Terraform Aws Eks Cluster Versions Save

Terraform module for provisioning an EKS cluster

4.1.0

1 month ago
Update readme @osterman (#208)

what

  • Update readme.md

why

  • Latest copy

🚀 Enhancements

Output addons_versions if enabled @bogdanbarna (#216)

what

  • Output addons_version if the EKS addons are enabled (var.addons)

why

  • This may be just my use case, but I have both a variable and a data source for fetching an addon version (the former to overwrite the latter) and the module's addon_version output would become the source of truth for the versions, e.g.
addon_version = try(var.addons_versions["coredns"], data.aws_eks_addon_version.latest["coredns"].version)

references

  • N/A

🤖 Automatic Updates

Add GitHub Settings @osterman (#215)

what

  • Install a repository config (.github/settings.yaml)

why

  • Programmatically manage GitHub repo settings
Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /test/src @dependabot (#213)

Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

4.0.0

1 month ago

Major breaking changes. Review the migration guide for guidance about upgrading.

In this version we fulfill the promise of managing EKS access via AWS APIs rather than via the various hacks we employed to make it possible to manage access via the aws-auth ConfigMap. As a result, all references to the Kubernetes Terraform AWS provider have been removed, requiring manual intervention for upgrading from previous versions.

We also removed Security Group and other inputs deprecated in version 2.

We believe the final result is much cleaner, more reliable, and more stable than earlier versions, but the upgrade is unfortunately non-trivial. Please allow yourself sufficient time to read the migration guide before upgrading.

Use AWS API for EKS authentication and authorization @Nuru (#206)

Major Breaking Changes

[!WARNING] This release has major breaking changes and requires significant manual intervention to upgrade existing clusters. Read the migration document for more details.

what

  • Use the AWS API to manage EKS access controls instead of the aws-auth ConfigMap
  • Remove support for creating an extra security group, deprecated in v2
  • Add IPv6 service CIDR output
  • Update test framework to go v1.21, Kubernetes 1.29, etc.

why

  • Remove a large number of bugs, hacks, and flaky behaviors
  • Encourage separation of concerns (use another module to create a security group)
  • Requested and authored by @colinh6
  • Stay current

references

  • New API for EKS access control
  • Obsoletes and closes #148
  • Obsoletes and closes #155
  • Obsoletes and closes #167
  • Obsoletes and closes #168
  • Obsoletes and closes #193
  • Obsoletes and closes #202
  • Fixes #203
  • Supersedes and closes #173
  • Supersedes and closes #194
  • Supersedes and closes #195
  • Supersedes and closes #196
  • Supersedes and closes #197
  • Supersedes and closes #198
  • Supersedes and closes #199
  • Supersedes and closes #200
  • Supersedes and closes #201
Update readme @osterman (#204)

what

  • Update to use new readme

why

  • Fresh copy

v4.0.0-rc1

2 months ago

Use new AWS API for EKS Access Control (#206)

Note: this may not be available via the Terraform registry, so source it via

source = "github.com/cloudposse/terraform-aws-eks-cluster?ref=v4.0.0-rc1"

Major Breaking Changes

[!WARNING] This release has major breaking changes and requires significant manual intervention to upgrade existing clusters. Read the migration document for more details.

what

  • Use the AWS API to manage EKS access controls instead of the aws-auth ConfigMap
  • Remove support for creating an extra security group, deprecated in v2
  • Add IPv6 service CIDR output
  • Update test framework to go v1.21, Kubernetes 1.29, etc.

3.0.0

7 months ago
Feature/update resolve conflicts @tyu0912 (#192)

what

Updating the addon to use resolve_conflicts_on_create and resolve_conflicts_on_update.

why

Per reference below, resolve_conflicts is deprecated.

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon

2.9.0

9 months ago
Enable configuration values to be passed to addons @Nuru (#191)

notes

This version bumps requirements:

  • Terraform must now be >= 1.3
  • AWS provider must now be >= 4.46

Even with that, there is still a deprecation warning when using AWS provider v5. We are providing this release at this level for people who are not yet ready to update to AWS provider v5. Most likely the next release will required v5.

what

  • Enable configuration values to be passed to addons
  • Wait for security group rules to be in place before trying to contact the cluster
  • Update test go version and dependencies

why

  • Add-ons may need configuration. For example, to run coredns on Fargate, you must pass '{"computeType": "Fargate"}'. Supersedes and closes #181
  • Before security group rules are in place, TCP connection to the cluster will be blocked and the connection will fail.
  • Supersede and close the following PRs:
    • closes #177
    • closes #178
    • closes #179
    • closes #180
    • closes #182

references

Supersedes and closes #190

2.8.1

11 months ago

🚀 Enhancements

Update Security Group rules @aknysh (#186)

what

  • Update Security Group rules

why

  • This module can create an additional Security Group for the EKS cluster for backwards compatibility if you are updating this module to the latest version on existing clusters
  • If the cluster was created using an older version of the module, EKS did not create a managed cluster Security Group at the time, and the the cluster Security Group was the additional Security Group
  • This additional Security Group is returned from the expression one(aws_eks_cluster.default[*].vpc_config[0].cluster_security_group_id)
  • When the module tries to create resource "aws_security_group_rule" "managed_ingress_cidr_blocks" to add the allowed ingress CIDR blocks, the following error is thrown
 Error: [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxx). This may be
│ a side effect of a now-fixed Terraform issue causing two security groups with
│ identical attributes but different source_security_group_ids to overwrite each
│ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
│ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 10.222.0.0/16, ALL, ALLOW" already exists
│ 	status code: 400, request id: 7065e36d-ffca-4540-8e43-ed75d94d752e
│
│   with module.eks_cluster.aws_security_group_rule.managed_ingress_cidr_blocks[0],
│   on .terraform/modules/eks_cluster/security-group.tf line 17, in resource "aws_security_group_rule" "managed_ingress_cidr_blocks":
│   17: resource "aws_security_group_rule" "managed_ingress_cidr_blocks" {
  • This PR adds a variable managed_security_group_rules_enabled. For the very old clusters (which use the custom SG as the main cluster SG), set the variable to false to not add the SG rules to it (since the SG is the custom SG to which the module adds the same rules anyway)

2.8.0

11 months ago
Improved dependency configuration @Nuru (#185)

what

  • Add addons_depends_on to allow for nodes to be created before addons are applied
  • Add cluster_depends_on to allow for networking to be fully provisioned before cluster is created
  • Improve internal depends_on clauses
  • Fix tflint complaints

why

  • Fixes #170
  • May improve destruction when network and cluster are provisioned at the same time
  • Maintain access if destruction only partly succeeds
Sync github @max-lobur (#184)

Rebuild github dir from the template

2.7.0

11 months ago
  • No changes

2.6.0

1 year ago
Add cluster_attributes variable to change cluster attribute @asmithdt (#172)

what

  • Add cluster_attributes variable to change cluster attribute

why

  • If migrating to this module the cluster name may not end with -cluster and it's neccessary to override the name of the resource.

references

  • Closes #171

2.5.0

1 year ago

🐛 Bug Fixes

Better behavior during destroy @Nuru (#169)

what

  • Improve behavior during terraform destroy
  • Update documentation

why

  • Clusters should destroy cleanly, but previously did not
  • Documentation referred to old examples, wrong security group

references

  • Fixes #161
  • Closes #164
  • Closes #165