Skip to content

Latest commit

 

History

History
1596 lines (883 loc) · 97.6 KB

CHANGELOG.md

File metadata and controls

1596 lines (883 loc) · 97.6 KB

Changelog

All notable changes to this project will be documented in this file.

20.8.1 (2024-03-10)

Bug Fixes

  • Do not attach policy if Karpenter node role is not created by module (#2964) (3ad19d7)

20.8.0 (2024-03-10)

Features

  • Replace the use of toset() with static keys for node IAM role policy attachment (#2962) (57f5130)

20.7.0 (2024-03-09)

Features

  • Add supprot for creating placement group for managed node group (#2959) (3031631)

20.6.0 (2024-03-09)

Features

  • Add support for tracking latest AMI release version on managed nodegroups (#2951) (393da7e)

20.5.3 (2024-03-08)

Bug Fixes

  • Update AWS provider version to support AL2023_* AMI types; ensure AL2023 user data receives cluster service CIDR (#2960) (dfe4114)

20.5.2 (2024-03-07)

Bug Fixes

  • Use the launch_template_tags on the launch template (#2957) (0ed32d7)

20.5.1 (2024-03-07)

Bug Fixes

  • Update CI workflow versions to remove deprecated runtime warnings (#2956) (d14cc92)

20.5.0 (2024-03-01)

Features

  • Add support for AL2023 nodeadm user data (#2942) (7c99bb1)

20.4.0 (2024-02-23)

Features

20.3.0 (2024-02-21)

Features

  • Add support for addon and identity provider custom tags (#2938) (f6255c4)

20.2.2 (2024-02-21)

Bug Fixes

  • Replace Karpenter SQS policy dynamic service princpal DNS suffixes with static amazonaws.com (#2941) (081c762)

20.2.1 (2024-02-08)

Bug Fixes

  • Karpenter enable_spot_termination = false should not result in an error (#2907) (671fc6e)

20.2.0 (2024-02-06)

Features

  • Allow enable/disable of EKS pod identity for the Karpenter controller (#2902) (cc6919d)

20.1.1 (2024-02-06)

Bug Fixes

  • Update access entries kubernetes_groups default value to null (#2897) (1e32e6a)

20.1.0 (2024-02-06)

Features

  • Add output for access_policy_associations (#2904) (0d2a4c2)

20.0.1 (2024-02-03)

Bug Fixes

  • Correct cluster access entry to create multiple policy associations per access entry (#2892) (4177913)

20.0.0 (2024-02-02)

⚠ BREAKING CHANGES

  • Replace the use of aws-auth configmap with EKS cluster access entry (#2858)

Features

  • Replace the use of aws-auth configmap with EKS cluster access entry (#2858) (6b40bdb)

19.21.0 (2023-12-11)

Features

19.20.0 (2023-11-14)

Features

  • Allow OIDC root CA thumbprint to be included/excluded (#2778) (091c680)

19.19.1 (2023-11-10)

Bug Fixes

  • Remove additional conditional on Karpenter instance profile creation to support upgrading (#2812) (c36c8dc)

19.19.0 (2023-11-04)

Features

  • Update KMS module to avoid calling data sources when create_kms_key = false (#2804) (0732bea)

19.18.0 (2023-11-01)

Features

19.17.4 (2023-10-30)

Bug Fixes

  • Updating license_specification result type (#2798) (ba0ebeb)

19.17.3 (2023-10-30)

Bug Fixes

  • Correct key used on license_configuration_arn (#2796) (bd4bda2)

19.17.2 (2023-10-10)

Bug Fixes

  • Karpenter node IAM role policies variable should be a map of strings, not list (#2771) (f4766e5)

19.17.1 (2023-10-06)

Bug Fixes

19.17.0 (2023-10-06)

Features

  • Add support for allowed_instance_types on self-managed nodegroup ASG (#2757) (feee18d)

19.16.0 (2023-08-03)

Features

  • Add node_iam_role_arns local variable to check for Windows platform on EKS managed nodegroups (#2477) (adb47f4)

19.15.4 (2023-07-27)

Bug Fixes

  • Use coalesce when desired default value is not null (#2696) (c86f8d4)

19.15.3 (2023-06-09)

Bug Fixes

  • Snapshot permissions issue for Karpenter submodule (#2649) (6217d0e)

19.15.2 (2023-05-30)

Bug Fixes

  • Ensure isra_tag_values can be tried before defaulting to cluster_name on Karpenter module (#2631) (6c56e2a)

19.15.1 (2023-05-24)

Bug Fixes

19.15.0 (2023-05-24)

Features

  • Ignore changes to .aws_iam_role..role_last_used (#2628) (f8ea3d0)

19.14.0 (2023-05-17)

Features

19.13.1 (2023-04-18)

Bug Fixes

19.13.0 (2023-04-12)

Features

19.12.0 (2023-03-31)

Features

  • Add Autoscaling schedule for EKS managed node group (#2504) (4a2523c)

19.11.0 (2023-03-28)

Features

  • Add optional list of policy ARNs for attachment to Karpenter IRSA (#2537) (bd387d6)

19.10.3 (2023-03-23)

Bug Fixes

  • Add aws_eks_addons.before_compute to the cluster_addons output (#2533) (f977d83)

19.10.2 (2023-03-23)

Bug Fixes

  • Add Name tag for EKS cloudwatch log group (#2500) (e64a490)

19.10.1 (2023-03-17)

Bug Fixes

19.10.0 (2023-02-17)

Features

  • Allow setting custom IRSA policy name for karpenter (#2480) (8954ff7)

19.9.0 (2023-02-17)

Features

  • Add support for enabling addons before data plane compute is created (#2478) (78027f3)

19.8.0 (2023-02-15)

Features

  • Add auto discovery permission of cluster endpoint to Karpenter role (#2451) (c4a4b8a)

19.7.0 (2023-02-07)

Features

19.6.0 (2023-01-28)

Features

  • Add prometheus-adapter port 6443 to recommended sec groups (#2399) (059dc0c)

19.5.1 (2023-01-05)

Bug Fixes

  • AMI lookup should only happen when launch template is created (#2386) (3834935)

19.5.0 (2023-01-05)

Features

  • Ignore changes to labels and annotations on on aws-auth ConfigMap (#2380) (5015b42)

19.4.3 (2023-01-05)

Bug Fixes

  • Use a version for to avoid GitHub API rate limiting on CI workflows (#2376) (460e43d)

19.4.2 (2022-12-20)

Bug Fixes

  • Drop spot-instances-request from tag_specifications (#2363) (e391a99)

19.4.1 (2022-12-20)

Bug Fixes

  • Correct eks_managed_* to self_managed_* for tag_specification argument (#2364) (df7c57c)

19.4.0 (2022-12-19)

Features

  • Allow configuring which tags are passed on launch template tag specifications (#2360) (094ed1d)

19.3.1 (2022-12-18)

Bug Fixes

  • Correct map name for security group rule 4443/tcp (#2354) (13a9542)

19.3.0 (2022-12-18)

Features

  • Add additional port for metrics-server to recommended rules (#2353) (5a270b7)

19.2.0 (2022-12-18)

Features

  • Ensure all supported resources are tagged under tag_specifications on launch templates (#2352) (0751a0c)

19.1.1 (2022-12-17)

Bug Fixes

  • Use IAM session context data source to resolve the identities role when using assumed_role (#2347) (71b8eca)

19.1.0 (2022-12-16)

Features

  • Add support for addon configuration_values (#2345) (3b62f6c)

19.0.4 (2022-12-07)

Bug Fixes

  • Ensure that custom KMS key is not created if encryption is not enabled, support computed values in cluster name (#2328) (b83f6d9)

19.0.3 (2022-12-07)

Bug Fixes

  • Invalid value for "replace" parameter: argument must not be null. (#2322) (9adc475)

19.0.2 (2022-12-06)

Bug Fixes

  • public_access_cidrs require a value even if public endpoint is disabled (#2320) (3f6d915)

19.0.1 (2022-12-06)

Bug Fixes

  • Call to lookup() closed too early, breaks sg rule creation in cluster sg if custom source sg is defined. (#2319) (7bc4a27)

19.0.0 (2022-12-05)

⚠ BREAKING CHANGES

  • Add support for Outposts, remove node security group, add support for addon preserve and most_recent configurations (#2250)

Features

  • Add support for Outposts, remove node security group, add support for addon preserve and most_recent configurations (#2250) (b2e97ca)

18.31.2 (2022-11-23)

Bug Fixes

  • Ensure that var.create is tied to all resources correctly (#2308) (3fb28b3)

18.31.1 (2022-11-22)

Bug Fixes

  • Include all certificate fingerprints in the OIDC provider thumbprint list (#2307) (7436178)

18.31.0 (2022-11-21)

Features

  • New Karpenter sub-module for easily enabling Karpenter on EKS (#2303) (f24de33)

18.30.3 (2022-11-07)

Bug Fixes

  • Update CI configuration files to use latest version (#2293) (364c60d)

18.30.2 (2022-10-14)

Bug Fixes

  • Disable creation of cluster security group rules that map to node security group when create_node_security_group = false (#2274) (28ccece)

18.30.1 (2022-10-11)

Bug Fixes

  • Update CloudWatch log group creation deny policy to use wildcard (#2267) (ac4d549)

18.30.0 (2022-09-29)

Features

  • Add output for cluster TLS certificate SHA1 fingerprint and provider tags to cluster primary security group (#2249) (a74e980)

18.29.1 (2022-09-26)

Bug Fixes

  • Set image_id to come from the launch template instead of data source for self-managed node groups (#2239) (c5944e5)

18.29.0 (2022-08-26)

Features

  • Allow TLS provider to use versions 3.0+ (i.e. - >= 3.0) (#2211) (f576a6f)

18.28.0 (2022-08-17)

Features

  • Add output for launch template name, and correct variable type value (#2205) (0a52d69)

18.27.1 (2022-08-09)

Bug Fixes

  • Remove empty "" from node group names output when node group creation is disabled (#2197) (d2f162b)

18.27.0 (2022-08-09)

Features

  • Default to clusters OIDC issuer URL for aws_eks_identity_provider_config (#2190) (93065fa)

18.26.6 (2022-07-22)

Bug Fixes

  • Pin TLS provider version to 3.x versions only (#2174) (d990ea8)

18.26.5 (2022-07-20)

Bug Fixes

  • Bump kms module to 1.0.2 to fix malformed policy document when not specifying key_owners (#2163) (0fd1ab1)

18.26.4 (2022-07-20)

Bug Fixes

  • Use partition data source on VPC CNI IPv6 policy (#2161) (f2d67ff)

18.26.3 (2022-07-05)

Bug Fixes

  • Correct Fargate profiles additional IAM role policies default type to match variable (#2143) (c4e6d28)

18.26.2 (2022-07-01)

Bug Fixes

  • Correct variable types to improve dynamic check correctness (#2133) (2d7701c)

18.26.1 (2022-06-29)

Bug Fixes

  • Update KMS module version which aligns on module version requirements (#2127) (bc04cd3)

18.26.0 (2022-06-28)

Features

  • Add support for specifying NTP address to use private Amazon Time Sync Service (#2125) (4543ab4)

18.25.0 (2022-06-28)

Features

  • Add support for creating KMS key for cluster secret encryption (#2121) (75acb09)

18.24.1 (2022-06-19)

Bug Fixes

  • Remove modified_at from ignored changes on EKS addons (#2114) (5a5a32e)

18.24.0 (2022-06-18)

Features

  • Add support for specifying control plane subnets separate from those used by node groups (data plane) (#2113) (ebc91bc)

18.23.0 (2022-06-02)

Features

  • Add autoscaling_group_tags variable to self-managed-node-groups (#2084) (8584dcb)

18.22.0 (2022-06-02)

Features

  • Apply distinct() on role arns to ensure no duplicated roles in aws-auth configmap (#2097) (3feb369)

18.21.0 (2022-05-12)

Features

  • Add create_autoscaling_group option and extra outputs (#2067) (58420b9)

18.20.5 (2022-04-21)

Bug Fixes

  • Add conditional variable to allow users to opt out of tagging cluster primary security group (#2034) (51e4182)

18.20.4 (2022-04-20)

Bug Fixes

18.20.3 (2022-04-20)

Bug Fixes

  • Add compact() to aws_auth_configmap_yaml for when node groups are set to create = false (#2029) (c173ba2)

18.20.2 (2022-04-12)

Bug Fixes

  • Avoid re-naming the primary security group through a Name tag and leave to the EKS service to manage (#2010) (b5ae5da)

18.20.1 (2022-04-09)

Bug Fixes

  • iam_role_user_name_prefix type as an bool (#2000) (c576aad)

18.20.0 (2022-04-09)

Features

  • Add support for managing aws-auth configmap using new kubernetes_config_map_v1_data resource (#1999) (da3d54c)

18.19.0 (2022-04-04)

Features

  • Add create_before_destroy lifecycle hook to security groups created (#1985) (6db89f8)

18.18.0 (2022-04-03)

Features

  • Add support for allowing EFA network interfaces (#1980) (523144e)

18.17.1 (2022-04-02)

Bug Fixes

  • Correct capacity_reservation_target within launch templates of both EKS and self managed node groups (#1979) (381144e)

18.17.0 (2022-03-30)

Features

  • Add back in CloudWatch log group create deny policy to cluster IAM role (#1974) (98e137f)

18.16.0 (2022-03-29)

Features

  • Support default_tags in aws_autoscaling_group (#1973) (7a9458a)

18.15.0 (2022-03-25)

Features

  • Update TLS provider and remove unnecessary cloud init version requirements (#1966) (0269d38)

18.14.1 (2022-03-24)

Bug Fixes

  • Default to cluster version for EKS and self managed node groups when a cluster_version is not specified (#1963) (fd3a3e9)

18.14.0 (2022-03-24)

Features

  • Add tags to EKS created cluster security group to match rest of module tagging scheme (#1957) (9371a29)

18.13.0 (2022-03-23)

Features

  • Allow users to selectively attach the EKS created cluster primary security group to nodes (#1952) (e21db83)

18.12.0 (2022-03-22)

Features

  • Add outputs for autoscaling group names created to aid in autoscaling group tagging (#1953) (8b03b7b)

18.11.0 (2022-03-18)

Features

  • Allow users to specify default launch template name in node groups (#1946) (a9d2cc8)

18.10.2 (2022-03-17)

Bug Fixes

  • Sub-modules output the correct eks worker iam arn when workers utilize custom iam role (#1912) (06a3469)

18.10.1 (2022-03-15)

Bug Fixes

  • Compact result of cluster security group to avoid disruptive updates when no security groups are supplied (#1934) (5935670)

18.10.0 (2022-03-12)

Features

  • Made it clear that we stand with Ukraine (fad350d)

18.9.0 (2022-03-09)

Features

  • Add variables to allow users to control attributes on cluster_encryption IAM policy (#1928) (2df1572)

18.8.1 (2022-03-02)

Bug Fixes

  • Ensure that cluster encryption policy resources are only relevant when creating the IAM role (#1917) (0fefca7)

18.8.0 (2022-03-02)

Features

  • Add additional IAM policy to allow cluster role to use KMS key provided for cluster encryption (#1915) (7644952)

18.7.3 (2022-03-02)

Bug Fixes

  • Add support for overriding DNS suffix for cluster IAM role service principal endpoint (#1905) (9af0c24)

18.7.2 (2022-02-16)

Bug Fixes

  • Update examples to show integration and usage of new IRSA submodule (#1882) (8de02b9)

18.7.1 (2022-02-15)

Bug Fixes

  • Add missing quotes to block_duration_minutes (#1881) (8bc6488)

18.7.0 (2022-02-15)

Features

  • Add variable to provide additional OIDC thumbprints (#1865) (3fc9f2d)

18.6.1 (2022-02-15)

Bug Fixes

  • Update autoscaling group tags -> tag to support v4 of AWS provider (#1866) (74ad4b0)

18.6.0 (2022-02-11)

Features

  • Add additional output for OIDC provider (issuer URL without leading https://) (#1870) (d3b6847)

18.5.1 (2022-02-09)

Bug Fixes

  • Use existing node security group when one is provided (#1861) (c821ba7)

18.5.0 (2022-02-08)

Features

  • Allow conditional creation of node groups to be set within node group definitions (#1848) (665f468)

18.4.1 (2022-02-07)

Bug Fixes

  • Add node group dependency for EKS addons resource creation (#1840) (2515e0e)

18.4.0 (2022-02-06)

Features

18.3.1 (2022-02-04)

Bug Fixes

  • The block_duration_minutes attribute under launch template spot_options is not a required (#1847) (ccc4747)

18.3.0 (2022-02-03)

Features

  • Add launch_template_tags variable for additional launch template tags (#1835) (9186def)

18.2.7 (2022-02-02)

Bug Fixes

  • Don't tag self managed node security group with kubernetes.io/cluster tag (#1774) (a638e4a)

18.2.6 (2022-02-01)

Bug Fixes

  • Wrong rolearn in aws_auth_configmap_yaml (#1820) (776009d)

18.2.5 (2022-02-01)

Bug Fixes

  • Correct issue where custom launch template is not used when EKS managed node group is used externally (#1824) (e16b3c4)

18.2.4 (2022-01-30)

Bug Fixes

  • add missing launch_template_use_name_prefix parameter to the root module (#1818) (d6888b5)

18.2.3 (2022-01-24)

Bug Fixes

  • Add missing mixed_instances_policy parameter to the root module (#1808) (4af77f2)

18.2.2 (2022-01-22)

Bug Fixes

  • Attributes in timeouts are erroneously reversed (#1804) (f8fe584)

18.2.1 (2022-01-18)

Bug Fixes

  • Change instance_metadata_tags to default to null/disabled due to tag key pattern conflict (#1788) (8e4dfa2)

18.2.0 (2022-01-14)

Features

  • Add instance_metadata_tags attribute to launch templates (#1781) (85bb1a0)

18.1.0 (2022-01-14)

Features

  • Add support for networking ip_family which enables support for IPV6 (#1759) (314192e)

18.0.6 (2022-01-11)

Bug Fixes

  • Correct remote access variable for security groups and add example for additional IAM policies (#1766) (f54bd30)

18.0.5 (2022-01-08)

Bug Fixes

  • Use the prefix_separator var for node sg prefix (#1751) (62879dd)

18.0.4 (2022-01-07)

Bug Fixes

  • Not to iterate over remote_access object in dynamic block (#1743) (86b3c33)

18.0.3 (2022-01-06)

Bug Fixes

  • Remove trailing hyphen from cluster security group and iam role name prefix (#1745) (7089c71)

18.0.2 (2022-01-06)

Bug Fixes

  • Change variable "node_security_group_additional_rules" from type map(any) to any (#1747) (8921827)

18.0.1 (2022-01-06)

Bug Fixes

  • Correct conditional map for cluster security group additional rules (#1738) (a2c7caa)

18.0.0 (2022-01-05)

⚠ BREAKING CHANGES

  • Removed support for launch configuration and replace count with for_each (#1680)

Features

  • Removed support for launch configuration and replace count with for_each (#1680) (ee9f0c6)

Bug Fixes

  • Update preset rule on semantic-release to use conventional commits (#1736) (be86c0b)

17.24.0 (2021-11-22)

Bug Fixes

  • Added Deny for CreateLogGroup action in EKS cluster role (#1594) (6959b9b)
  • update CI/CD process to enable auto-release workflow (#1698) (b876ff9)

Features

  • Add ability to define custom timeout for fargate profiles (#1614) (b7539dc)
  • Removed ng_depends_on variable and related hack (#1672) (56e93d7)

v17.23.0 - 2021-11-02

FEATURES:

  • Added support for client.authentication.k8s.io/v1beta1 (#1550)
  • Improve managed node group bootstrap revisited (#1577)

BUG FIXES:

  • Fixed variable reference for snapshot_id (#1634)

v17.22.0 - 2021-10-14

BUG FIXES:

  • MNG cluster datasource errors (#1639)

v17.21.0 - 2021-10-12

FEATURES:

  • Fix custom AMI bootstrap (#1580)
  • Enable throughput & iops configs for managed node_groups (#1584)
  • Allow snapshot_id to be specified for additional_ebs_volumes (#1431)
  • Allow interface_type to be specified in worker_groups_launch_template (#1439)

BUG FIXES:

  • Rebuild examples (#1625)
  • Bug with data source in managed groups submodule (#1633)
  • Fixed launch_templates_with_managed_node_group example (#1599)

DOCS:

  • Update iam-permissions.md (#1613)
  • Updated iam-permissions.md (#1612)
  • Updated faq about desired count of instances in node and worker groups (#1604)
  • Update faq about endpoints (#1603)
  • Fix broken URL in README (#1602)
  • Remove asg_recreate_on_change in faq (#1596)

v17.20.0 - 2021-09-17

FEATURES:

  • Ability to specify cluster update timeout (#1588)

v17.19.0 - 2021-09-16

REFACTORS:

  • Refactoring to match the rest of terraform-aws-modules (#1583)

v17.18.0 - 2021-09-08

FEATURES:

  • Add metadata_options for node_groups (#1485)

v17.17.0 - 2021-09-08

FEATURES:

  • Added custom AMI support for managed node groups (#1473)

v17.16.0 - 2021-09-08

BUG FIXES:

  • Fixed coalescelist() with subnets in fargate module (#1576)

v17.15.0 - 2021-09-06

FEATURES:

  • Added ability to pass different subnets for fargate and the cluster (#1527)

v17.14.0 - 2021-09-06

FEATURES:

  • Create SG rule for each new cluster_endpoint_private_access_cidr block (#1549)

v17.13.0 - 2021-09-06

BUG FIXES:

  • Worker security group handling when worker_create_security_group=false (#1461)

v17.12.0 - 2021-09-06

FEATURES:

  • Add ability to tag network-interface using Launch Template (#1563)

v17.11.0 - 2021-09-04

BUG FIXES:

  • Updated required version of AWS provider to 3.56.0 (#1571)

v17.10.0 - 2021-09-03

FEATURES:

  • Added support for update_config in EKS managed node groups (#1560)

v17.9.0 - 2021-09-03

FEATURES:

  • Allow override of timeouts in node_groups (#1552)
  • Ability to tag just EKS cluster (#1569)

v17.8.0 - 2021-09-03

BUG FIXES:

  • Put KubeletExtraArgs in double quotes for Windows (#1082)

v17.7.0 - 2021-09-02

FEATURES:

  • Added throughput support for root and EBS disks (#1445)

v17.6.0 - 2021-08-31

FEATURES:

  • Tags passed into worker_groups_launch_template extend var.tags for the volumes (#1397)

v17.5.0 - 2021-08-31

FEATURES:

  • Allow users to add more Audiences to OpenID Connect (#1451)

v17.4.0 - 2021-08-27

BUG FIXES:

  • Discourage usage of iam_policy_attachment in example (#1529)
  • Allow instance Name tag to be overwritten (#1538)

DOCS:

  • Fix cluster-autoscaler tags in irsa example (#1436)
  • Add missing comma to docs/iam-permissions.md (#1437)
  • Updated autoscaling.md (#1515)

v17.3.0 - 2021-08-25

BUG FIXES:

  • Fixed launch template version infinite plan issue and improved rolling updates (#1447)

v17.2.0 - 2021-08-25

FEATURES:

  • Support for encrypted root disk in node_groups (#1428)
  • Enable ebs_optimized setting for node_groups (#1459)

v17.1.0 - 2021-06-09

FEATURES:

  • Add support for Managed Node Groups (node_groups) taints (#1424)
  • Allow to choose launch template version for Managed Node Groups when create_launch_template is set to true (#1419)
  • Add capacity_rebalance support for self-managed worker groups (#1326)
  • Add var.wait_for_cluster_timeout to allow configuring the wait for cluster timeout (#1420)

v17.0.3 - 2021-05-28

BUG FIXES:

  • Fix AMI filtering when the default platform is provided in var.workers_group_defaults (#1413)
  • Remove duplicated security group rule for EKS private access endpoint (#1412)

NOTES:

v17.0.2 - 2021-05-28

BUG FIXES:

  • Don't add tags on network interfaces because it's not supported yet in terraform-provider-aws (#1407)

v17.0.1 - 2021-05-28

BUG FIXES:

  • Default root_volume_type must be gp2 (#1404)

v17.0.0 - 2021-05-28

FEATURES:

  • Add ability to use Security Groups as source for private endpoint access (#1274)
  • Define Root device name for Windows self-managed worker groups (#1401)
  • Drop random pets from Managed Node Groups (#1372)
  • Add multiple selectors on the creation of Fargate profile (#1378)
  • Rename config_output_path into kubeconfig_output_path for naming consistency (#1399)
  • Kubeconfig file should not be world or group readable by default (#1114)
  • Add tags on network interfaces (#1362)
  • Add instance store volume option for instances with local disk (#1213)

BUG FIXES:

  • Add back depends_on for data.wait_for_cluster (#1389)

DOCS:

  • Clarify about the cluster_endpoint_private_access_cidrs usage (#1400)
  • Add KMS aliases handling to IAM permissions (#1288)

BREAKING CHANGES:

  • The private endpoint security group rule has been renamed to allow the use of CIDR blocks and Security Groups as source. This will delete the cluster_private_access Security Group Rule for existing cluster. Please rename by aws_security_group_rule.cluster_private_access[0] into aws_security_group_rule.cluster_private_access_cidrs_source[0].
  • We now decided to remove random_pet resources in Managed Node Groups (MNG). Those were used to recreate MNG if something change and also simulate the newly added argument node_group_name_prefix. But they were causing a lot of troubles. To upgrade the module without recreating your MNG, you will need to explicitly reuse their previous name and set them in your MNG name argument. Please see upgrade docs for more details.
  • To support multiple selectors for Fargate profiles, we introduced the selectors argument which is a list of map. This will break previous configuration with a single selector namespace and labels. You'll need to rewrite your configuration to use the selectors argument. See examples dans docs for details.
  • The variable config_output_path is renamed into kubeconfig_output_path for naming consistency. Please upgrade your configuration accordingly.

NOTES:

  • Since we now search only for Linux or Windows AMI if there is a worker groups for the corresponding platform, we can now define different default root block device name for each platform. Use locals root_block_device_name and root_block_device_name_windows to define your owns.
  • The kubeconfig file permission is not world and group readable anymore. The default permission is now 600. This value can be changed with the variable var.kubeconfig_file_permission.

v16.2.0 - 2021-05-24

FEATURES:

  • Add ability to forcefully update nodes in managed node groups (#1380)

BUG FIXES:

  • Bump terraform-provider-http required version to 2.4.1 to avoid TLS Cert Pool issue on Windows (#1387)

DOCS:

  • Update license to Apache 2 License (#1375)

v16.1.0 - 2021-05-19

FEATURES:

  • Search for Windows or Linux AMIs only if they are needed (#1371)

BUG FIXES:

  • Set an ASG's launch template version to an explicit version to automatically trigger instance refresh (#1370)
  • Add description for private API ingress Security Group Rule (#1299)

DOCS:

  • Fix cluster autoscaler tags in IRSA example (#1204)
  • Add Bottlerocket example (#1296)

NOTES:

  • Set an ASG's launch template version to an explicit version automatically. This will ensure that an instance refresh will be triggered whenever the launch template changes. The default launch_template_version is now used to determine the latest or default version of the created launch template for self-managed worker groups.

v16.0.1 - 2021-05-19

BUG FIXES:

  • Bump terraform-aws-modules/http provider version to support darwin arm64 release (#1369)

DOCS:

  • Use IRSA for Node Termination Handler IAM policy attachment in Instance Refresh example (#1373)

v16.0.0 - 2021-05-17

FEATURES:

  • Add support for Auto Scaling Group Instance Refresh for self-managed worker groups (#1224)
  • Drop asg_recreate_on_change feature to encourage the usage of Instance Refresh for EC2 Auto Scaling (#1360)
  • Add timeout of 5mn when waiting for cluster (#1359)
  • Remove dependency on deprecated hashicorp/template provider (#1297)
  • Replace the local-exec script with a http datasource for waiting cluster (#1339)

BUG FIXES:

  • Remove provider from required providers (#1357)
  • Bump AWS provider version to add Warm Pool support (#1340)

CI:

  • Bump terraform-docs to 0.13 (#1335)

BREAKING CHANGES:

  • This module used random_pet resources to create a random name for the autoscaling group to force the autoscaling group to be re-created when the launch configuration or launch template was changed (if recreate_asg_when_lc_changes = true was set), causing the instances to be removed and re-provisioned each time there was an update. Those random_pet resources has been removed and in its place there is now a set of functionality provided by AWS and the Terraform AWS provider - Instance Refresh. We encourage those users to move on Instance Refresh for EC2 Auto Scaling.
  • We remove the dependency on the deprecated hashicorp/template provider and use the Terraform built in templatefile function. This will broke some workflows due to previously being able to pass in the raw contents of a template file for processing. The templatefile function requires a template file that exists before running a plan.

NOTES:

  • Using the terraform-aws-modules/http provider is a more platform agnostic way to wait for the cluster availability than using a local-exec. With this change we're able to provision EKS clusters and manage the aws_auth configmap while still using the hashicorp/tfc-agent docker image.

v15.2.0 - 2021-05-04

FEATURES:

  • Add tags on additional IAM resources like IAM policies, instance profile, OIDC provider (#1321)
  • Allow to override cluster and workers egress CIDRs (#1237)
  • Allow to specify the managed cluster IAM role name (#1199)
  • Add support for ASG Warm Pools (#1310)
  • Add support for specifying elastic inference accelerator (#1176)
  • Create launch template for Managed Node Groups (#1138)

BUG FIXES:

  • Replace list with tolist function for working with terraform v0.15.0 (#1317)
  • Limit cluster_name when creating fargate IAM Role (#1270)
  • Add mission metadata block for launch configuration (#1301)
  • Add missing IAM permission for NLB with EIPs (#1226)
  • Change back the default disk type to gp2 (#1208)

DOCS:

  • Update helm instructions for irsa example (#1251)

v15.1.0 - 2021-04-16

BUG FIXES:

  • Fixed list and map usage (#1307)

v15.0.0 - 2021-04-16

BUG FIXES:

  • Updated code and version requirements to work with Terraform 0.15 (#1165)

v14.0.0 - 2021-01-29

FEATURES:

  • Add nitro enclave support for EKS (#1185)
  • Add support for service_ipv4_cidr for the EKS cluster (#1139)
  • Add the SPOT support for Managed Node Groups (#1129)
  • Use gp3 as default as it saves 20% and is more performant (#1134)
  • Allow the overwrite of subnets for Fargate profiles (#1117)
  • Add support for throughput parameter for gp3 volumes (#1146)
  • Add customizable Auto Scaling Group health check type (#1118)
  • Add permissions boundary to fargate execution IAM role (#1108)

ENHANCEMENTS:

  • Don't set -x in userdata to avoid printing sensitive information in logs (#1187)

BUG FIXES:

  • Merge tags from Fargate profiles with common tags from cluster (#1159)

DOCS:

  • Update changelog generation to use custom sort with git-chglog v0.10.0 (#1202)
  • Bump IRSA example dependencies to versions which work with TF 0.14 (#1184)
  • Change instance type from t2 to t3 in examples (#1169)
  • Fix typos in README and CONTRIBUTING (#1167)
  • Make it more obvious that var.cluster_iam_role_name will allow reusing an existing IAM Role for the cluster. (#1133)
  • Fixes typo in variables description (#1154)
  • Fix a typo in the aws-auth section of the README (#1099)

BREAKING CHANGES:

  • To add add SPOT support for MNG, the instance_type is now a list and renamed as instance_types. This will probably rebuild existing Managed Node Groups.
  • The default root volume type is now gp3 as it saves 20% and is more performant

NOTES:

  • The EKS cluster can be provisioned with both private and public subnets. But Fargate only accepts private ones. This new variable allows to override the subnets to explicitly pass the private subnets to Fargate and work around that issue.

v13.2.1 - 2020-11-12

ENHANCEMENTS:

  • Tags passed into worker groups should also be excluded from Launch Template tag specification (#1095)

BUG FIXES:

  • Don’t add empty Roles ARN in aws-auth configmap, specifically when no Fargate profiles are specified (#1096)

DOCS:

  • Clarify usage of both AWS-Managed Node Groups and Self-Managed Worker Groups (#1094)

v13.2.0 - 2020-11-07

FEATURES:

  • Add EKS Fargate support (#1067)
  • Tags passed into worker groups override tags from var.tags for Autoscaling Groups (#1092)

BUG FIXES:

  • Change the default launch_template_id to null for Managed Node Groups (#1088)

DOCS:

  • Fix IRSA example when deploying cluster-autoscaler from the latest kubernetes/autoscaler helm repo (#1090)
  • Explain node_groups and worker_groups difference in FAQ (#1081)
  • Update autoscaler installation in IRSA example (#1063)

NOTES:

  • Tags that are passed into var.worker_groups_launch_template or var.worker_groups now override tags passed in via var.tags for Autoscaling Groups only. This allow ASG Tags to be overwritten, so that propagate_at_launch can be tweaked for a particular key.

v13.1.0 - 2020-11-02

FEATURES:

  • Add Launch Template support for Managed Node Groups (#997)
  • Add cloudwatch_log_group_arn to outputs (#1071)
  • Add kubernetes standard labels to avoid manual mistakes on the managed aws-auth configmap (#989)

BUG FIXES:

  • The type of the output cloudwatch_log_group_name should be a string instead of a list of strings (#1061)
  • Use splat syntax to avoid errors during destroy with an empty state (#1041)
  • Fix cycle error during the destroy phase when we change workers order (#1043)
  • Set IAM Path for cluster_elb_sl_role_creation IAM policy (#1045)
  • Use the amazon ImageOwnerAlias for worker ami owner instead of owner id (#1038)

CI:

  • Use ubuntu-latest instead of MacOS for docs checks (#1074)
  • Fix GitHub Actions CI macOS build errors (#1065)

NOTES:

  • Managed Node Groups now support Launch Templates. The Launch Template it self is not managed by this module, so you have to create it by your self and pass it's id to this module. See docs and examples/launch_templates_with_managed_node_groups/ for more details.
  • The output cloudwatch_log_group_name was incorrectly returning the log group name as a list of strings. As a workaround, people were using module.eks_cluster.cloudwatch_log_group_name[0] but that was totally inconsistent with output name. Those users can now use module.eks_cluster.cloudwatch_log_group_name directly.
  • Keep in mind that changing the order of workers group is a destructive operation. All workers group are destroyed and recreated. If you want to do this safely, you should move then in state with terraform state mv until we manage workers groups as maps.

v13.0.0 - 2020-10-06

FEATURES:

  • Add load_balancers parameter to associate a CLB (Classic Load Balancer) to worker groups ASG (#992)
  • Dynamic Partition for IRSA to support AWS-CN Deployments (#1028)
  • Add AmazonEKSVPCResourceController to cluster policy to be able to set AWS Security Groups for pod (#1011)
  • Cluster version is now a required variable. (#972)

ENHANCEMENTS:

  • Make the cpu_credits optional for workers launch template (#1030)
  • Update the wait_for_cluster_cmd logic to use curl if wget doesn't exist (#1002)

BUG FIXES:

  • Use customer managed policy instead of inline policy for cluster_elb_sl_role_creation (#1039)
  • More compatibility fixes for Terraform v0.13 and aws v3 (#976)
  • Create cluster_private_access security group rules when it should (#981)
  • Random_pet with LT workers under 0.13.0 (#940)

DOCS:

  • Add important notes about the retry logic and the wget requirement (#999)
  • Update README about cluster_version variable requirement (#988)
  • Mixed spot + on-demand instance documentation (#967)
  • Describe key_name is about AWS EC2 key pairs (#970)
  • Better documentation of cluster_id output blocking (#955)

CI:

  • Bump terraform pre-commit hook version and re-run terraform-docs with the latest version to fix the CI (#1033)
  • Fix CI lint job (#973)

BREAKING CHANGES:

  • Default for cluster_endpoint_private_access_cidrs is now null instead of ["0.0.0.0/0"]. It makes the variable required when cluster_create_endpoint_private_access_sg_rule is set to true. This will force everyone who want to have a private access to set explicitly their allowed subnets for the sake of the principle of least access by default.
  • cluster_version variable is now required.

NOTES:

  • credit_specification for worker groups launch template can now be set to null so that we can use non burstable EC2 families
  • Starting in v12.1.0 the cluster_id output depends on the wait_for_cluster null resource. This means that initialization of the kubernetes provider will be blocked until the cluster is really ready, if the module is set to manage the aws_auth ConfigMap and user followed the typical Usage Example. kubernetes resources in the same plan do not need to depend on anything explicitly.

v12.2.0 - 2020-07-13

FEATURES:

  • IMDSv2 metadata configuration in Launch Templates (#938)
  • Worker launch templates and configurations depend on security group rules and IAM policies (#933)
  • Add IAM permissions for ELB svc-linked role creation by EKS cluster (#902)
  • Add a homemade depends_on for MNG submodule to ensure ordering of resource creation (#867)

BUG FIXES:

  • Strip user Name tag from asg_tags #946)
  • Get on_demand_allocation_strategy from local.workers_group_defaults when deciding to use mixed_instances_policy (#908)
  • Remove unnecessary conditional in private access security group (#915)

DOCS:

  • Update required IAM permissions list (#936)
  • Improve FAQ on how to deploy from Windows (#927)
  • Autoscaler X.Y version must match (#928)

NOTES:

  • Addition of the IMDSv2 metadata configuration block to Launch Templates will cause a diff to be generated for existing Launch Templates on first Terraform apply. The defaults match existing behaviour.

v12.1.0 - 2020-06-06

FEATURES:

  • Add aws_security_group_rule.cluster_https_worker_ingress to output values (#901)
  • Allow communication between pods on workers and pods using the primary cluster security group (optional) (#892)

BUG FIXES:

  • Revert removal of templates provider (#883)
  • Ensure kubeconfig ends with \n (#880)
  • Work around path bug in aws-iam-authenticator (#894)

DOCS:

NOTES:

  • New variable worker_create_cluster_primary_security_group_rules to allow communication between pods on workers and pods using the primary cluster security group (Managed Node Groups or Fargate). It defaults to false to avoid potential conflicts with existing security group rules users may have implemented.

v12.0.0 - 2020-05-09

FEATURES:

  • Create kubeconfig with non-executable permissions (#864)
  • Change EKS default version to 1.16 (#857)

ENHANCEMENTS:

  • Remove dependency on external template provider (#854)

BUG FIXES:

  • Fix Launch Templates error with aws 2.61.0 (#875)
  • Use splat syntax for cluster name to avoid (known after apply) in managed node groups (#868)

DOCS:

  • Add notes for Kubernetes 1.16 (#873)
  • Remove useless template provider in examples (#863)

BREAKING CHANGES:

  • The default cluster_version is now 1.16. Kubernetes 1.16 includes a number of deprecated API removals, and you need to ensure your applications and add ons are updated, or workloads could fail after the upgrade is complete. For more information on the API removals, see the Kubernetes blog post. For action you may need to take before upgrading, see the steps in the EKS documentation. Please set explicitly your cluster_version to an older EKS version until your workloads are ready for Kubernetes 1.16.

v11.1.0 - 2020-04-23

FEATURES:

  • Add support for EC2 principal in assume worker role policy for China (#827)

BUG FIXES:

  • Add vpc_config.cluster_security_group output as primary cluster security group id (#828)
  • Wrap local.configmap_roles.groups with tolist() to avoid panic (#846)
  • Prevent coalescelist null argument error when destroying worker_group_launch_templates (#842)

v11.0.0 - 2020-03-31

FEATURES:

  • Add instance tag specifications to Launch Template (#822)
  • Add support for additional volumes in launch templates and launch configurations (#800)
  • Add interpreter option to wait_for_cluster_cmd (#795)

ENHANCEMENTS:

  • Require kubernetes provider >=1.11.1 (#784)
  • Use aws_partition to build IAM policy ARNs (#820)
  • Generate aws-auth configmap's roles from Object. No more string concat. (#790)
  • Add timeout to default wait_for_cluster_cmd (#791)
  • Automate changelog management (#786)

BUG FIXES:

  • Fix destroy failure when talking to EKS endpoint on private network (#815)
  • Add ip address when manage_aws_auth is true and public_access is false (#745)
  • Add node_group direct dependency on eks_cluster (#796)
  • Do not recreate cluster when no SG given (#798)
  • Create false and avoid waiting forever for a non-existent cluster to respond (#789)
  • Fix git-chglog template to format changelog Type nicely (#803)
  • Fix git-chglog configuration (#802)

TESTS:

  • Remove unused kitchen test related stuff (#787)

CI:

  • Restrict semantic PR to validate PR title only (#804)