diff --git a/README.md b/README.md
index ab4fe8b1ec..d4dd2afff4 100644
--- a/README.md
+++ b/README.md
@@ -225,6 +225,7 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
| [fargate\_profiles](#input\_fargate\_profiles) | Fargate profiles to create. See `fargate_profile` keys section in fargate submodule's README.md for more details | `any` | `{}` | no |
| [fargate\_subnets](#input\_fargate\_subnets) | A list of subnets to place fargate workers within (if different from subnets). | `list(string)` | `[]` | no |
| [iam\_path](#input\_iam\_path) | If provided, all IAM roles will be created on this path. | `string` | `"/"` | no |
+| [kubeconfig\_api\_version](#input\_kubeconfig\_api\_version) | KubeConfig API version. Defaults to client.authentication.k8s.io/v1alpha1 | `string` | `"client.authentication.k8s.io/v1alpha1"` | no |
| [kubeconfig\_aws\_authenticator\_additional\_args](#input\_kubeconfig\_aws\_authenticator\_additional\_args) | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | `list(string)` | `[]` | no |
| [kubeconfig\_aws\_authenticator\_command](#input\_kubeconfig\_aws\_authenticator\_command) | Command to use to fetch AWS EKS credentials. | `string` | `"aws-iam-authenticator"` | no |
| [kubeconfig\_aws\_authenticator\_command\_args](#input\_kubeconfig\_aws\_authenticator\_command\_args) | Default arguments passed to the authenticator command. Defaults to [token -i $cluster\_name]. | `list(string)` | `[]` | no |
diff --git a/locals.tf b/locals.tf
index 09dd589214..8e1b54e49c 100644
--- a/locals.tf
+++ b/locals.tf
@@ -163,13 +163,14 @@ locals {
]
kubeconfig = var.create_eks ? templatefile("${path.module}/templates/kubeconfig.tpl", {
- kubeconfig_name = coalesce(var.kubeconfig_name, "eks_${var.cluster_name}")
- endpoint = local.cluster_endpoint
- cluster_auth_base64 = local.cluster_auth_base64
- aws_authenticator_command = var.kubeconfig_aws_authenticator_command
- aws_authenticator_command_args = coalescelist(var.kubeconfig_aws_authenticator_command_args, ["token", "-i", local.cluster_name])
- aws_authenticator_additional_args = var.kubeconfig_aws_authenticator_additional_args
- aws_authenticator_env_variables = var.kubeconfig_aws_authenticator_env_variables
+ kubeconfig_name = coalesce(var.kubeconfig_name, "eks_${var.cluster_name}")
+ endpoint = local.cluster_endpoint
+ cluster_auth_base64 = local.cluster_auth_base64
+ aws_authenticator_kubeconfig_apiversion = var.kubeconfig_api_version
+ aws_authenticator_command = var.kubeconfig_aws_authenticator_command
+ aws_authenticator_command_args = coalescelist(var.kubeconfig_aws_authenticator_command_args, ["token", "-i", local.cluster_name])
+ aws_authenticator_additional_args = var.kubeconfig_aws_authenticator_additional_args
+ aws_authenticator_env_variables = var.kubeconfig_aws_authenticator_env_variables
}) : ""
launch_configuration_userdata_rendered = [
diff --git a/templates/kubeconfig.tpl b/templates/kubeconfig.tpl
index a99a0dfa8f..5004243bec 100644
--- a/templates/kubeconfig.tpl
+++ b/templates/kubeconfig.tpl
@@ -20,7 +20,7 @@ users:
- name: ${kubeconfig_name}
user:
exec:
- apiVersion: client.authentication.k8s.io/v1alpha1
+ apiVersion: ${aws_authenticator_kubeconfig_apiversion}
command: ${aws_authenticator_command}
args:
%{~ for i in aws_authenticator_command_args }
diff --git a/variables.tf b/variables.tf
index a830e20a62..2b2763bb5f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -191,7 +191,12 @@ variable "workers_additional_policies" {
type = list(string)
default = []
}
+variable "kubeconfig_api_version" {
+ description = "KubeConfig API version. Defaults to client.authentication.k8s.io/v1alpha1"
+ type = string
+ default = "client.authentication.k8s.io/v1alpha1"
+}
variable "kubeconfig_aws_authenticator_command" {
description = "Command to use to fetch AWS EKS credentials."
type = string