Terraform module to create Amazon Elastic Kubernetes (EKS) resources πΊπ¦
APACHE-2.0 License
Bot releases are hidden (Show)
Published by barryib almost 4 years ago
DOCS:
ENHANCEMENTS:
BUG FIXES:
Published by barryib almost 4 years ago
FEATURES:
var.tags
for Autoscaling Groups (#1092)BUG FIXES:
launch_template_id
to null
for Managed Node Groups (#1088)DOCS:
NOTES:
var.worker_groups_launch_template
or var.worker_groups
now override tags passed in via var.tags
for Autoscaling Groups only. This allow ASG Tags to be overwritten, so that propagate_at_launch
can be tweaked for a particular key.Published by barryib almost 4 years ago
FEATURES:
cloudwatch_log_group_arn
to outputs (#1071)aws-auth
configmap (#989)CI:
BUG FIXES:
cloudwatch_log_group_name
should be a string instead of a list of strings (#1061)cluster_elb_sl_role_creation
IAM policy (#1045)ImageOwnerAlias
for worker ami owner instead of owner id (#1038)NOTES:
examples/launch_templates_with_managed_node_groups/
for more details.cloudwatch_log_group_name
was incorrectly returning the log group name as a list of strings. As a workaround, people were using module.eks_cluster.cloudwatch_log_group_name[0]
but that was totally inconsistent with output name. Those users can now use module.eks_cluster.cloudwatch_log_group_name
directly.terraform state mv
until we manage workers groups as maps.Published by barryib about 4 years ago
BUG FIXES:
cluster_elb_sl_role_creation
(#1039)cluster_private_access
security group rules when it should (#981)ENHANCEMENTS:
cpu_credits
optional for workers launch template (#1030)wait_for_cluster_cmd
logic to use curl
if wget
doesn't exist (#1002)FEATURES:
load_balancers
parameter to associate a CLB (Classic Load Balancer) to worker groups ASG (#992)CI:
DOCS:
wget
requirement (#999)cluster_version
variable requirement (#988)cluster_id
output blocking (#955)BREAKING CHANGES:
cluster_endpoint_private_access_cidrs
is now null
instead of ["0.0.0.0/0"]
. It makes the variable required when cluster_create_endpoint_private_access_sg_rule
is set to true
. This will force everyone who want to have a private access to set explicitly their allowed subnets for the sake of the principle of least access by default.cluster_version
variable is now required.NOTES:
cluster_elb_sl_role_creation policy
is common for "enterprise" AWS users to disallow inline policies with an SCP rule for auditing-related reasons, and this accomplishes the same thing.credit_specification
for worker groups launch template can now be set to null
so that we can use non burstable EC2 familiescluster_id
output depends on thewait_for_cluster
null resource. This means that initialisation of theDOCS:
FEATURES:
depends_on
for MNG submodule to ensure ordering of resource creation (#867)BUG FIXES:
asg_tags
#946)on_demand_allocation_strategy
from local.workers_group_defaults
when deciding to use mixed_instances_policy
(#908)NOTES:
FEATURES:
BUG FIXES:
DOCS:
NOTES:
worker_create_cluster_primary_security_group_rules
to allow communication between pods on workers and pods using the primary cluster security group (Managed Node Groups or Fargate). It defaults to false
to avoid potential conflicts with existing security group rules users may have implemented.Published by barryib over 4 years ago
BUG FIXES:
(known after apply)
in managed node groups (#868)DOCS:
FEATURES:
ENHANCEMENTS:
BREAKING CHANGES:
cluster_version
is now 1.16. Kubernetes 1.16 includes a number of deprecated API removals, and you need to ensure your applications and add ons are updated, or workloads could fail after the upgrade is complete. For more information on the API removals, see the Kubernetes blog post. For action you may need to take before upgrading, see the steps in the EKS documentation. Please set explicitly your cluster_version
to an older EKS version until your workloads are ready for Kubernetes 1.16.Published by barryib over 4 years ago
BUG FIXES:
vpc_config.cluster_security_group
output as primary cluster security group id (#828)local.configmap_roles.groups
with tolist() to avoid panic (#846)coalescelist
null argument error when destroying worker_group_launch_templates (#842)FEATURES:
Published by barryib over 4 years ago
FEATURES:
wait_for_cluster_cmd
(#795)ENHANCEMENTS:
aws_partition
to build IAM policy ARNs (#820)aws-auth
configmap's roles from Object. No more string concat. (#790)BUG FIXES:
false
and avoid waiting forever for a non-existent cluster to respond (#789)Type
nicely (#803)CI:
TESTS:
Published by barryib over 4 years ago
BREAKING CHANGES:
ENHANCEMENTS:
encrypted
option to worker's root_block_device as read from the worker configurations (by @craig-rueda)default_cooldown
and health_check_grace_period
options to workers ASG (by @ArieLevs)BUG FIXES:
NOTES:
From EKS 1.15, the VPC tag kubernetes.io/cluster/<cluster-name>: shared
is no longer required. So we dropped those tags from exemples.
Published by max-rocket-internet over 4 years ago
Validate
github action to use env vars (by @max-rocket-internet)examples/irsa
for IAM Roles for Service Accounts (by @max-rocket-internet)iam:{Create,Delete,Get}OpenIDConnectProvider
grants to the list of required IAM permissions in docs/iam-permissions.md
(by @danielelisi)name
parameter to be able to manually name EKS Managed Node Groups (by @splieth)wait_for_cluster_cmd
from curl to wget (by @daroga0002)Published by barryib over 4 years ago
Published by max-rocket-internet almost 5 years ago
Published by max-rocket-internet almost 5 years ago
π₯ There's many changes in this release including 2 breaking changes π₯
Now we use the Kubernetes Terraform provider for managing the aws-auth
configmap.
Managed Node Groups are now released. Please bear in mind this feature is not only new this module but also EKS. There's still quite a few basic features not supported.
If you have problems and see unexpected plan output then be sure to consult the changelog for this release to see how or why this might be.
This release took way too long to create and we know we must release at a faster pace π
There's some good discussion about the future of this module in https://github.com/terraform-aws-modules/terraform-aws-eks/issues/635
Published by max-rocket-internet almost 5 years ago
versions.tf
(by @dpiddockcmp)instance_profile_names
and instance_profile_arns
outputs to also consider launch template as well as asg (by @ankitwal)aws-auth
configmap to create kube_config.yaml
and aws_auth_configmap.yaml
in sequence (and not parallel) to kubectl apply
(by @knittingdev)Published by max-rocket-internet almost 5 years ago
userdata_template_file
template and userdata_template_extra_args
in worker_groups
(by @snstanton)kubectl
configuration file can now be fully-specified using config_output_path
. Previously it was assumed that config_output_path
referred to a directory and always ended with a forward slash. This is a breaking change if config_output_path
does not end with a forward slash (which was advised against by the documentation).Published by barryib about 5 years ago
tags
to aws_eks_cluster
introduced by terraform-provider-aws 2.31.0 (by @morganchristiansson)sslCertPath
described in docs/autoscaling.md
(by @wi1dcard)Published by barryib about 5 years ago
target_group_arns
attribute of worker autoscaling group (by @tatusl)Published by max-rocket-internet about 5 years ago
Published by max-rocket-internet about 5 years ago