager(ctx, cfg)
+		if err != nil {
+			return nil, err
+		}
+		oidcProviderExists, err = oidc.CheckProviderExists(ctx)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	stackManager := clusterProvider.NewStackManager(cfg)
 
-	return New(cfg, clusterProvider.AWSProvider.EKS(), stackManager, api.IsEnabled(cfg.IAM.WithOIDC), oidc, func() (kubernetes.Interface, error) {
+	return New(cfg, clusterProvider.AWSProvider.EKS(), stackManager, oidcProviderExists, oidc, func() (kubernetes.Interface, error) {
 		return clusterProvider.NewStdClientSet(cfg)
 	})
 }
diff --git a/pkg/ctl/create/cluster.go b/pkg/ctl/create/cluster.go
@@ -352,19 +352,7 @@ func doCreateCluster(cmd *cmdutils.Cmd, ngFilter *filter.NodeGroupFilter, params
 		ClusterName:  cfg.Metadata.Name,
 		StackCreator: stackManager,
 	}
-	piaUpdater := &addon.PodIdentityAssociationUpdater{
-		ClusterName: cmd.ClusterConfig.Metadata.Name,
-		IAMRoleCreator: &podidentityassociation.IAMRoleCreator{
-			ClusterName:  cmd.ClusterConfig.Metadata.Name,
-			StackCreator: stackManager,
-		},
-		IAMRoleUpdater: &podidentityassociation.IAMRoleUpdater{
-			StackUpdater: stackManager,
-		},
-		EKSPodIdentityDescriber: ctl.AWSProvider.EKS(),
-		StackDeleter:            stackManager,
-	}
-	preNodegroupAddons, postAddons, updateVPCCNITask, autoDefaultAddons := addon.CreateAddonTasks(ctx, cfg, ctl, iamRoleCreator, piaUpdater, true, cmd.ProviderConfig.WaitTimeout, meta.Region)
+	preNodegroupAddons, postAddons, updateVPCCNITask, autoDefaultAddons := addon.CreateAddonTasks(ctx, cfg, ctl, iamRoleCreator, true, cmd.ProviderConfig.WaitTimeout, meta.Region)
 	if len(autoDefaultAddons) > 0 {
 		logger.Info("default addons %s were not specified, will install them as EKS addons", strings.Join(autoDefaultAddons, ", "))
 	}
