Skip to content

[v18] EKS support in aws_discovery terraform module#65675

Open
charlestp wants to merge 2 commits intobranch/v18from
charles/v18-backfill-eks
Open

[v18] EKS support in aws_discovery terraform module#65675
charlestp wants to merge 2 commits intobranch/v18from
charles/v18-backfill-eks

Conversation

@charlestp
Copy link
Copy Markdown
Contributor

@charlestp charlestp commented Apr 10, 2026
edited
Loading

Backfilling #65002 and #65479 into v18.

Changelog: Adds EKS support when using AWS discovery with Terraform.

Manual Test Plan

Test Environment

Cloud staging tenant running v18 dev build (v18.7.4-dev.disceks.7)

Test Cases

  • Test module with EKS matcher
  • Test module with EKS + EC2 matchers
  • Discovery works with EKS + EC2 matchers.
  • Upgrade from 18.7.3 (legacy integration) => 18.7.4-dev.disceks.3 (end-to-end dev build).
  • EKS matcher with empty options - gets default true value in underlying discovery_config
  • EKS matcher with kube_app_discovery = false - gets false in underlying discovery_config
  • EC2 matcher does not get option in underlying discovery_config.
  • EKS + EC2 matcher with kube_app_discovery = true works, discovery_config matches.

@charlestp
Refactor teleport/discovery/aws module to support eks (#65002)
a972175 
Deprecates the flattened singular matcher options in favor of
multiple aws_matchers.

Thread setup_access_for_arn through discovery terraform
@charlestp
Add field to aws_matchers. Remove eks support from the legacy match_a…
bd614c6 
…ws_* fields so we don't have to worry about compatibility. (#65479)
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 10, 2026
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
charles/v18-backfill-eks HEAD 1 ✅SUCCEED charles-v18-backfill-eks 2026-04-10 21:42:16

charlestp
charlestp commented Apr 10, 2026
View reviewed changes
integrations/terraform-modules/teleport/discovery/aws/versions.tf
teleport = {
source = "terraform.releases.teleport.dev/gravitational/teleport"
version = ">= 18.5.1"
version = ">= 18.7.4"
Copy link
Copy Markdown
Contributor Author

@charlestp charlestp Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is using the "next release" a bad idea here? This PR includes updates to the teleport provider that I need to use in order to avoid errors from the provider backfilling erroneous ec2 fields into every matcher.

Copy link
Copy Markdown
Contributor

@GavinFrazar GavinFrazar Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see no issue with doing that

@GavinFrazar
Copy link
Copy Markdown
Contributor

GavinFrazar commented Apr 11, 2026

#65679 will be backported as a cherry-pick onto this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@avatus avatus Awaiting requested review from avatus

@GavinFrazar GavinFrazar Awaiting requested review from GavinFrazar

@hugoShaka hugoShaka Awaiting requested review from hugoShaka

@marcoandredinis marcoandredinis Awaiting requested review from marcoandredinis

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

backport do-not-merge documentation size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@charlestp @GavinFrazar