Skip to content

Commit

Permalink
chore(eks): improve the doc on updating clusters (#29283)
Browse files Browse the repository at this point in the history
### Issue # (if applicable)

As described in #29282 , when renaming the cluster, an additional temporary IAM policy will be required. I am proposing the doc update to clarify this with this PR.

Closes #29282 #24174

### Reason for this change

To address this use case.

### Description of changes



### Description of how you validated changes



### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
pahud authored Feb 27, 2024
1 parent ccb07d0 commit 1f30b5d
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions packages/aws-cdk-lib/aws-eks/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ In addition, the library also supports defining Kubernetes resource manifests wi
- [Node Groups with IPv6 Support](#node-groups-with-ipv6-support)
- [Spot Instances Support](#spot-instances-support)
- [Launch Template Support](#launch-template-support)
- [Update clusters](#update-clusters)
- [Fargate profiles](#fargate-profiles)
- [Self-managed nodes](#self-managed-nodes)
- [Spot Instances](#spot-instances)
Expand Down Expand Up @@ -366,6 +367,29 @@ You may specify one `instanceType` in the launch template or multiple `instanceT
Graviton 2 instance types are supported including `c6g`, `m6g`, `r6g` and `t4g`.
Graviton 3 instance types are supported including `c7g`.

### Update clusters

When you rename the cluster name and redeploy the stack, the cluster replacement will be triggered and
the existing one will be deleted after the new one is provisioned. As the cluster resource ARN has been changed,
the cluster resource handler would not be able to delete the old one as the resource ARN in the IAM policy
has been changed. As a workaround, you need to add a temporary policy to the cluster admin role for
successful replacement. Consider this example if you are renaming the cluster from `foo` to `bar`:

```ts
const cluster = new eks.Cluster(this, 'cluster-to-rename', {
clusterName: 'foo', // rename this to 'bar'
version: eks.KubernetesVersion.V1_29,
});

// allow the cluster admin role to delete the cluster 'foo'
cluster.adminRole.addToPolicy(new iam.PolicyStatement({
actions: ['eks:DeleteCluster'],
resources: [
Stack.of(this).formatArn({ service: 'eks', resource: 'cluster', resourceName: 'foo' }),
]
}))
```

### Fargate profiles

AWS Fargate is a technology that provides on-demand, right-sized compute
Expand Down

0 comments on commit 1f30b5d

Please sign in to comment.