Support new authentication_mode config for eks_cluster

[z0rc]

Describe the Feature

https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/ and https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#authentication-modes

Upcoming terraform-provider-aws v5.33.0, see hashicorp/terraform-provider-aws#35037

Expected Behavior

Module should allow setting cluster's access_config and adding associations via aws_eks_access_entry and aws_eks_access_policy_association.

Use Case

Preserving sanity by not having to deal with aws-auth ConfigMap.

Describe Ideal Solution

Ideally there should be a way for existing cluster/state to migrate from authentication_mode = "CONFIGMAP" to authentication_mode = "API"

Alternatives Considered

Not using this module.

Additional Context

No response

[Nuru]

Yes, we have been awaiting this capability for a long time. That said, we might defer a little bit, waiting for the enhancement expected in v5.34.0 next week.

Note

UPDATE: We are actively working on this. Currently bothered by this issue which can cause clusters to get destroyed and recreated in the upgrade process.

It appears the upgrade path will have at least one manual step.

My preference is for us to entirely drop the ConfigMap support, though we probably will have to allow for API_AND_CONFIG_MAP.

We will need to work through a lot of scenarios to make sure we can give everyone a smooth upgrade path and don't break things in the process. Please have patience.

[Nuru]

@z0rc Please try v4.0.0-rc1 (#206) and let us know what you think.

Note: at present, v4.0.0-rc1 is not available via the Terraform registry. Use a git ref instead:

source = "github.com/cloudposse/terraform-aws-eks-cluster?ref=v4.0.0-rc1"