terraform-aws-eks

19.2.0 (2022-12-18)

Features

• Ensure all supported resources are tagged under tag_specifications on launch templates (#2352) (0751a0c)

19.1.1 (2022-12-17)

Bug Fixes

• Use IAM session context data source to resolve the identities role when using assumed_role (#2347) (71b8eca)

19.1.0 (2022-12-16)

Features

• Add support for addon configuration_values (#2345) (3b62f6c)

19.0.4 (2022-12-07)

Bug Fixes

• Ensure that custom KMS key is not created if encryption is not enabled, support computed values in cluster name (#2328) (b83f6d9)

19.0.3 (2022-12-07)

Bug Fixes

• Invalid value for "replace" parameter: argument must not be null. (#2322) (9adc475)

19.0.2 (2022-12-06)

Bug Fixes

• public_access_cidrs require a value even if public endpoint is disabled (#2320) (3f6d915)

19.0.1 (2022-12-06)

Bug Fixes

• Call to lookup() closed too early, breaks sg rule creation in cluster sg if custom source sg is defined. (#2319) (7bc4a27)

19.0.0 (2022-12-05)

⚠ BREAKING CHANGES (#2250) (b2e97ca)

Please consult the examples directory for reference example configurations. If you find a bug, please open an issue with supporting configuration to reproduce.

List of backwards incompatible changes

• The cluster_id output used to output the name of the cluster. This is due to the fact that the cluster name is a unique constraint and therefore its set as the unique identifier within Terraform's state map. However, starting with local EKS clusters created on Outposts, there is now an attribute returned from the aws eks create-cluster API named id. The cluster_id has been updated to return this value which means that for current, standard EKS clusters created in the AWS cloud, no value will be returned (at the time of this writing) for cluster_id and only local EKS clusters on Outposts will return a value that looks like a UUID/GUID. Users should switch all instances of cluster_id to use cluster_name before upgrading to v19. Reference
• Minimum supported version of Terraform AWS provider updated to v4.45 to support latest features provided via the resources utilized.
• Minimum supported version of Terraform updated to v1.0
• Individual security group created per EKS managed node group or self managed node group has been removed. This configuration went mostly un-used and would often cause confusion ("Why is there an empty security group attached to my nodes?"). This functionality can easily be replicated by user's providing one or more externally created security groups to attach to nodes launched from the node group.
• Previously, var.iam_role_additional_policies (one for each of the following: cluster IAM role, EKS managed node group IAM role, self-managed node group IAM role, and Fargate Profile IAM role) accepted a list of strings. This worked well for policies that already existed but failed for policies being created at the same time as the cluster due to the well known issue of unkown values used in a for_each loop. To rectify this issue in v19.x, two changes were made:
  1. var.iam_role_additional_policies was changed from type list(string) to type map(string) -> this is a breaking change. More information on managing this change can be found below, under Terraform State Moves
  2. The logic used in the root module for this variable was changed to replace the use of try() with lookup(). More details on why can be found here
• The cluster name has been removed from the Karpenter module event rule names. Due to the use of long cluster names appending to the provided naming scheme, the cluster name has moved to a ClusterName tag and the event rule name is now a prefix. This guarantees that users can have multiple instances of Karpenter withe their respective event rules/SQS queue without name collisions, while also still being able to identify which queues and event rules belong to which cluster.

Please see the UPGRADE-19.0.md for full details on changes and upgrade path.

18.31.2 (2022-11-23)

Bug Fixes

• Ensure that var.create is tied to all resources correctly (#2308) (3fb28b3)

18.31.1 (2022-11-22)

Bug Fixes

• Include all certificate fingerprints in the OIDC provider thumbprint list (#2307) (7436178)

18.31.0 (2022-11-21)

Features

• New Karpenter sub-module for easily enabling Karpenter on EKS (#2303) (f24de33)

18.30.3 (2022-11-07)

Bug Fixes

• Update CI configuration files to use latest version (#2293) (364c60d)

18.30.2 (2022-10-14)

Bug Fixes

• Disable creation of cluster security group rules that map to node security group when create_node_security_group = false (#2274) (28ccece)

18.30.1 (2022-10-11)

Bug Fixes

• Update CloudWatch log group creation deny policy to use wildcard (#2267) (ac4d549)

18.30.0 (2022-09-29)

Features

• Add output for cluster TLS certificate SHA1 fingerprint and provider tags to cluster primary security group (#2249) (a74e980)

18.29.1 (2022-09-26)

Bug Fixes

• Set image_id to come from the launch template instead of data source for self-managed node groups (#2239) (c5944e5)

18.29.0 (2022-08-26)

Features

• Allow TLS provider to use versions 3.0+ (i.e. - >= 3.0) (#2211) (f576a6f)

18.28.0 (2022-08-17)

Features

• Add output for launch template name, and correct variable type value (#2205) (0a52d69)

18.27.1 (2022-08-09)

Bug Fixes

• Remove empty "" from node group names output when node group creation is disabled (#2197) (d2f162b)

18.27.0 (2022-08-09)

Features

• Default to clusters OIDC issuer URL for aws_eks_identity_provider_config (#2190) (93065fa)