add access entry

[yangw-dev]

EKS Access Config

add var to allow change cluster's access_config
by default the value will use "CONFIG_MAP" (same default setup as aws eks)

In clusters.yaml, add it as a top-level key under the cluster:

  re-prod:
    cluster_name: pytorch-re-prod-production
    region: us-east-2
    state_bucket: ciforge-tfstate-re-prod-prod
    access_config:
      authentication_mode: API_AND_CONFIG_MAP
    base:
      vpc_cidr: "10.4.0.0/16"
      base_node_instance_type: m5.xlarge
    ...

see my plan change in ci-forge:
https://github.com/pytorch/ciforge/pull/180

error

The cluster's authentication mode must be set to one of [API, API_AND_CONFIG_MAP] to perform this operation.

[zxiiro]

In our other Dev EKS Cluster we are using the "pytorch-ci-admins" IAM role. This role is granted to ci-infra admins when they login to AWS via their LFID setup.

https://github.com/pytorch/ci-infra/blob/main/arc/aws/391835788720/us-east-1/01_infra/lf-arc-dev-eks.tf

Do we want to do the same here so that folks don't need yet another login method?

[yangw-dev]

In our other Dev EKS Cluster we are using the "pytorch-ci-admins" IAM role. This role is granted to ci-infra admins when they login to AWS via their LFID setup.

https://github.com/pytorch/ci-infra/blob/main/arc/aws/391835788720/us-east-1/01_infra/lf-arc-dev-eks.tf

Do we want to do the same here so that folks don't need yet another login method?

i think this is for devgpu user and remote execution users. they are not admins but just normal users who can initiate task in our cluster. admin can be too powerful

[jeanschmidt]

I want to push back on this decision:

A) do we need that? Why exactly?
B) Does it have to be in the upper shared module, or can it be set only on your module?

[yangw-dev]

the lint error does not related to my changes , so squash