eks: Add support for enabling / disabling EKS Hybrid Nodes on existing clusters#42928
Merged
ewbankkit merged 5 commits intoAug 25, 2025
Conversation
…g clusters This enhancement allows users to modify remote node and pod network CIDRs without recreating their EKS clusters.. The implementation includes: - Remove ForceNew constraint from remote_network_config fields to allow updates without cluster recreation - Add update logic for remote_node_networks and remote_pod_networks in resourceClusterUpdate - Split expand functions into separate create and update variants to handle different update scenarios - Remove Computed attribute from remote_pod_networks - Add test coverage for remote network config updates including node-only and pod network scenarios - Ensure proper handling of empty network configurations during updates
Contributor
Community GuidelinesThis comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀 Voting for Prioritization
Pull Request Authors
|
github-actions
Bot
added
needs-triage
1 task
justinretzolk
added
enhancement
|
Any progress on this? |
|
Any update on this? |
Contributor
Author
|
we're still awaiting a review from the maintainers, the PR needs more votes to be prioritized. |
github-actions
Bot
added
the
prioritized
ewbankkit
approved these changes
Aug 23, 2025
Contributor
ewbankkit
left a comment
ewbankkit
left a comment
There was a problem hiding this comment.
LGTM 🚀.
% ACCTEST_TIMEOUT=720m make testacc TESTARGS='-run=TestAccEKSCluster_' PKG=eks
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.24.6 test ./internal/service/eks/... -v -count 1 -parallel 20 -run=TestAccEKSCluster_ -timeout 720m -vet=off
2025/08/23 16:56:56 Creating Terraform AWS Provider (SDKv2-style)...
2025/08/23 16:56:56 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN TestAccEKSCluster_basic
=== PAUSE TestAccEKSCluster_basic
=== RUN TestAccEKSCluster_disappears
=== PAUSE TestAccEKSCluster_disappears
=== RUN TestAccEKSCluster_AccessConfig_create
=== PAUSE TestAccEKSCluster_AccessConfig_create
=== RUN TestAccEKSCluster_AccessConfig_update
=== PAUSE TestAccEKSCluster_AccessConfig_update
=== RUN TestAccEKSCluster_BootstrapSelfManagedAddons_update
=== PAUSE TestAccEKSCluster_BootstrapSelfManagedAddons_update
=== RUN TestAccEKSCluster_BootstrapSelfManagedAddons_migrate
=== PAUSE TestAccEKSCluster_BootstrapSelfManagedAddons_migrate
=== RUN TestAccEKSCluster_ComputeConfig_OnCreate
=== PAUSE TestAccEKSCluster_ComputeConfig_OnCreate
=== RUN TestAccEKSCluster_ComputeConfig_OnUpdate
=== PAUSE TestAccEKSCluster_ComputeConfig_OnUpdate
=== RUN TestAccEKSCluster_ComputeConfig_ModifyARN
=== PAUSE TestAccEKSCluster_ComputeConfig_ModifyARN
=== RUN TestAccEKSCluster_ComputeConfig_AddARN
=== PAUSE TestAccEKSCluster_ComputeConfig_AddARN
=== RUN TestAccEKSCluster_Encryption_create
=== PAUSE TestAccEKSCluster_Encryption_create
=== RUN TestAccEKSCluster_Encryption_update
=== PAUSE TestAccEKSCluster_Encryption_update
=== RUN TestAccEKSCluster_Encryption_versionUpdate
=== PAUSE TestAccEKSCluster_Encryption_versionUpdate
=== RUN TestAccEKSCluster_forceUpdateVersion
=== PAUSE TestAccEKSCluster_forceUpdateVersion
=== RUN TestAccEKSCluster_version
=== PAUSE TestAccEKSCluster_version
=== RUN TestAccEKSCluster_logging
=== PAUSE TestAccEKSCluster_logging
=== RUN TestAccEKSCluster_tags
=== PAUSE TestAccEKSCluster_tags
=== RUN TestAccEKSCluster_VPC_securityGroupIDs
=== PAUSE TestAccEKSCluster_VPC_securityGroupIDs
=== RUN TestAccEKSCluster_VPC_securityGroupIDsAndSubnetIDs_update
=== PAUSE TestAccEKSCluster_VPC_securityGroupIDsAndSubnetIDs_update
=== RUN TestAccEKSCluster_VPC_endpointPrivateAccess
=== PAUSE TestAccEKSCluster_VPC_endpointPrivateAccess
=== RUN TestAccEKSCluster_VPC_endpointPublicAccess
=== PAUSE TestAccEKSCluster_VPC_endpointPublicAccess
=== RUN TestAccEKSCluster_VPC_publicAccessCIDRs
=== PAUSE TestAccEKSCluster_VPC_publicAccessCIDRs
=== RUN TestAccEKSCluster_Network_serviceIPv4CIDR
=== PAUSE TestAccEKSCluster_Network_serviceIPv4CIDR
=== RUN TestAccEKSCluster_Network_ipFamily
=== PAUSE TestAccEKSCluster_Network_ipFamily
=== RUN TestAccEKSCluster_Outpost_create
=== PAUSE TestAccEKSCluster_Outpost_create
=== RUN TestAccEKSCluster_Outpost_placement
=== PAUSE TestAccEKSCluster_Outpost_placement
=== RUN TestAccEKSCluster_RemoteNetwork_Node_OnCreate
=== PAUSE TestAccEKSCluster_RemoteNetwork_Node_OnCreate
=== RUN TestAccEKSCluster_RemoteNetwork_Node_OnUpdate
=== PAUSE TestAccEKSCluster_RemoteNetwork_Node_OnUpdate
=== RUN TestAccEKSCluster_RemoteNetwork_Pod_OnCreate
=== PAUSE TestAccEKSCluster_RemoteNetwork_Pod_OnCreate
=== RUN TestAccEKSCluster_RemoteNetwork_Pod_OnUpdate
=== PAUSE TestAccEKSCluster_RemoteNetwork_Pod_OnUpdate
=== RUN TestAccEKSCluster_upgradePolicy
=== PAUSE TestAccEKSCluster_upgradePolicy
=== RUN TestAccEKSCluster_zonalShiftConfig
=== PAUSE TestAccEKSCluster_zonalShiftConfig
=== RUN TestAccEKSCluster_deletionProtection
=== PAUSE TestAccEKSCluster_deletionProtection
=== CONT TestAccEKSCluster_basic
=== CONT TestAccEKSCluster_VPC_securityGroupIDs
=== CONT TestAccEKSCluster_ComputeConfig_AddARN
=== CONT TestAccEKSCluster_RemoteNetwork_Pod_OnCreate
=== CONT TestAccEKSCluster_Outpost_placement
=== CONT TestAccEKSCluster_deletionProtection
=== CONT TestAccEKSCluster_zonalShiftConfig
=== CONT TestAccEKSCluster_upgradePolicy
=== CONT TestAccEKSCluster_RemoteNetwork_Node_OnCreate
=== CONT TestAccEKSCluster_RemoteNetwork_Node_OnUpdate
=== CONT TestAccEKSCluster_BootstrapSelfManagedAddons_migrate
=== CONT TestAccEKSCluster_RemoteNetwork_Pod_OnUpdate
=== CONT TestAccEKSCluster_ComputeConfig_ModifyARN
=== CONT TestAccEKSCluster_ComputeConfig_OnCreate
=== CONT TestAccEKSCluster_ComputeConfig_OnUpdate
=== CONT TestAccEKSCluster_forceUpdateVersion
=== CONT TestAccEKSCluster_tags
=== CONT TestAccEKSCluster_version
=== CONT TestAccEKSCluster_AccessConfig_update
=== CONT TestAccEKSCluster_logging
=== NAME TestAccEKSCluster_Outpost_placement
cluster_test.go:1261: skipping since no Outposts found
--- SKIP: TestAccEKSCluster_Outpost_placement (1.15s)
=== CONT TestAccEKSCluster_BootstrapSelfManagedAddons_update
--- PASS: TestAccEKSCluster_zonalShiftConfig (493.48s)
=== CONT TestAccEKSCluster_Encryption_update
--- PASS: TestAccEKSCluster_RemoteNetwork_Node_OnCreate (544.39s)
=== CONT TestAccEKSCluster_Encryption_versionUpdate
--- PASS: TestAccEKSCluster_RemoteNetwork_Pod_OnCreate (550.72s)
=== CONT TestAccEKSCluster_AccessConfig_create
--- PASS: TestAccEKSCluster_basic (561.53s)
=== CONT TestAccEKSCluster_VPC_publicAccessCIDRs
--- PASS: TestAccEKSCluster_tags (563.52s)
=== CONT TestAccEKSCluster_Outpost_create
cluster_test.go:1228: skipping since no Outposts found
--- SKIP: TestAccEKSCluster_Outpost_create (0.45s)
=== CONT TestAccEKSCluster_Network_ipFamily
--- PASS: TestAccEKSCluster_VPC_securityGroupIDs (568.72s)
=== CONT TestAccEKSCluster_Network_serviceIPv4CIDR
--- PASS: TestAccEKSCluster_upgradePolicy (572.31s)
=== CONT TestAccEKSCluster_VPC_endpointPrivateAccess
--- PASS: TestAccEKSCluster_BootstrapSelfManagedAddons_migrate (578.80s)
=== CONT TestAccEKSCluster_VPC_endpointPublicAccess
--- PASS: TestAccEKSCluster_AccessConfig_update (591.68s)
=== CONT TestAccEKSCluster_VPC_securityGroupIDsAndSubnetIDs_update
--- PASS: TestAccEKSCluster_deletionProtection (597.48s)
=== CONT TestAccEKSCluster_disappears
--- PASS: TestAccEKSCluster_logging (760.24s)
=== CONT TestAccEKSCluster_Encryption_create
--- PASS: TestAccEKSCluster_ComputeConfig_OnUpdate (922.85s)
--- PASS: TestAccEKSCluster_ComputeConfig_AddARN (985.02s)
--- PASS: TestAccEKSCluster_ComputeConfig_OnCreate (1018.58s)
--- PASS: TestAccEKSCluster_BootstrapSelfManagedAddons_update (1060.03s)
--- PASS: TestAccEKSCluster_forceUpdateVersion (1073.44s)
--- PASS: TestAccEKSCluster_version (1082.46s)
--- PASS: TestAccEKSCluster_AccessConfig_create (539.35s)
--- PASS: TestAccEKSCluster_disappears (611.97s)
--- PASS: TestAccEKSCluster_Encryption_create (528.02s)
--- PASS: TestAccEKSCluster_RemoteNetwork_Node_OnUpdate (1415.10s)
--- PASS: TestAccEKSCluster_RemoteNetwork_Pod_OnUpdate (1429.87s)
--- PASS: TestAccEKSCluster_VPC_publicAccessCIDRs (930.55s)
--- PASS: TestAccEKSCluster_Encryption_versionUpdate (1029.97s)
--- PASS: TestAccEKSCluster_Network_ipFamily (1054.75s)
--- PASS: TestAccEKSCluster_Network_serviceIPv4CIDR (1078.94s)
--- PASS: TestAccEKSCluster_ComputeConfig_ModifyARN (1668.22s)
--- PASS: TestAccEKSCluster_VPC_endpointPublicAccess (1096.57s)
--- PASS: TestAccEKSCluster_Encryption_update (1472.01s)
--- PASS: TestAccEKSCluster_VPC_securityGroupIDsAndSubnetIDs_update (1445.68s)
--- PASS: TestAccEKSCluster_VPC_endpointPrivateAccess (1763.35s)
PASS
ok github.com/hashicorp/terraform-provider-aws/internal/service/eks 2341.106s
Contributor
|
@raglin Thanks for the contribution 🎉 👏. |
Contributor
|
Warning This Issue has been closed, meaning that any additional comments are much easier for the maintainers to miss. Please assume that the maintainers will not see them. Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed. |
github-actions
Bot
removed
the
prioritized
Contributor
|
This functionality has been released in v6.11.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
Contributor
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rollback Plan
If a change needs to be reverted, we will publish an updated version of the library.
Description
This enhancement allows users to modify remote node and pod network CIDRs without recreating their EKS clusters. The implementation includes:
Relations
Closes #42552
References
Amazon EKS UpdateClusterConfig API
Output from Acceptance Testing