From 77855629e534da2ce5b099b10c82cc67aa2fdde1 Mon Sep 17 00:00:00 2001
From: Oliver Schoenborn <oliver@sentianSE.com>
Date: Fri, 17 Sep 2021 13:05:17 -0400
Subject: [PATCH 1/3] use aws eks get-token instead of aws authenticator

---
 locals.tf    | 13 ++++++++++++-
 variables.tf |  2 +-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/locals.tf b/locals.tf
index 60472a6058..1dc536f456 100644
--- a/locals.tf
+++ b/locals.tf
@@ -1,3 +1,5 @@
+data "aws_region" "current" {}
+
 locals {
 
   # EKS Cluster
@@ -160,12 +162,21 @@ locals {
     "t2.xlarge"
   ]
 
+  default_kubeconfig_aws_auth_args = [
+    "--region",
+    data.aws_region.current.name,
+    "eks",
+    "get-token",
+    "--cluster-name",
+    var.cluster_name
+  ]
+
   kubeconfig = var.create_eks ? templatefile("${path.module}/templates/kubeconfig.tpl", {
     kubeconfig_name                   = coalesce(var.kubeconfig_name, "eks_${var.cluster_name}")
     endpoint                          = local.cluster_endpoint
     cluster_auth_base64               = local.cluster_auth_base64
     aws_authenticator_command         = var.kubeconfig_aws_authenticator_command
-    aws_authenticator_command_args    = coalescelist(var.kubeconfig_aws_authenticator_command_args, ["token", "-i", local.cluster_name])
+    aws_authenticator_command_args    = coalescelist(var.kubeconfig_aws_authenticator_command_args, local.default_kubeconfig_aws_auth_args)
     aws_authenticator_additional_args = var.kubeconfig_aws_authenticator_additional_args
     aws_authenticator_env_variables   = var.kubeconfig_aws_authenticator_env_variables
   }) : ""
diff --git a/variables.tf b/variables.tf
index a5d9adefe3..d1c49b6a16 100644
--- a/variables.tf
+++ b/variables.tf
@@ -219,7 +219,7 @@ variable "kubeconfig_aws_authenticator_env_variables" {
 variable "kubeconfig_name" {
   description = "Override the default name used for items kubeconfig."
   type        = string
-  default     = ""
+  default     = null
 }
 
 variable "cluster_create_timeout" {

From 7a272491a5f34744e59cfe84a0363957103d33c6 Mon Sep 17 00:00:00 2001
From: Oliver Schoenborn <oliver@sentianSE.com>
Date: Tue, 12 Oct 2021 12:31:57 -0400
Subject: [PATCH 2/3] default to null kubectl auth command

---
 locals.tf    | 2 +-
 variables.tf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/locals.tf b/locals.tf
index 1dc536f456..bfe1cc9d2f 100644
--- a/locals.tf
+++ b/locals.tf
@@ -175,7 +175,7 @@ locals {
     kubeconfig_name                   = coalesce(var.kubeconfig_name, "eks_${var.cluster_name}")
     endpoint                          = local.cluster_endpoint
     cluster_auth_base64               = local.cluster_auth_base64
-    aws_authenticator_command         = var.kubeconfig_aws_authenticator_command
+    aws_authenticator_command         = coalesce(var.kubeconfig_aws_authenticator_command, "aws")
     aws_authenticator_command_args    = coalescelist(var.kubeconfig_aws_authenticator_command_args, local.default_kubeconfig_aws_auth_args)
     aws_authenticator_additional_args = var.kubeconfig_aws_authenticator_additional_args
     aws_authenticator_env_variables   = var.kubeconfig_aws_authenticator_env_variables
diff --git a/variables.tf b/variables.tf
index d1c49b6a16..a6a7163f37 100644
--- a/variables.tf
+++ b/variables.tf
@@ -195,7 +195,7 @@ variable "workers_additional_policies" {
 variable "kubeconfig_aws_authenticator_command" {
   description = "Command to use to fetch AWS EKS credentials."
   type        = string
-  default     = "aws-iam-authenticator"
+  default     = null
 }
 
 variable "kubeconfig_aws_authenticator_command_args" {

From 5c1411bd9e1357e1ea6d12ac04660b50bdf6c280 Mon Sep 17 00:00:00 2001
From: Oliver Schoenborn <oliver@sentianSE.com>
Date: Tue, 12 Oct 2021 12:36:56 -0400
Subject: [PATCH 3/3] clarify variable description and re-order auth command
 default args for clarity

---
 locals.tf    | 6 +++---
 variables.tf | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/locals.tf b/locals.tf
index bfe1cc9d2f..c616e3e2c9 100644
--- a/locals.tf
+++ b/locals.tf
@@ -163,12 +163,12 @@ locals {
   ]
 
   default_kubeconfig_aws_auth_args = [
-    "--region",
-    data.aws_region.current.name,
     "eks",
     "get-token",
     "--cluster-name",
-    var.cluster_name
+    var.cluster_name,
+    "--region",
+    data.aws_region.current.name
   ]
 
   kubeconfig = var.create_eks ? templatefile("${path.module}/templates/kubeconfig.tpl", {
diff --git a/variables.tf b/variables.tf
index a6a7163f37..0405613f16 100644
--- a/variables.tf
+++ b/variables.tf
@@ -193,13 +193,13 @@ variable "workers_additional_policies" {
 }
 
 variable "kubeconfig_aws_authenticator_command" {
-  description = "Command to use to fetch AWS EKS credentials."
+  description = "Command to use to fetch AWS EKS credentials. Defaults to aws CLI (will use eks command)."
   type        = string
   default     = null
 }
 
 variable "kubeconfig_aws_authenticator_command_args" {
-  description = "Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name]."
+  description = "Default arguments passed to the authenticator command. Defaults to [eks get-token ...]."
   type        = list(string)
   default     = []
 }