terraform-aws-eks

FEATURES:

• Add support for Managed Node Groups (node_groups) taints (#1424)
• Allow to choose launch template version for Managed Node Groups when create_launch_template is set to true (#1419)
• Add capacity_rebalance support for self-managed worker groups (#1326)
• Add var.wait_for_cluster_timeout to allow configuring the wait for cluster timeout (#1420)

BUG FIXES:

• Fix AMI filtering when the default platform is provided in var.workers_group_defaults (#1413)
• Remove duplicated security group rule for EKS private access endpoint (#1412)

NOTES:

• In this bug fix, we remove a duplicated security rule introduced during a merge conflict resolution in [#1274](https://github.com/terraform-aws-modules/terraform-aws-eks/pull/1274)

BUG FIXES:

• Don't add tags on network interfaces because it's not supported yet in terraform-provider-aws (#1407)

BUG FIXES:

• Default root_volume_type must be gp2 (#1404)

FEATURES:

• Add ability to use Security Groups as source for private endpoint access (#1274)
• Define Root device name for Windows self-managed worker groups (#1401)
• Drop random pets from Managed Node Groups (#1372)
• Add multiple selectors on the creation of Fargate profile (#1378)
• Rename config_output_path into kubeconfig_output_path for naming consistency (#1399)
• Kubeconfig file should not be world or group readable by default (#1114)
• Add tags on network interfaces (#1362)
• Add instance store volume option for instances with local disk (#1213)

BUG FIXES:

• Add back depends_on for data.wait_for_cluster (#1389)

DOCS:

• Clarify about the cluster_endpoint_private_access_cidrs usage (#1400)
• Add KMS aliases handling to IAM permissions (#1288)

BREAKING CHANGES:

• The private endpoint security group rule has been renamed to allow the use of CIDR blocks and Security Groups as source. This will delete the cluster_private_access Security Group Rule for existing cluster. Please rename by aws_security_group_rule.cluster_private_access[0] into aws_security_group_rule.cluster_private_access_cidrs_source[0].
• We now decided to remove random_pet resources in Managed Node Groups (MNG). Those were used to recreate MNG if something change and also simulate the newly added argument node_group_name_prefix. But they were causing a lot of troubles. To upgrade the module without recreating your MNG, you will need to explicitly reuse their previous name and set them in your MNG name argument. Please see upgrade docs for more details.
• To support multiple selectors for Fargate profiles, we introduced the selectors argument which is a list of map. This will break previous configuration with a single selector namespace and labels. You'll need to rewrite your configuration to use the selectors argument. See examples dans docs for details.
• The variable config_output_path is renamed into kubeconfig_output_path for naming consistency. Please upgrade your configuration accordingly.

NOTES:

• Since we now search only for Linux or Windows AMI if there is a worker groups for the corresponding plateform, we can now define different default root block device name for each plateform. Use locals root_block_device_name and root_block_device_name_windows to define your owns.
• The kubeconfig file permission is not world and group readable anymore. The default permission is now 600. This value can be changed with the variable var.kubeconfig_file_permission.

FEATURES:

• Add ability to forcefully update nodes in managed node groups (#1380)

BUG FIXES:

• Bump terraform-provider-http required version to 2.4.1 to avoid TLS Cert Pool issue on Windows (#1387)

DOCS:

• Update license to Apache 2 License (#1375)

FEATURES:

• Search for Windows or Linux AMIs only if they are needed (#1371)

BUG FIXES:

• Set an ASG's launch template version to an explicit version to automatically trigger instance refresh (#1370)
• Add description for private API ingress Security Group Rule (#1299)

DOCS:

• Fix cluster autoscaler tags in IRSA example (#1204)
• Add Bottlerocket example (#1296)

NOTES:

• Set an ASG's launch template version to an explicit version automatically. This will ensure that an instance refresh will be triggered whenever the launch template changes. The default launch_template_version is now used to determine the latest or default version of the created launch template for self-managed worker groups.

BUG FIXES:

• Bump terraform-aws-modules/http provider version to support darwin arm64 release (#1369)

DOCS:

• Use IRSA for Node Termination Handler IAM policy attachement in Instance Refresh example (#1373)

FEATURES:

• Add support for Auto Scaling Group Instance Refresh for self-managed worker groups (#1224)
• Drop asg_recreate_on_change feature to encourage the usage of Instance Refresh for EC2 Auto Scaling (#1360)
• Add timeout of 5mn when waiting for cluster (#1359)
• Remove dependency on deprecated hashicorp/template provider (#1297)
• Replace the local-exec script with a http datasource for waiting cluster (#1339)

BUG FIXES:

• Remove provider from required providers (#1357)
• Bump AWS provider version to add Warm Pool support (#1340)

CI:

• Bump terraform-docs to 0.13 (#1335)

BREAKING CHANGES:

• This module used random_pet resources to create a random name for the autoscaling group to force the autoscaling group to be re-created when the launch configuration or launch template was changed (if recreate_asg_when_lc_changes = true was set), causing the instances to be removed and re-provisioned each time there was an update. Those random_pet resources has been removed and in its place there is now a set of functionality provided by AWS and the Terraform AWS provider - Instance Refresh. We encourage those users to move on Instance Refresh for EC2 Auto Scaling.
• We remove the dependency on the deprecated hashicorp/template provider and use the Terraform built in templatefile function. This will broke some workflows due to previously being able to pass in the raw contents of a template file for processing. The templatefile function requires a template file that exists before running a plan.

NOTES:

• Using the terraform-aws-modules/http provider is a more platform agnostic way to wait for the cluster availability than using a local-exec. With this change we're able to provision EKS clusters and manage the aws_auth configmap while still using the hashicorp/tfc-agent docker image.

FEATURES:

• Add tags on additional IAM resources like IAM policies, instance profile, OIDC provider (#1321)
• Allow to override cluster and workers egress CIDRs (#1237)
• Allow to specify the managed cluster IAM role name (#1199)
• Add support for ASG Warm Pools (#1310)
• Add support for specifying elastic inference accelerator (#1176)
• Create launch template for Managed Node Groups (#1138)

BUG FIXES:

• Replace list with tolist function for working with terraform v0.15.0 (#1317)
• Limit cluster_name when creating fargate IAM Role (#1270)
• Add mission metadata block for launch configuration (#1301)
• Add missing IAM permission for NLB with EIPs (#1226)
• Change back the default disk type to gp2 (#1208)

DOCS:

• Update helm instructions for irsa example (#1251)

BUG FIXES:

• Fixed list and map usage (#1307)

BUG FIXES:

• Updated code and version requirements to work with Terraform 0.15 (#1165)

FEATURES:

• Add nitro enclave support for EKS (#1185)
• Add support for service_ipv4_cidr for the EKS cluster (#1139)
• Add the SPOT support for Managed Node Groups (#1129)
• Use gp3 as default as it saves 20% and is more performant (#1134)
• Allow the overwrite of subnets for Fargate profiles (#1117)
• Add support for throughput parameter for gp3 volumes (#1146)
• Add customizable Auto Scaling Group health check type (#1118)
• Add permissions boundary to fargate execution IAM role (#1108)

ENHANCEMENTS:

• Dont set -x in userdata to avoid printing sensitive informations in logs (#1187)

BUG FIXES:

• Merge tags from Fargate profiles with common tags from cluster (#1159)

DOCS:

• Update changelog generation to use custom sort with git-chglog v0.10.0 (#1202)
• Bump IRSA example dependencies to versions which work with TF 0.14 (#1184)
• Change instance type from t2 to t3 in examples (#1169)
• Fix typos in README and CONTRIBUTING (#1167)
• Make it more obvious that var.cluster_iam_role_name will allow reusing an existing IAM Role for the cluster. (#1133)
• Fixes typo in variables description (#1154)
• Fix a typo in the aws-auth section of the README (#1099)

BREAKING CHANGES:

• To add add SPOT support for MNG, the instance_type is now a list and renamed as instance_types. This will probably rebuild existing Managed Node Groups.
• The default root volume type is now gp3 as it saves 20% and is more performant

NOTES:

• The EKS cluster can be provisioned with both private and public subnets. But Fargate only accepts private ones. This new variable allows to override the subnets to explicitly pass the private subnets to Fargate and work around that issue.