Reorder addons task

Author: cPu1

pkg/actions/addon/tasks.go

@@ -40,7 +40,7 @@ var knownAddons = map[string]struct {
 	api.AWSEFSCSIDriverAddon: {},
 }
 
-func CreateAddonTasks(ctx context.Context, cfg *api.ClusterConfig, clusterProvider *eks.ClusterProvider, iamRoleCreator IAMRoleCreator, forceAll bool, timeout time.Duration) (*tasks.TaskTree, *tasks.TaskTree, []string) {
+func CreateAddonTasks(ctx context.Context, cfg *api.ClusterConfig, clusterProvider *eks.ClusterProvider, iamRoleCreator IAMRoleCreator, forceAll bool, timeout time.Duration) (*tasks.TaskTree, *tasks.TaskTree, *tasks.GenericTask, []string) {
 	var addons []*api.Addon
 	var autoDefaultAddonNames []string
 	if !cfg.AddonsConfig.DisableDefaultAddons {
@@ -63,12 +63,17 @@ func CreateAddonTasks(ctx context.Context, cfg *api.ClusterConfig, clusterProvid
 		preAddons  []*api.Addon
 		postAddons []*api.Addon
 	)
+	var vpcCNIAddon *api.Addon
 	for _, addon := range addons {
-		if addonInfo, ok := knownAddons[addon.Name]; ok && addonInfo.CreateBeforeNodeGroup {
+		addonInfo, ok := knownAddons[addon.Name]
+		if ok && addonInfo.CreateBeforeNodeGroup {
 			preAddons = append(preAddons, addon)
 		} else {
 			postAddons = append(postAddons, addon)
 		}
+		if addon.Name == api.VPCCNIAddon {
+			vpcCNIAddon = addon
+		}
 	}
 	preTasks := &tasks.TaskTree{Parallel: false}
 	postTasks := &tasks.TaskTree{Parallel: false}
@@ -93,7 +98,20 @@ func CreateAddonTasks(ctx context.Context, cfg *api.ClusterConfig, clusterProvid
 	if len(postAddons) > 0 {
 		postTasks.Append(makeAddonTask(postAddons, cfg.HasNodes()))
 	}
-	return preTasks, postTasks, autoDefaultAddonNames
+	var updateVPCCNI tasks.GenericTask
+	if vpcCNIAddon != nil && api.IsEnabled(cfg.IAM.WithOIDC) {
+		updateVPCCNI = tasks.GenericTask{
+			Doer: func() error {
+				addonManager, err := createAddonManager(ctx, clusterProvider, cfg)
+				if err != nil {
+					return err
+				}
+				addonManager.setRecommendedPoliciesForIRSA(vpcCNIAddon)
+				return addonManager.Update(ctx, vpcCNIAddon, nil, clusterProvider.AWSProvider.WaitTimeout())
+			},
+		}
+	}
+	return preTasks, postTasks, &updateVPCCNI, autoDefaultAddonNames
 }
 
 type createAddonTask struct {
@@ -112,21 +130,7 @@ type createAddonTask struct {
 func (t *createAddonTask) Describe() string { return t.info }
 
 func (t *createAddonTask) Do(errorCh chan error) error {
-	oidc, err := t.clusterProvider.NewOpenIDConnectManager(t.ctx, t.cfg)
-	if err != nil {
-		return err
-	}
-
-	oidcProviderExists, err := oidc.CheckProviderExists(t.ctx)
-	if err != nil {
-		return err
-	}
-
-	stackManager := t.clusterProvider.NewStackManager(t.cfg)
-
-	addonManager, err := New(t.cfg, t.clusterProvider.AWSProvider.EKS(), stackManager, oidcProviderExists, oidc, func() (kubernetes.Interface, error) {
-		return t.clusterProvider.NewStdClientSet(t.cfg)
-	})
+	addonManager, err := createAddonManager(t.ctx, t.clusterProvider, t.cfg)
 	if err != nil {
 		return err
 	}
@@ -177,6 +181,24 @@ func (t *createAddonTask) Do(errorCh chan error) error {
 	return nil
 }
 
+func createAddonManager(ctx context.Context, clusterProvider *eks.ClusterProvider, cfg *api.ClusterConfig) (*Manager, error) {
+	oidc, err := clusterProvider.NewOpenIDConnectManager(ctx, cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	oidcProviderExists, err := oidc.CheckProviderExists(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	stackManager := clusterProvider.NewStackManager(cfg)
+
+	return New(cfg, clusterProvider.AWSProvider.EKS(), stackManager, oidcProviderExists, oidc, func() (kubernetes.Interface, error) {
+		return clusterProvider.NewStdClientSet(cfg)
+	})
+}
+
 type deleteAddonIAMTask struct {
 	ctx          context.Context
 	info         string

pkg/ctl/create/cluster.go

@@ -357,11 +357,11 @@ func doCreateCluster(cmd *cmdutils.Cmd, ngFilter *filter.NodeGroupFilter, params
 		ClusterName:  cfg.Metadata.Name,
 		StackCreator: stackManager,
 	}
-	preNodegroupAddons, postNodegroupAddons, autoDefaultAddons := addon.CreateAddonTasks(ctx, cfg, ctl, iamRoleCreator, true, cmd.ProviderConfig.WaitTimeout)
+	preNodegroupAddons, postNodegroupAddons, updateVPCCNITask, autoDefaultAddons := addon.CreateAddonTasks(ctx, cfg, ctl, iamRoleCreator, true, cmd.ProviderConfig.WaitTimeout)
 	if len(autoDefaultAddons) > 0 {
 		logger.Info("default addons %s were not specified, will install them as EKS addons", strings.Join(autoDefaultAddons, ", "))
 	}
-	postClusterCreationTasks := ctl.CreateExtraClusterConfigTasks(ctx, cfg, preNodegroupAddons)
+	postClusterCreationTasks := ctl.CreateExtraClusterConfigTasks(ctx, cfg, preNodegroupAddons, updateVPCCNITask)
 
 	taskTree := stackManager.NewTasksToCreateCluster(ctx, cfg.NodeGroups, cfg.ManagedNodeGroups, cfg.AccessConfig, makeAccessEntryCreator(cfg.Metadata.Name, stackManager), postClusterCreationTasks)
 

pkg/eks/tasks.go

@@ -8,26 +8,24 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
 
-	"github.com/weaveworks/eksctl/pkg/actions/iamidentitymapping"
-	"github.com/weaveworks/eksctl/pkg/actions/identityproviders"
-
 	"github.com/weaveworks/eksctl/pkg/windows"
 
 	"github.com/kris-nova/logger"
 	"github.com/pkg/errors"
 
 	"k8s.io/apimachinery/pkg/util/sets"
 
+	"github.com/weaveworks/eksctl/pkg/actions/iamidentitymapping"
+	"github.com/weaveworks/eksctl/pkg/actions/identityproviders"
 	"github.com/weaveworks/eksctl/pkg/actions/irsa"
 	"github.com/weaveworks/eksctl/pkg/addons"
+	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
 	"github.com/weaveworks/eksctl/pkg/cfn/manager"
 	"github.com/weaveworks/eksctl/pkg/fargate"
 	iamoidc "github.com/weaveworks/eksctl/pkg/iam/oidc"
+	"github.com/weaveworks/eksctl/pkg/kubernetes"
 	instanceutils "github.com/weaveworks/eksctl/pkg/utils/instance"
 	"github.com/weaveworks/eksctl/pkg/utils/tasks"
-
-	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
-	"github.com/weaveworks/eksctl/pkg/kubernetes"
 )
 
 type clusterConfigTask struct {
@@ -181,11 +179,10 @@ func newEFADevicePluginTask(
 }
 
 // CreateExtraClusterConfigTasks returns all tasks for updating cluster configuration
-func (c *ClusterProvider) CreateExtraClusterConfigTasks(ctx context.Context, cfg *api.ClusterConfig, preNodeGroupAddons *tasks.TaskTree) *tasks.TaskTree {
+func (c *ClusterProvider) CreateExtraClusterConfigTasks(ctx context.Context, cfg *api.ClusterConfig, preNodeGroupAddons *tasks.TaskTree, updateVPCCNITask *tasks.GenericTask) *tasks.TaskTree {
 	newTasks := &tasks.TaskTree{
 		Parallel:  false,
 		IsSubTask: true,
-		Tasks:     []tasks.Task{preNodeGroupAddons},
 	}
 
 	newTasks.Append(&tasks.GenericTask{
@@ -205,6 +202,16 @@ func (c *ClusterProvider) CreateExtraClusterConfigTasks(ctx context.Context, cfg
 		},
 	})
 
+	if api.IsEnabled(cfg.IAM.WithOIDC) {
+		c.appendCreateTasksForIAMServiceAccounts(ctx, cfg, newTasks)
+		if updateVPCCNITask != nil {
+			newTasks.Append(updateVPCCNITask)
+		}
+	}
+	if preNodeGroupAddons.Len() > 0 {
+		newTasks.Append(preNodeGroupAddons)
+	}
+
 	if cfg.HasClusterCloudWatchLogging() {
 		if logRetentionDays := cfg.CloudWatch.ClusterLogging.LogRetentionInDays; logRetentionDays != 0 {
 			newTasks.Append(&clusterConfigTask{
@@ -237,10 +244,6 @@ func (c *ClusterProvider) CreateExtraClusterConfigTasks(ctx context.Context, cfg
 		})
 	}
 
-	if api.IsEnabled(cfg.IAM.WithOIDC) {
-		c.appendCreateTasksForIAMServiceAccounts(ctx, cfg, newTasks)
-	}
-
 	if len(cfg.IdentityProviders) > 0 {
 		newTasks.Append(identityproviders.NewAssociateProvidersTask(ctx, *cfg.Metadata, cfg.IdentityProviders, c.AWSProvider.EKS()))
 	}
@@ -418,7 +421,7 @@ func (c *ClusterProvider) appendCreateTasksForIAMServiceAccounts(ctx context.Con
 	// given a clientSet getter and OpenIDConnectManager reference we can build out
 	// the list of tasks for each of the service accounts that need to be created
 	newTasks := c.NewStackManager(cfg).NewTasksToCreateIAMServiceAccounts(
-		api.IAMServiceAccountsWithImplicitServiceAccounts(cfg),
+		cfg.IAM.ServiceAccounts,
 		oidcPlaceholder,
 		clientSet,
 	)