kubernetes-sigs
diff --git a/‎Dockerfile‎
Lines changed: 2 additions & 1 deletion b/‎Dockerfile‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎Makefile‎
Lines changed: 6 additions & 3 deletions b/‎Makefile‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml‎
Lines changed: 31 additions & 1 deletion b/‎config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml‎
Lines changed: 31 additions & 1 deletion
diff --git a/‎controlplane/eks/api/v1beta1/awsmanagedcontrolplane_types.go‎
Lines changed: 13 additions & 0 deletions b/‎controlplane/eks/api/v1beta1/awsmanagedcontrolplane_types.go‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎controlplane/eks/api/v1beta1/types.go‎
Lines changed: 15 additions & 0 deletions b/‎controlplane/eks/api/v1beta1/types.go‎
Lines changed: 15 additions & 0 deletions
@@ -41,10 +41,11 @@ COPY ./ ./
 ARG package=.
 ARG ARCH
 ARG LDFLAGS
+ARG GCFLAGS
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.local/share/golang \
-    CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} go build -ldflags "${LDFLAGS} -extldflags '-static'"  -o manager ${package}
+    CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} go build -gcflags "${GCFLAGS}" -ldflags "${LDFLAGS} -extldflags '-static'"  -o manager ${package}
 ENTRYPOINT [ "/start.sh", "/workspace/manager" ]
 
 # Copy the controller-manager into a thin image
 
@@ -137,6 +137,9 @@ RBAC_ROOT ?= $(MANIFEST_ROOT)/rbac
 # Allow overriding the imagePullPolicy
 PULL_POLICY ?= Always
 
+# Allow overriding the GCFLAGS
+GCFLAGS ?=
+
 # Set build time variables including version details
 LDFLAGS := $(shell source ./hack/version.sh; version::ldflags)
 
@@ -387,12 +390,12 @@ binaries: managers clusterawsadm ## Builds and installs all binaries
 
 .PHONY: clusterawsadm
 clusterawsadm: ## Build clusterawsadm binary
-	go build -ldflags "$(LDFLAGS)" -o $(BIN_DIR)/clusterawsadm ./cmd/clusterawsadm
+	go build -gcflags "$(GCFLAGS)" -ldflags "$(LDFLAGS)" -o $(BIN_DIR)/clusterawsadm ./cmd/clusterawsadm
 
 
 .PHONY: docker-build
 docker-build: docker-pull-prerequisites ## Build the docker image for controller-manager
-	docker build --build-arg ARCH=$(ARCH) --build-arg builder_image=$(GO_CONTAINER_IMAGE) --build-arg LDFLAGS="$(LDFLAGS)" . -t $(CORE_CONTROLLER_IMG)-$(ARCH):$(TAG)
+	docker build --build-arg ARCH=$(ARCH) --build-arg builder_image=$(GO_CONTAINER_IMAGE) --build-arg GCFLAGS="$(GCFLAGS)" --build-arg LDFLAGS="$(LDFLAGS)" . -t $(CORE_CONTROLLER_IMG)-$(ARCH):$(TAG)
 
 .PHONY: docker-build-all ## Build all the architecture docker images
 docker-build-all: $(addprefix docker-build-,$(ALL_ARCH))
@@ -411,7 +414,7 @@ managers: ## Alias for manager-aws-infrastructure
 
 .PHONY: manager-aws-infrastructure
 manager-aws-infrastructure: ## Build manager binary
-	CGO_ENABLED=0 GOARCH=${ARCH} go build -ldflags "${LDFLAGS} -extldflags '-static'" -o $(BIN_DIR)/manager .
+	CGO_ENABLED=0 GOARCH=${ARCH} go build -gcflags "${GCFLAGS}" -ldflags "${LDFLAGS} -extldflags '-static'" -o $(BIN_DIR)/manager .
 
 ##@ test:
 
 
@@ -67,6 +67,21 @@ spec:
             description: AWSManagedControlPlaneSpec defines the desired state of an
               Amazon EKS Cluster.
             properties:
+              accessConfig:
+                description: AccessConfig specifies the access configuration information
+                  for the cluster
+                properties:
+                  authenticationMode:
+                    default: CONFIG_MAP
+                    description: |-
+                      AuthenticationMode specifies the desired authentication mode for the cluster
+                      Defaults to CONFIG_MAP
+                    enum:
+                    - CONFIG_MAP
+                    - API
+                    - API_AND_CONFIG_MAP
+                    type: string
+                type: object
               additionalTags:
                 additionalProperties:
                   type: string
@@ -2245,6 +2260,21 @@ spec:
             description: AWSManagedControlPlaneSpec defines the desired state of an
               Amazon EKS Cluster.
             properties:
+              accessConfig:
+                description: AccessConfig specifies the access configuration information
+                  for the cluster
+                properties:
+                  authenticationMode:
+                    default: CONFIG_MAP
+                    description: |-
+                      AuthenticationMode specifies the desired authentication mode for the cluster
+                      Defaults to CONFIG_MAP
+                    enum:
+                    - CONFIG_MAP
+                    - API
+                    - API_AND_CONFIG_MAP
+                    type: string
+                type: object
               additionalTags:
                 additionalProperties:
                   type: string
@@ -3053,7 +3083,7 @@ spec:
                 type: object
               oidcIdentityProviderConfig:
                 description: |-
-                  IdentityProviderconfig is used to specify the oidc provider config
+                  OIDCIdentityProviderConfig is used to specify the oidc provider config
                   to be attached with this eks cluster
                 properties:
                   clientId:
 
@@ -165,6 +165,10 @@ type AWSManagedControlPlaneSpec struct { //nolint: maligned
 	// +optional
 	OIDCIdentityProviderConfig *OIDCIdentityProviderConfig `json:"oidcIdentityProviderConfig,omitempty"`
 
+	// AccessConfig specifies the access configuration information for the cluster
+	// +optional
+	AccessConfig *AccessConfig `json:"accessConfig,omitempty"`
+
 	// DisableVPCCNI indicates that the Amazon VPC CNI should be disabled. With EKS clusters the
 	// Amazon VPC CNI is automatically installed into the cluster. For clusters where you want
 	// to use an alternate CNI this option provides a way to specify that the Amazon VPC CNI
@@ -212,6 +216,15 @@ type EndpointAccess struct {
 	Private *bool `json:"private,omitempty"`
 }
 
+// AccessConfig represents the access configuration information for the cluster
+type AccessConfig struct {
+	// AuthenticationMode specifies the desired authentication mode for the cluster
+	// Defaults to CONFIG_MAP
+	// +kubebuilder:default=CONFIG_MAP
+	// +kubebuilder:validation:Enum=CONFIG_MAP;API;API_AND_CONFIG_MAP
+	AuthenticationMode EKSAuthenticationMode `json:"authenticationMode,omitempty"`
+}
+
 // EncryptionConfig specifies the encryption configuration for the EKS clsuter.
 type EncryptionConfig struct {
 	// Provider specifies the ARN or alias of the CMK (in AWS KMS)
 
@@ -79,6 +79,21 @@ var (
 	EKSTokenMethodAWSCli = EKSTokenMethod("aws-cli")
 )
 
+// EKSAuthenticationMode defines the authentication mode for the cluster
+type EKSAuthenticationMode string
+
+var (
+	// EKSAuthenticationModeConfigMap indicates that only `aws-auth` ConfigMap will be used for authentication
+	EKSAuthenticationModeConfigMap = EKSAuthenticationMode("CONFIG_MAP")
+
+	// EKSAuthenticationModeAPI indicates that only AWS Access Entries will be used for authentication
+	EKSAuthenticationModeAPI = EKSAuthenticationMode("API")
+
+	// EKSAuthenticationModeAPIAndConfigMap indicates that both `aws-auth` ConfigMap and AWS Access Entries will
+	// be used for authentication
+	EKSAuthenticationModeAPIAndConfigMap = EKSAuthenticationMode("API_AND_CONFIG_MAP")
+)
+
 var (
 	// DefaultEKSControlPlaneRole is the name of the default IAM role to use for the EKS control plane
 	// if no other role is supplied in the spec and if iam role creation is not enabled. The default