Add URL for OIDC issuer to allow IAM roles for Pods (#506)

* Add URL for OIDC issuer to allow IAM roles for Pods

* Update Documentation

Author: russwhelan

CHANGELOG.md

@@ -19,6 +19,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
  - Added support for initial lifecycle hooks for autosacling groups (@barryib)
  - Added option to recreate ASG when LT or LC changes (by @barryib)
  - Ability to specify workers role name (by @ivanich)
+ - Added output for OIDC Issuer URL (by @russwhelan)
  - Added support for Mixed Instance ASG using `worker_groups_launch_template` variable  (by @sppwf)
  - Changed ASG Tags generation using terraform 12 `for` utility  (by @sppwf)
  - Removed `worker_groups_launch_template_mixed` variable (by @sppwf)

README.md

@@ -168,6 +168,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | cluster\_id | The name/id of the EKS cluster. |
 | cluster\_security\_group\_id | Security group ID attached to the EKS cluster. |
 | cluster\_version | The Kubernetes server version for the EKS cluster. |
+| cluster\_oidc\_issuer\_url | The URL on the EKS cluster OIDC Issuer. |
 | config\_map\_aws\_auth | A kubernetes configuration to authenticate to this EKS cluster. |
 | kubeconfig | kubectl config file contents for this EKS cluster. |
 | kubeconfig\_filename | The filename of the generated kubectl config. |

outputs.tf

@@ -43,6 +43,11 @@ output "cluster_iam_role_arn" {
   value       = local.cluster_iam_role_arn
 }
 
+output "cluster_oidc_issuer_url" {
+  description = "The URL on the EKS cluster OIDC Issuer"
+  value       = aws_eks_cluster.this.identity.0.oidc.0.issuer
+}
+
 output "cloudwatch_log_group_name" {
   description = "Name of cloudwatch log group created"
   value       = aws_cloudwatch_log_group.this.*.name