Terraform module to deploy curated Kubernetes middlewares on multiple cloud providers.
⚠️ Issue with semver but this is the latest release
To focus on infrastructure components, addons unmaintained or without the need for complex Terraform deployment have been removed:
Kyverno released version 1.10 as well as v3 of their charts with a lot of breaking changes please see this documentation to migrate
Vault on Kubernetes in inherently insecure, traffic was unencrypted and it is hard to do best practice configuration inside Kubernetes. We recommend to switch to an external Vault on a dedicated VPC. To do so you can use our terraform-aws-vault module which deploy a standalone Vault cluster multi region, on EC2 instances, backed by DynamoDB global table backend as well as multi region KMS key replicas. In addition a route53 failover is available to fallback from one region to another. AMIs based on Amazon Linux 2023 can be built with our vault-packer
This module has been updated to use the new terraform-flux-provider which breaks the way Flux was bootstrapped before. Please foloow this guide to upgrade.
⚠️ This release currently use the v1.0.0-rc.5 provider which deploys Flux version v2.0.0-rc.5 by default. Module will be updated once Flux v2 is GA.
Velero release v4 of their charts which allow the configuration of multiple backup locations. The upgrade should be transparent. Plugins (AWS and CSI) have been updated to latest version.
IAM permissions have been synced with upstream for:
This release adds support for Karpenter, by making use of the module present in terraform-aws-eks. Karpenter is a bit tricky to deploy, especially with CMK for EBS root volume encryption.
A full demo will be available in our tEKS repository latest release.
⚠️ oidc_provider_arn must now be set in the eks module input variable:
eks = {
"cluster_oidc_issuer_url" = dependency.eks.outputs.cluster_oidc_issuer_url
"oidc_provider_arn" = dependency.eks.outputs.oidc_provider_arn
"cluster_endpoint" = dependency.eks.outputs.cluster_endpoint
}
Don't hesitate to reach via issues or discussion, this release has been tested but not all edge cases
Cheers
To focus on infrastructure components, addons unmaintained or without the need for complex Terraform deployment have been removed:
Kyverno released version 1.10 as well as v3 of their charts with a lot of breaking changes please see this documentation to migrate
Vault on Kubernetes in inherently insecure, traffic was unencrypted and it is hard to do best practice configuration inside Kubernetes. We recommend to switch to an external Vault on a dedicated VPC. To do so you can use our terraform-aws-vault module which deploy a standalone Vault cluster multi region, on EC2 instances, backed by DynamoDB global table backend as well as multi region KMS key replicas. In addition a route53 failover is available to fallback from one region to another. AMIs based on Amazon Linux 2023 can be built with our vault-packer
This module has been updated to use the new terraform-flux-provider which breaks the way Flux was bootstrapped before. Please foloow this guide to upgrade.
⚠️ This release currently use the v1.0.0-rc.5 provider which deploys Flux version v2.0.0-rc.5 by default. Module will be updated once Flux v2 is GA.
Velero release v4 of their charts which allow the configuration of multiple backup locations. The upgrade should be transparent. Plugins (AWS and CSI) have been updated to latest version.
IAM permissions have been synced with upstream for:
This release adds support for Karpenter, by making use of the module present in terraform-aws-eks. Karpenter is a bit tricky to deploy, especially with CMK for EBS root volume encryption.
A full demo will be available in our tEKS repository latest release.
Don't hesitate to reach via issues or discussion, this release has been tested but not all edge cases
Cheers