Skip to content

feat(control-room): add EKS access entries support#96

Merged
ian-flores merged 2 commits intomainfrom
feat-controlroom-eks-access-entries
Feb 6, 2026
Merged

feat(control-room): add EKS access entries support#96
ian-flores merged 2 commits intomainfrom
feat-controlroom-eks-access-entries

Conversation

@ian-flores
Copy link
Contributor

@ian-flores ian-flores commented Jan 27, 2026
edited
Loading

Summary

  • Adds eks_access_entries configuration to control room EKS clusters
  • Mirrors the existing workload cluster pattern for consistency

Problem

Control room EKS clusters were hardcoded to use the legacy aws-auth ConfigMap for authentication, while workload clusters had the option to use modern EKS Access Entries via the eks_access_entries config.

Solution

Added the same eks_access_entries configuration support to control rooms:

  • eks_access_entries.enabled - Enable EKS Access Entries instead of aws-auth ConfigMap
  • eks_access_entries.additional_entries - Add custom access entries
  • eks_access_entries.include_same_account_poweruser - Include PowerUser role

Usage

To enable EKS Access Entries on a control room, add to ptd.yaml:

spec:
  eks_access_entries:
    enabled: true
    include_same_account_poweruser: true

Test plan

  • Deploy to a staging control room with eks_access_entries.enabled: true
  • Verify EKS Access Entries are created instead of aws-auth ConfigMap
  • Verify existing control rooms (without the config) continue to use ConfigMap

Closes #79

@ian-flores
feat(control-room): add EKS access entries support
b739db1 
Add eks_access_entries configuration to control room EKS clusters,
mirroring the existing workload cluster pattern. This allows control
rooms to use modern EKS Access Entries instead of the legacy aws-auth
ConfigMap when eks_access_entries.enabled is set to true.

Closes #79
@ian-flores
fix(lib): fix flaky TestGenerateRandomString test
74755d3 
The randomness check for length=1 strings had ~1.6% collision
probability (1/62 charset), causing intermittent CI failures.
Only check randomness for lengths >= 4 where collision is negligible.
@ian-flores ian-flores marked this pull request as ready for review February 5, 2026 23:14
@ian-flores ian-flores requested a review from a team as a code owner February 5, 2026 23:14
@ian-flores ian-flores merged commit 958279a into main Feb 6, 2026
6 checks passed
@ian-flores ian-flores deleted the feat-controlroom-eks-access-entries branch February 6, 2026 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timtalbot timtalbot Awaiting requested review from timtalbot

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Use API + Config Map auth mode in control room EKS clusters

2 participants

@ian-flores @timtalbot

Comments