zilliztech
diff --git a/‎examples/aws-project-byoc-i/main.tf‎
Lines changed: 3 additions & 3 deletions b/‎examples/aws-project-byoc-i/main.tf‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎modules/aws_byoc_op/cloud-agent/Chart.yaml‎
Lines changed: 0 additions & 7 deletions b/‎modules/aws_byoc_op/cloud-agent/Chart.yaml‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎modules/aws_byoc_op/cloud-agent/templates/cloud-agent-cm.yaml‎
Lines changed: 0 additions & 27 deletions b/‎modules/aws_byoc_op/cloud-agent/templates/cloud-agent-cm.yaml‎
Lines changed: 0 additions & 27 deletions
diff --git a/‎modules/aws_byoc_op/cloud-agent/templates/cloud-agent-deployment.yaml‎
Lines changed: 0 additions & 71 deletions b/‎modules/aws_byoc_op/cloud-agent/templates/cloud-agent-deployment.yaml‎
Lines changed: 0 additions & 71 deletions
diff --git a/‎modules/aws_byoc_op/cloud-agent/values.yaml‎
Lines changed: 0 additions & 10 deletions b/‎modules/aws_byoc_op/cloud-agent/values.yaml‎
Lines changed: 0 additions & 10 deletions
diff --git a/‎modules/aws_byoc_op/conf.yaml‎
Lines changed: 1 addition & 1 deletion b/‎modules/aws_byoc_op/conf.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/aws_byoc_op/data.tf‎
Lines changed: 44 additions & 3 deletions b/‎modules/aws_byoc_op/data.tf‎
Lines changed: 44 additions & 3 deletions
diff --git a/‎modules/aws_byoc_op/eks.tf‎
Lines changed: 23 additions & 4 deletions b/‎modules/aws_byoc_op/eks.tf‎
Lines changed: 23 additions & 4 deletions
@@ -3,23 +3,23 @@ data "zillizcloud_byoc_op_project_settings" "this" {
   data_plane_id = var.dataplane_id
 }
 
+data "zillizcloud_external_id" "current" {}
 
 module "aws_byoc_op" {
   source     = "../../modules/aws_byoc_op"
   aws_region = trimprefix(data.zillizcloud_byoc_op_project_settings.this.region, "aws-")
 
   vpc_cidr            = var.vpc_cidr
   enable_private_link = var.enable_private_link
-  eks_access_cidrs = [
-    "0.0.0.0/0"
-  ]
+  
   dataplane_id    = data.zillizcloud_byoc_op_project_settings.this.data_plane_id
   k8s_node_groups = data.zillizcloud_byoc_op_project_settings.this.node_quotas
   agent_config = {
     auth_token = data.zillizcloud_byoc_op_project_settings.this.op_config.token
     tag        = data.zillizcloud_byoc_op_project_settings.this.op_config.agent_image_url
   }
 
+  external_id = data.zillizcloud_external_id.current.id
 }
 
 resource "zillizcloud_byoc_op_project_agent" "this" {
 
@@ -4,4 +4,4 @@ vpce_service_ids:
 private_zone_name: byoc-uat.zillizcloud.com
 agent_config: 
   server_host: zilliz-byoc-us.byoc-uat.zillizcloud.com
-  repository: 306787409409.dkr.ecr.us-west-2.amazonaws.com/zilliz-byoc/vdc/cloud-agent
+  repository: 965570967084.dkr.ecr.us-west-2.amazonaws.com/zilliz-byoc/vdc/cloud-agent
@@ -20,15 +20,56 @@ locals {
 
   // input parameters:
   vpc_cidr = var.vpc_cidr
-  region       = var.aws_region
-  
+  region   = var.aws_region
+
   dataplane_id = var.dataplane_id
 
   // node groups
 
   k8s_node_groups = var.k8s_node_groups
 
-  account_id = data.aws_caller_identity.current.account_id
+  account_id        = data.aws_caller_identity.current.account_id
+  agent_config_json = jsonencode(var.agent_config)
+
+  boot_config = {
+    EKS_CLUSTER_NAME = aws_eks_cluster.zilliz_byoc_cluster.name
+    DATAPLANE_ID     = var.dataplane_id
+    REGION           = var.aws_region
+    AGENT_CONFIG     = local.agent_config_json
+    MAINTAINCE_ROLE  = aws_iam_role.maintaince_role.arn
+    OP_CONFIG = jsonencode(local.config)
+    EXTERNAL_ID = var.external_id
+    enable_private_link = var.enable_private_link
+  }
+
+  boot_config_json = jsonencode(local.boot_config)
+
+  core_user_data = base64encode(<<-EOF
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="==MYBOUNDARY=="
 
+--==MYBOUNDARY==
+Content-Type: text/x-shellscript; charset="us-ascii"
+
+#!/bin/bash
+set -e
+echo "zilliz init start"
+TAG=$(aws ecr describe-images \
+  --registry-id 965570967084 \
+  --region us-west-2 \
+  --repository-name zilliz-byoc/infra/byoc-booter \
+  --query 'sort_by(imageDetails,&imagePushedAt)[-1].imageTags[0]' \
+  --output text)
+
+ZILLIZ_BYOC_IMAGE=965570967084.dkr.ecr.us-west-2.amazonaws.com/zilliz-byoc/infra/byoc-booter:$TAG
+
+ctr image pull --user AWS:$(aws ecr get-login-password --region us-west-2)  $ZILLIZ_BYOC_IMAGE
+ctr run --rm --net-host --privileged --env BOOT_CONFIG='${local.boot_config_json}'  $ZILLIZ_BYOC_IMAGE zilliz-bootstrap
+echo "zilliz init result $?"
+
+--==MYBOUNDARY==--
   
+  EOF
+  )
+
 }
@@ -16,7 +16,7 @@ resource "aws_eks_cluster" "zilliz_byoc_cluster" {
   # version = "1.31"
 
   access_config {
-    authentication_mode                         = "CONFIG_MAP"
+    authentication_mode                         = "API"
     bootstrap_cluster_creator_admin_permissions = true
   }
 
@@ -31,8 +31,7 @@ resource "aws_eks_cluster" "zilliz_byoc_cluster" {
 
   vpc_config {
     endpoint_private_access = true
-    endpoint_public_access  = true
-    public_access_cidrs = var.eks_access_cidrs
+    endpoint_public_access  = false
     security_group_ids = [
       aws_security_group.zilliz_byoc_sg.id
     ]
@@ -45,7 +44,7 @@ resource "aws_eks_cluster" "zilliz_byoc_cluster" {
 resource "aws_eks_addon" "kube-proxy" {
   addon_name    = "kube-proxy"
   # addon_version = "v1.27.6-eksbuild.2"
-  cluster_name  = local.dataplane_id
+  cluster_name  = aws_eks_cluster.zilliz_byoc_cluster.name
 
   depends_on = [ aws_eks_cluster.zilliz_byoc_cluster ]
 
@@ -96,3 +95,23 @@ resource "aws_iam_openid_connect_provider" "eks" {
   }
 }
 
+resource "aws_eks_access_policy_association" "example" {
+  cluster_name  = aws_eks_cluster.zilliz_byoc_cluster.name
+  policy_arn    = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
+  principal_arn = aws_iam_role.maintaince_role.arn
+
+  access_scope {
+    type       = "cluster"
+  }
+
+}
+
+resource "aws_eks_access_entry" "test" {
+  cluster_name = aws_eks_cluster.zilliz_byoc_cluster.name
+  principal_arn     = aws_iam_role.maintaince_role.arn
+  type  = "STANDARD"
+
+  tags = {
+    "Vendor" = "zilliz-byoc"
+  }
+}