fix: move addon from CFN to manager for cloudwatch stack

ndbaker1 · ndbaker1 · commit c688d9a7ff9b · 2025-07-29T17:33:32.000Z
diff --git a/internal/deployers/eksapi/addons.go b/internal/deployers/eksapi/addons.go
@@ -26,10 +26,13 @@ func NewAddonManager(clients *awsClients) *AddonManager {
 }
 
 func (m *AddonManager) createAddons(infra *Infrastructure, cluster *Cluster, opts *deployerOptions) error {
+	ctx := context.TODO()
+
+	addonMap := map[string]string{}
 	for _, addon := range opts.Addons {
 		addonParts := strings.Split(addon, ":")
 		if len(addonParts) != 2 {
-			return fmt.Errorf("invalid addon: %s", addon)
+			return fmt.Errorf("invalid addon format: %s", addon)
 		}
 		name := addonParts[0]
 		version := addonParts[1]
@@ -38,26 +41,32 @@ func (m *AddonManager) createAddons(infra *Infrastructure, cluster *Cluster, opt
 		if err != nil {
 			return err
 		}
-		klog.Infof("creating addon %s version: %s", name, resolvedVersion)
+		// dedupe addons with the same name. last provided entry wins.
+		addonMap[name] = resolvedVersion
+	}
+
+	for addonName, addonVersion := range addonMap {
+		klog.Infof("creating addon %s version: %s", addonName, addonVersion)
 		input := eks.CreateAddonInput{
-			AddonName:    aws.String(name),
-			AddonVersion: aws.String(resolvedVersion),
+			AddonName:    aws.String(addonName),
+			AddonVersion: aws.String(addonVersion),
 			ClusterName:  aws.String(cluster.name),
 		}
-		_, err = m.clients.EKS().CreateAddon(context.TODO(), &input)
+		_, err := m.clients.EKS().CreateAddon(ctx, &input)
 		if err != nil {
 			return fmt.Errorf("failed to create addon: %v", err)
 		}
-		klog.Infof("waiting for addon to be active: %s", name)
+		klog.Infof("waiting for addon to be active: %s", addonName)
 		err = eks.NewAddonActiveWaiter(m.clients.EKS()).
-			Wait(context.TODO(), &eks.DescribeAddonInput{
+			Wait(ctx, &eks.DescribeAddonInput{
+				AddonName:   aws.String(addonName),
 				ClusterName: aws.String(cluster.name),
-				AddonName:   aws.String(name),
 			}, addonCreationTimeout)
 		if err != nil {
 			return fmt.Errorf("failed to wait for addon to be active: %v", err)
 		}
 	}
+
 	return nil
 }
 
diff --git a/internal/deployers/eksapi/deployer.go b/internal/deployers/eksapi/deployer.go
@@ -209,6 +209,12 @@ func (d *deployer) Up() error {
 	if d.AMI != "" && d.ExpectedAMI == "" {
 		d.ExpectedAMI = d.AMI
 	}
+
+	// TODO: add the pod identity agent addons because it is required for
+	// cloudwatch infrastructure. cloudwatch infra might want to be optional.
+	// this must be prepended to the list in order to respect user overrides.
+	d.deployerOptions.Addons = slices.Insert(d.deployerOptions.Addons, 0, "eks-pod-identity-agent:default")
+
 	if err := d.addonManager.createAddons(d.infra, d.cluster, &d.deployerOptions); err != nil {
 		return err
 	}
diff --git a/internal/deployers/eksapi/templates/cloudwatch-infra.yaml.template b/internal/deployers/eksapi/templates/cloudwatch-infra.yaml.template
@@ -36,12 +36,6 @@ Resources:
       Namespace: amazon-cloudwatch
       ServiceAccount: cwagent
       RoleArn: !GetAtt CloudWatchRole.Arn
-  
-  EksPodIdentityAgentAddon:
-    Type: AWS::EKS::Addon
-    Properties:
-      AddonName: eks-pod-identity-agent
-      ClusterName: !Ref ClusterName
 
 Outputs:
   CloudWatchRoleArn:

Original file line number	Diff line number	Diff line change
`@@ -209,6 +209,12 @@ func (d *deployer) Up() error {`
`209`	`209`	`if d.AMI != "" && d.ExpectedAMI == "" {`
`210`	`210`	`d.ExpectedAMI = d.AMI`
`211`	`211`	`}`
	`212`	`+`
	`213`	`+ // TODO: add the pod identity agent addons because it is required for`
	`214`	`+ // cloudwatch infrastructure. cloudwatch infra might want to be optional.`
	`215`	`+ // this must be prepended to the list in order to respect user overrides.`
	`216`	`+ d.deployerOptions.Addons = slices.Insert(d.deployerOptions.Addons, 0, "eks-pod-identity-agent:default")`
	`217`	`+`
`212`	`218`	`if err := d.addonManager.createAddons(d.infra, d.cluster, &d.deployerOptions); err != nil {`
`213`	`219`	`return err`
`214`	`220`	`}`