Skip to content

Commit a35c839

Browse files
Benbentwoclaude
andcommitted
docs: add EKS Auto Mode section to README.yaml
Port the EKS Auto Mode documentation from README.md back to README.yaml so it persists through readme generation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent a2e337d commit a35c839

1 file changed

Lines changed: 66 additions & 0 deletions

File tree

README.yaml

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -328,5 +328,71 @@ usage: |-
328328
> many issues you may read about that had affected prior versions. See the version 2 README and release notes
329329
> for more information on the challenges and workarounds that were required prior to v3.
330330
331+
## EKS Auto Mode
332+
333+
This module supports [EKS Auto Mode](https://docs.aws.amazon.com/eks/latest/userguide/automode.html) (GA December 2024),
334+
which delegates compute, networking, and storage management to AWS. Enable it using the `auto_mode_compute_config`,
335+
`auto_mode_storage_config`, and `auto_mode_elastic_load_balancing` variables.
336+
337+
### Enabling Auto Mode
338+
339+
```hcl
340+
module "eks_cluster" {
341+
source = "cloudposse/eks-cluster/aws"
342+
# version = "..."
343+
344+
auto_mode_compute_config = {
345+
enabled = true
346+
node_pools = ["general-purpose", "system"]
347+
node_role_arn = aws_iam_role.auto_mode_node.arn
348+
}
349+
350+
auto_mode_storage_config = {
351+
block_storage = {
352+
enabled = true
353+
}
354+
}
355+
356+
auto_mode_elastic_load_balancing = {
357+
enabled = true
358+
}
359+
360+
# ... other configuration
361+
}
362+
```
363+
364+
When Auto Mode is enabled, this module automatically:
365+
- Sets `bootstrap_self_managed_addons = false` (unless explicitly overridden)
366+
- Adds `sts:TagSession` to the cluster IAM role trust policy
367+
- Attaches 4 additional IAM policies to the cluster role: `AmazonEKSComputePolicy`, `AmazonEKSBlockStoragePolicy`,
368+
`AmazonEKSLoadBalancingPolicy`, and `AmazonEKSNetworkingPolicy`
369+
370+
### Capabilities
371+
372+
All three capabilities must be enabled or disabled together:
373+
374+
| Capability | Variable | What AWS Manages |
375+
|-----------|----------|-----------------|
376+
| **Compute** | `auto_mode_compute_config` | Node provisioning via managed Karpenter |
377+
| **Storage** | `auto_mode_storage_config` | EBS volumes via `ebs.csi.eks.amazonaws.com` |
378+
| **Networking** | `auto_mode_elastic_load_balancing` | ALB/NLB for Services and Ingress |
379+
380+
### Important Notes
381+
382+
- Requires AWS provider `>= 5.79.0` and Kubernetes `>= 1.29`
383+
- Auto Mode manages `vpc-cni`, `kube-proxy`, `coredns`, and `aws-ebs-csi-driver` add-ons automatically.
384+
Do not include these in the `addons` variable when Auto Mode is enabled.
385+
- Auto Mode nodes are Bottlerocket-only, immutable, with no SSH/IMDS access
386+
- Nodes have a 21-day maximum lifetime and are automatically rotated
387+
- The `node_role_arn` in `auto_mode_compute_config` must be an IAM role with
388+
`AmazonEKSWorkerNodeMinimalPolicy` and `AmazonEC2ContainerRegistryPullOnly` attached
389+
390+
### Cluster Version Upgrades
391+
392+
With Auto Mode, Kubernetes version upgrades are simplified:
393+
1. Bump `kubernetes_version` and apply -- control plane upgrades in place
394+
2. Managed Karpenter detects version drift and automatically replaces nodes
395+
3. Auto Mode-managed add-ons are automatically upgraded to compatible versions
396+
331397
include: []
332398
contributors: []

0 commit comments

Comments
 (0)