Terraform module for provisioning an EKS cluster
addons_version
if the EKS addons are enabled (var.addons)addon_version = try(var.addons_versions["coredns"], data.aws_eks_addon_version.latest["coredns"].version)
.github/settings.yaml
)Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.Major breaking changes. Review the migration guide for guidance about upgrading.
In this version we fulfill the promise of managing EKS access via AWS APIs rather than via the various hacks we employed to make it possible to manage access via the aws-auth
ConfigMap. As a result, all references to the Kubernetes Terraform AWS provider have been removed, requiring manual intervention for upgrading from previous versions.
We also removed Security Group and other inputs deprecated in version 2.
We believe the final result is much cleaner, more reliable, and more stable than earlier versions, but the upgrade is unfortunately non-trivial. Please allow yourself sufficient time to read the migration guide before upgrading.
[!WARNING] This release has major breaking changes and requires significant manual intervention to upgrade existing clusters. Read the migration document for more details.
aws-auth
ConfigMapgo
v1.21, Kubernetes 1.29, etc.Use new AWS API for EKS Access Control (#206)
Note: this may not be available via the Terraform registry, so source it via
source = "github.com/cloudposse/terraform-aws-eks-cluster?ref=v4.0.0-rc1"
[!WARNING] This release has major breaking changes and requires significant manual intervention to upgrade existing clusters. Read the migration document for more details.
aws-auth
ConfigMapgo
v1.21, Kubernetes 1.29, etc.Updating the addon to use resolve_conflicts_on_create
and resolve_conflicts_on_update
.
Per reference below, resolve_conflicts
is deprecated.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon
This version bumps requirements:
Even with that, there is still a deprecation warning when using AWS provider v5. We are providing this release at this level for people who are not yet ready to update to AWS provider v5. Most likely the next release will required v5.
go
version and dependenciescoredns
on Fargate, you must pass '{"computeType": "Fargate"}'
. Supersedes and closes #181Supersedes and closes #190
one(aws_eks_cluster.default[*].vpc_config[0].cluster_security_group_id)
resource "aws_security_group_rule" "managed_ingress_cidr_blocks"
to add the allowed ingress CIDR blocks, the following error is thrown Error: [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxx). This may be
│ a side effect of a now-fixed Terraform issue causing two security groups with
│ identical attributes but different source_security_group_ids to overwrite each
│ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
│ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 10.222.0.0/16, ALL, ALLOW" already exists
│ status code: 400, request id: 7065e36d-ffca-4540-8e43-ed75d94d752e
│
│ with module.eks_cluster.aws_security_group_rule.managed_ingress_cidr_blocks[0],
│ on .terraform/modules/eks_cluster/security-group.tf line 17, in resource "aws_security_group_rule" "managed_ingress_cidr_blocks":
│ 17: resource "aws_security_group_rule" "managed_ingress_cidr_blocks" {
managed_security_group_rules_enabled
. For the very old clusters (which use the custom SG as the main cluster SG), set the variable to false
to not add the SG rules to it (since the SG is the custom SG to which the module adds the same rules anyway)addons_depends_on
to allow for nodes to be created before addons are appliedcluster_depends_on
to allow for networking to be fully provisioned before cluster is createddepends_on
clausestflint
complaintsRebuild github dir from the template