Support for "early" cluster_addons (vpc-cni with ENABLE_PREFIX_DELEGATION)

[gw0]

Is your request related to a new offering from AWS?

Yes

Is your request related to a problem? Please describe.

As described on EKS Cluster w/ Prefix Delegation (#2155), the vpc-cni is a special cluster addon that needs to be configured before any EC2 instances (node groups) are created. If you naively apply it like this but without vpc_cni_irsa, initial nodes have a different configuration than later ones.

The recommended workaround is to configure the aws_eks_addon vpc-cni separately without the the depends_on directive.

Describe the solution you'd like.

To generalize it seems there are "early" and "normal" cluster_addons, some need to be applied before node groups are created other ones after. It would therefore be a trivial change to improve the Terraform module UX by changing the following depends_on directive:

• https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/main.tf#L397-L401

By introducing local.early_cluster_addons = ["vpc-cni"] and using:

  depends_on = contains(local.early_cluster_addons, each.key) ? [] : [
    module.fargate_profile,
    module.eks_managed_node_group,
    module.self_managed_node_group,
  ]

Or by introducing an apply_early option for cluster_addons and using:

  depends_on = each.value.apply_early ? [] : [
    module.fargate_profile,
    module.eks_managed_node_group,
    module.self_managed_node_group,
  ]

[antonbabenko]

This issue has been resolved in version 19.9.0 🎉

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.