Skip to content

v14.0.0
Compare
Choose a tag to compare
@github-actions github-actions released this 03 Jun 08:27
· 1155 commits to release since this release
v14.0.0
b937885

⚠️ Issue with semver but this is the latest release

Breaking changes

Addons removal

To focus on infrastructure components, addons unmaintained or without the need for complex Terraform deployment have been removed:

  • Kafka Operator
  • Rabbitmq Operator
  • Flux v1
  • Keycloak
  • Calico without Tigera Operator
  • Kyverno
  • Vault

Note on Kyverno

Kyverno released version 1.10 as well as v3 of their charts with a lot of breaking changes please see this documentation to migrate

Note on Vault

Vault on Kubernetes in inherently insecure, traffic was unencrypted and it is hard to do best practice configuration inside Kubernetes. We recommend to switch to an external Vault on a dedicated VPC. To do so you can use our terraform-aws-vault module which deploy a standalone Vault cluster multi region, on EC2 instances, backed by DynamoDB global table backend as well as multi region KMS key replicas. In addition a route53 failover is available to fallback from one region to another. AMIs based on Amazon Linux 2023 can be built with our vault-packer

Flux v2 release candidate

This module has been updated to use the new terraform-flux-provider which breaks the way Flux was bootstrapped before. Please foloow this guide to upgrade.

⚠️ This release currently use the v1.0.0-rc.5 provider which deploys Flux version v2.0.0-rc.5 by default. Module will be updated once Flux v2 is GA.

Velero chart change

Velero release v4 of their charts which allow the configuration of multiple backup locations. The upgrade should be transparent. Plugins (AWS and CSI) have been updated to latest version.

IAM permissions

IAM permissions have been synced with upstream for:

  • aws-ebs-csi-driver
  • aws-efs-csi-driver
  • aws-load-balancer-controller

Karpenter

This release adds support for Karpenter, by making use of the module present in terraform-aws-eks. Karpenter is a bit tricky to deploy, especially with CMK for EBS root volume encryption.

A full demo will be available in our tEKS repository latest release.

⚠️ oidc_provider_arn must now be set in the eks module input variable:

 eks = {
    "cluster_oidc_issuer_url" = dependency.eks.outputs.cluster_oidc_issuer_url
    "oidc_provider_arn"       = dependency.eks.outputs.oidc_provider_arn
    "cluster_endpoint"        = dependency.eks.outputs.cluster_endpoint
  }

Don't hesitate to reach via issues or discussion, this release has been tested but not all edge cases

Cheers

Assets 2
Loading