Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: String length check needed for aws_iam_role.irsa name in module kubernetes-addons #333

Closed
1 task done
gmirsky opened this issue Mar 11, 2022 · 4 comments · Fixed by #764 or #1184
Closed
1 task done
Labels
bug Something isn't working

Comments

@gmirsky
Copy link

gmirsky commented Mar 11, 2022

Welcome to Amazon SSP EKS Accelerator!

  • Yes, I've searched similar issues on GitHub and didn't find any.

Amazon EKS Accelerator Release version

v3.5.0

What is your environment, configuration and the example used?

Terraform v1.1.7

What did you do and What did you see instead?

Cluster name was mri-dbg-gen-566646271983 but the underlying module tried to create a name larger than 64 characters causing the terraform apply to fail. Some sort of length check needs to be implemented for name on line 47.

Error: expected length of name to be in the range (1 - 64), got mri-dbg-gen-566646271983-eks-aws-load-balancer-controller-sa-irsa

   with module.kubernetes-addons.module.aws_load_balancer_controller[0].module.helm_addon.module.irsa[0].aws_iam_role.irsa[0],
   on .terraform\modules\kubernetes-addons\modules\irsa\main.tf line 47, in resource "aws_iam_role" "irsa":
   47:   name        = format("%s-%s-%s", var.addon_context.eks_cluster_id, trim(var.kubernetes_service_account, "-*"), "irsa")

Additional Information

No response

@gmirsky gmirsky added the bug Something isn't working label Mar 11, 2022
@askulkarni2
Copy link
Contributor

Hi @gmirsky, thanks for reporting this issue. I've created an issue for tracking this.

@vara-bonthu
Copy link
Contributor

All the IAM roles and policies are prefixed with EKS Cluster names for better identification and making it unique to the cluster.

We need to add checks for the following resources that cannot exceed 64 characters length

  • EKS Cluster name
  • Managed node_group_name
  • fargate_profile_name
  • IAM Roles names
  • IAM Policy names

@dcarbone
Copy link

dcarbone commented Apr 20, 2022

A counter point to that: allow the name to be configured via a variable.

64 characters is very limiting, especially when the suffix -aws-load-balancer-controller-sa-irsa is always applied and non-configurable.

I am running into a scenario where the eks_cluster_id value can be upwards of 50 characters in length which, when the statically defined 37 character suffix is appended, blows way past the 64 character limit.

I would further argue that it is not this module's place to enforce a naming convention onto its userbase. Suggest one, definitely, but not force.

@sbathgate
Copy link

For visibility, I just ran into this too. After getting everything else configured, I went to add the load-balancer only to discover I have ... 65 characters naturally. If the current format is to continue it would be great to add a check that the eks_cluster_id does not exceed the 25 characters or so limit that would block certain addons.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment