Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update terraform github.com/terraform-aws-modules/terraform-aws-eks to v20 #20

Open
wants to merge 1 commit into
base: release-0.9
Choose a base branch
from
Open

chore(deps): update terraform github.com/terraform-aws-modules/terraform-aws-eks to v20 #20

wants to merge 1 commit into from
+1 −1

Conversation

red-hat-konflux[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
github.com/terraform-aws-modules/terraform-aws-eks module major v18.2.0 -> v20.26.0

Release Notes

terraform-aws-modules/terraform-aws-eks (github.com/terraform-aws-modules/terraform-aws-eks)

v20.26.0

Compare Source

Features
  • Add support for desired_capacity_type (named desired_size_type) on self-managed node group (#​3166) (6974a5e)

v20.25.0

Compare Source

Features
  • Add support for newly released AL2023 accelerated AMI types (#​3177) (b2a8617)
Bug Fixes

v20.24.3

Compare Source

Bug Fixes
  • Add primary_ipv6 parameter to self-managed-node-group (#​3169) (fef6555)

v20.24.2

Compare Source

Bug Fixes

v20.24.1

Compare Source

Bug Fixes
  • Correct Karpenter EC2 service principal DNS suffix in non-commercial regions (#​3157) (47ab3eb)

v20.24.0

Compare Source

Features
  • Add support for Karpenter v1 controller IAM role permissions (#​3126) (e317651)

v20.23.0

Compare Source

Features
  • Add new output values for OIDC issuer URL and provider that are dual-stack compatible (#​3120) (72668ac)

v20.22.1

Compare Source

Bug Fixes

v20.22.0

Compare Source

Features
  • Enable update in place for node groups with cluster placement group strategy (#​3045) (75db486)

v20.21.0

Compare Source

Features

v20.20.0

Compare Source

Features

v20.19.0

Compare Source

Features

v20.18.0

Compare Source

Features

v20.17.2

Compare Source

Bug Fixes

v20.17.1

Compare Source

Bug Fixes
  • Invoke aws_iam_session_context data source only when required (#​3058) (f02df92)

v20.17.0

Compare Source

Features
  • Add support for ML capacity block reservations with EKS managed node group(s) (#​3091) (ae3379e)

v20.16.0

Compare Source

Features

v20.15.0

Compare Source

Features

v20.14.0

Compare Source

Features
  • Require users to supply OS via ami_type and not via platform which is unable to distinquish between the number of variants supported today (#​3068) (ef657bf)

v20.13.1

Compare Source

Bug Fixes
  • Correct syntax for correctly ignoring bootstrap_cluster_creator_admin_permissions and not all of access_config (#​3056) (1e31929)

v20.13.0

Compare Source

Features
  • Starting with 1.30, do not use the cluster OIDC issuer URL by default in the identity provider config (#​3055) (00f076a)

v20.12.0

Compare Source

Features
  • Support additional cluster DNS IPs with Bottlerocket based AMIs (#​3051) (541dbb2)

v20.11.1

Compare Source

Bug Fixes
  • Ignore changes to bootstrap_cluster_creator_admin_permissions which is disabled by default (#​3042) (c65d308)

v20.11.0

Compare Source

Features
  • Add SourceArn condition to Fargate profile trust policy (#​3039) (a070d7b)

v20.10.0

Compare Source

Features
  • Add support for Pod Identity assocation on Karpenter sub-module (#​3031) (cfcaf27)

v20.9.0

Compare Source

Features
  • Propagate ami_type to self-managed node group; allow using ami_type only (#​3030) (74d3918)

v20.8.5

Compare Source

Bug Fixes
  • Forces cluster outputs to wait until access entries are complete (#​3000) (e2a39c0)

v20.8.4

Compare Source

Bug Fixes
  • Pass nodeadm user data variables from root module down to nodegroup sub-modules (#​2981) (84effa0)

v20.8.3

Compare Source

Bug Fixes
  • Ensure the correct service CIDR and IP family is used in the rendered user data (#​2963) (aeb9f0c)

v20.8.2

Compare Source

Bug Fixes
  • Ensure a default ip_family value is provided to guarantee a CNI policy is attached to nodes (#​2967) (29dcca3)

v20.8.1

Compare Source

Bug Fixes
  • Do not attach policy if Karpenter node role is not created by module (#​2964) (3ad19d7)

v20.8.0

Compare Source

Features
  • Replace the use of toset() with static keys for node IAM role policy attachment (#​2962) (57f5130)

v20.7.0

Compare Source

Features
  • Add supprot for creating placement group for managed node group (#​2959) (3031631)

v20.6.0

Compare Source

Features
  • Add support for tracking latest AMI release version on managed nodegroups (#​2951) (393da7e)

v20.5.3

Compare Source

Bug Fixes
  • Update AWS provider version to support AL2023_* AMI types; ensure AL2023 user data receives cluster service CIDR (#​2960) (dfe4114)

v20.5.2

Compare Source

Bug Fixes

v20.5.1

Compare Source

Bug Fixes
  • Update CI workflow versions to remove deprecated runtime warnings (#​2956) (d14cc92)

v20.5.0

Compare Source

Features

v20.4.0

Compare Source

Features

v20.3.0

Compare Source

Features
  • Add support for addon and identity provider custom tags (#​2938) (f6255c4)

v20.2.2

Compare Source

20.2.2 (2024-02-21)
Bug Fixes
  • Replace Karpenter SQS policy dynamic service princpal DNS suffixes with static amazonaws.com (#​2941) (081c762)

v20.2.1

Compare Source

20.2.1 (2024-02-08)
Bug Fixes
  • Karpenter enable_spot_termination = false should not result in an error (#​2907) (671fc6e)

v20.2.0

Compare Source

Features
  • Allow enable/disable of EKS pod identity for the Karpenter controller (#​2902) (cc6919d)

v20.1.1

Compare Source

20.1.1 (2024-02-06)
Bug Fixes
  • Update access entries kubernetes_groups default value to null (#​2897) (1e32e6a)

v20.1.0

Compare Source

Features

v20.0.1

Compare Source

20.0.1 (2024-02-03)
Bug Fixes
  • Correct cluster access entry to create multiple policy associations per access entry (#​2892) (4177913)

v20.0.0

Compare Source

⚠ BREAKING CHANGES
  • Replace the use of aws-auth configmap with EKS cluster access entry (#​2858)

See the UPGRADE-20.0.md guide for further details on the changes and guidance for upgrading

List of backwards incompatible changes

  • Minium supported AWS provider version increased to v5.34
  • Minimum supported Terraform version increased to v1.3 to support Terraform state moved blocks as well as other advanced features
  • The resolve_conflicts argument within the cluster_addons configuration has been replaced with resolve_conflicts_on_create and resolve_conflicts_on_delete now that resolve_conflicts is deprecated
  • The default/fallback value for the preserve argument of cluster_addonsis now set to true. This has shown to be useful for users deprovisioning clusters while avoiding the situation where the CNI is deleted too early and causes resources to be left orphaned resulting in conflicts.
  • The Karpenter sub-module's use of the irsa naming convention has been removed, along with an update to the Karpenter controller IAM policy to align with Karpenter's v1beta1/v0.32 changes. Instead of referring to the role as irsa or pod_identity, its simply just an IAM role used by the Karpenter controller and there is support for use with either IRSA and/or Pod Identity (default) at this time
  • The aws-auth ConfigMap resources have been moved to a standalone sub-module. This removes the Kubernetes provider requirement from the main module and allows for the aws-auth ConfigMap to be managed independently of the main module. This sub-module will be removed entirely in the next major release.
  • Support for cluster access management has been added with the default authentication mode set as API_AND_CONFIG_MAP. This is a one way change if applied; if you wish to use CONFIG_MAP, you will need to set authentication_mode = "CONFIG_MAP" explicitly when upgrading.
  • Karpenter EventBridge rule key spot_interrupt updated to correct mis-spelling (was spot_interupt). This will cause the rule to be replaced

Additional changes

Added
  • A module tag has been added to the cluster control plane
  • Support for cluster access entries. The bootstrap_cluster_creator_admin_permissions setting on the control plane has been hardcoded to false since this operation is a one time operation only at cluster creation per the EKS API. Instead, users can enable/disable enable_cluster_creator_admin_permissions at any time to achieve the same functionality. This takes the identity that Terraform is using to make API calls and maps it into a cluster admin via an access entry. For users on existing clusters, you will need to remove the default cluster administrator that was created by EKS prior to the cluster access entry APIs - see the section Removing the default cluster administrator for more details.
  • Support for specifying the CloudWatch log group class (standard or infrequent access)
  • Native support for Windows based managed nodegroups similar to AL2 and Bottlerocket
  • Self-managed nodegroups now support instance_maintenance_policy and have added max_healthy_percentage, scale_in_protected_instances, and standby_instances arguments to the instance_refresh.preferences block
Modified
  • For sts:AssumeRole permissions by services, the use of dynamically looking up the DNS suffix has been replaced with the static value of amazonaws.com. This does not appear to change by partition and instead requires users to set this manually for non-commercial regions.
  • The default value for kms_key_enable_default_policy has changed from false to true to align with the default behavior of the aws_kms_key resource
  • The Karpenter default value for create_instance_profile has changed from true to false to align with the changes in Karpenter v0.32
  • The Karpenter variable create_instance_profile default value has changed from true to false. Starting with Karpenter v0.32.0, Karpenter accepts an IAM role and creates the EC2 instance profile used by the nodes
Removed
  • The complete example has been removed due to its redundancy with the other examples
  • References to the IRSA sub-module in the IAM repository have been removed. Once https://github.com/clowdhaus/terraform-aws-eks-pod-identity has been updated and moved into the organization, the documentation here will be updated to mention the new module.

v19.21.0

Compare Source

Features

v19.20.0

Compare Source

Features
  • Allow OIDC root CA thumbprint to be included/excluded (#​2778) (091c680)

v19.19.1

Compare Source

19.19.1 (2023-11-10)
Bug Fixes
  • Remove additional conditional on Karpenter instance profile creation to support upgrading (#​2812) (c36c8dc)

v19.19.0

Compare Source

Features
  • Update KMS module to avoid calling data sources when create_kms_key = false (#​2804) (0732bea)

v19.18.0

Compare Source

Features

v19.17.4

Compare Source

19.17.4 (2023-10-30)
Bug Fixes

v19.17.3

Compare Source

19.17.3 (2023-10-30)
Bug Fixes

v19.17.2

Compare Source

19.17.2 (2023-10-10)
Bug Fixes
  • Karpenter node IAM role policies variable should be a map of strings, not list (#​2771) (f4766e5)

v19.17.1

Compare Source

19.17.1 (2023-10-06)
Bug Fixes

v19.17.0

Compare Source

Features
  • Add support for allowed_instance_types on self-managed nodegroup ASG (#​2757) (feee18d)

v19.16.0

Compare Source

Features
  • Add node_iam_role_arns local variable to check for Windows platform on EKS managed nodegroups (#​2477) (adb47f4)

v19.15.4

Compare Source

19.15.4 (2023-07-27)
Bug Fixes

v19.15.3

Compare Source

19.15.3 (2023-06-09)
Bug Fixes

v19.15.2

Compare Source

19.15.2 (2023-05-30)
Bug Fixes
  • Ensure isra_tag_values can be tried before defaulting to cluster_name on Karpenter module (#​2631) (6c56e2a)

v19.15.1

Compare Source

19.15.1 (2023-05-24)
Bug Fixes

v19.15.0

Compare Source

Features

v19.14.0

Compare Source

Features

v19.13.1

Compare Source

19.13.1 (2023-04-18)
Bug Fixes

v19.13.0

Compare Source

Features

v19.12.0

Compare Source

Features

v19.11.0

Compare Source

Features
  • Add optional list of policy ARNs for attachment to Karpenter IRSA (#​2537) (bd387d6)

v19.10.3

Compare Source

19.10.3 (2023-03-23)
Bug Fixes
  • Add aws_eks_addons.before_compute to the cluster_addons output (#​2533) (f977d83)

v19.10.2

Compare Source

19.10.2 (2023-03-23)
Bug Fixes

v19.10.1

Compare Source

19.10.1 (2023-03-17)
Bug Fixes

v19.10.0

Compare Source

Features

v19.9.0

Compare Source

Features
  • Add support for enabling addons before data plane compute is created (#​2478) (78027f3)

v19.8.0

Compare Source

Features
  • Add auto discovery permission of cluster endpoint to Karpenter role (#​2451) (c4a4b8a)

v19.7.0

Compare Source

Features

v19.6.0

Compare Source

Features
  • Add prometheus-adapter port 6443 to recommended sec groups (#​2399) (059dc0c)

v19.5.1

Compare Source

19.5.1 (2023-01-05)
Bug Fixes
  • AMI lookup should only happen when launch template is created (#​2386) (3834935)

v19.5.0

Compare Source

Features
  • Ignore changes to labels and annotations on on aws-auth ConfigMap (#​2380) (5015b42)

v19.4.3

Compare Source

19.4.3 (2023-01-05)
Bug Fixes
  • Use a version for to avoid GitHub API rate limiting on CI workflows (#​2376) (460e43d)

v19.4.2

Compare Source

19.4.2 (2022-12-20)
Bug Fixes

v19.4.1

Compare Source

19.4.1 (2022-12-20)
Bug Fixes
  • Correct eks_managed_* to self_managed_* for tag_specification argument (#​2364) (df7c57c)

v19.4.0

Compare Source

Features
  • Allow configuring which tags are passed on launch template tag specifications (#​2360) (094ed1d)

v19.3.1

Compare Source

19.3.1 (2022-12-18)
Bug Fixes

v19.3.0

Compare Source

Features
  • Add additional port for metrics-server to recommended rules (#​2353) (5a270b7)

v19.2.0

Compare Source

Features
  • Ensure all supported resources are tagged under tag_specifications on launch templates (#​2352) (0751a0c)

v19.1.1

Compare Source

19.1.1 (2022-12-17)
Bug Fixes
  • Use IAM session context data source to resolve the identities role when using assumed_role (#​2347) (71b8eca)

v19.1.0

Compare Source

Features

v19.0.4

Compare Source

19.0.4 (2022-12-07)
Bug Fixes
  • Ensure that custom KMS key is not created if encryption is not enabled, support computed values in cluster name (#​2328) (b83f6d9)

v19.0.3

Compare Source

19.0.3 (2022-12-07)
Bug Fixes
  • Invalid value for "replace" parameter: argument must not be null. (#​2322) (9adc475)

v19.0.2

Compare Source

19.0.2 (2022-12-06)
Bug Fixes
  • public_access_cidrs require a value even if public endpoint is disabled (#​2320) (3f6d915)

v19.0.1

Compare Source

19.0.1 (2022-12-06)
Bug Fixes
  • Call to lookup() closed too early, breaks sg rule creation in cluster sg if custom source sg is defined. (#​2319) (7bc4a27)

v19.0.0

Compare Source

⚠ BREAKING CHANGES (#​2250) (b2e97ca)

Please consult the examples directory for reference example configurations. If you find a bug, please open an issue with supporting configuration to reproduce.

List of backwards incompatible changes

  • The cluster_id output used to output the name of the cluster. This is due to the fact that the cluster name is a unique constraint and therefore its set as the unique identifier within Terraform's state map. However, starting with local EKS clusters created on Outposts, there is now an attribute returned from the aws eks create-cluster API named id. The cluster_id has been updated to return this value which means that for current, standard EKS clusters created in the AWS cloud, no value will be returned (at the time of this writing) for cluster_id and only local EKS clusters on Outposts will return a value that looks like a UUID/GUID. Users should switch all instances of cluster_id to use cluster_name before upgrading to v19. Reference
  • Minimum supported version of Terraform AWS provider updated to v4.45 to support latest features provided via the resources utilized.
  • Minimum supported version of Terraform updated to v1.0
  • Individual security group created per EKS managed node group or self managed node group has been removed. This configuration went mostly un-used and would often cause confusion ("Why is there an empty security group attached to my nodes?"). This functionality can easily be replicated by user's providing one or more externally created security groups to attach to nodes launched from the node group.
  • Previously, var.iam_role_additional_policies (one for each of the following: cluster IAM role, EKS managed node group IAM role, self-managed node group IAM role, and Fargate Profile IAM role) accepted a list of strings. This worked well for policies that already existed but failed for policies being created at the same time as the cluster due to the well known issue of unkown values used in a for_each loop. To rectify this issue in v19.x, two changes were made:
    1. var.iam_role_additional_policies was changed from type list(string) to type map(string) -> this is a breaking change. More information on managing this change can be found below, under Terraform State Moves
    2. The logic used in the root module for this variable was changed to replace the use of try() with lookup(). More details on why can be found here
  • The cluster name has been removed from the Karpenter module event rule names. Due to the use of long cluster names appending to the provided naming scheme, the cluster name has moved to a ClusterName tag and the event rule name is now a prefix. This guarantees that users can have multiple instances of Karpenter withe their respective event rules/SQS queue without name collisions, while also still being able to identify which queues and event rules belong to which cluster.

Please see the UPGRADE-19.0.md for full details on changes and upgrade path.

v18.31.2

Compare Source

[18.31.2](https://togithub.com/terraform-aws-modu

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@red-hat-konflux
chore(deps): update terraform github.com/terraform-aws-modules/terraf…
f8253d8 
…orm-aws-eks to v20

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants