Releases: cloudposse/terraform-aws-eks-cluster
Releases · cloudposse/terraform-aws-eks-cluster
v2.9.0
Enable configuration values to be passed to addons @Nuru (#191)
notes
This version bumps requirements:
- Terraform must now be >= 1.3
- AWS provider must now be >= 4.46
Even with that, there is still a deprecation warning when using AWS provider v5. We are providing this release at this level for people who are not yet ready to update to AWS provider v5. Most likely the next release will required v5.
what
- Enable configuration values to be passed to addons
- Wait for security group rules to be in place before trying to contact the cluster
- Update test
goversion and dependencies
why
- Add-ons may need configuration. For example, to run
corednson Fargate, you must pass'{"computeType": "Fargate"}'. Supersedes and closes #181 - Before security group rules are in place, TCP connection to the cluster will be blocked and the connection will fail.
- Supersede and close the following PRs:
references
Supersedes and closes #190
Contributors
Nuru
Assets 2
v2.8.1
🚀 Enhancements
Update Security Group rules @aknysh (#186)
what
- Update Security Group rules
why
- This module can create an additional Security Group for the EKS cluster for backwards compatibility if you are updating this module to the latest version on existing clusters
- If the cluster was created using an older version of the module, EKS did not create a managed cluster Security Group at the time, and the the cluster Security Group was the additional Security Group
- This additional Security Group is returned from the expression
one(aws_eks_cluster.default[*].vpc_config[0].cluster_security_group_id) - When the module tries to create
resource "aws_security_group_rule" "managed_ingress_cidr_blocks"to add the allowed ingress CIDR blocks, the following error is thrown
Error: [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxx). This may be
│ a side effect of a now-fixed Terraform issue causing two security groups with
│ identical attributes but different source_security_group_ids to overwrite each
│ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
│ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 10.222.0.0/16, ALL, ALLOW" already exists
│ status code: 400, request id: 7065e36d-ffca-4540-8e43-ed75d94d752e
│
│ with module.eks_cluster.aws_security_group_rule.managed_ingress_cidr_blocks[0],
│ on .terraform/modules/eks_cluster/security-group.tf line 17, in resource "aws_security_group_rule" "managed_ingress_cidr_blocks":
│ 17: resource "aws_security_group_rule" "managed_ingress_cidr_blocks" {
- This PR adds a variable
managed_security_group_rules_enabled. For the very old clusters (which use the custom SG as the main cluster SG), set the variable tofalseto not add the SG rules to it (since the SG is the custom SG to which the module adds the same rules anyway)
Contributors
aknysh
Assets 2
v2.8.0
Improved dependency configuration @Nuru (#185)
what
- Add
addons_depends_onto allow for nodes to be created before addons are applied - Add
cluster_depends_onto allow for networking to be fully provisioned before cluster is created - Improve internal
depends_onclauses - Fix
tflintcomplaints
why
- Fixes #170
- May improve destruction when network and cluster are provisioned at the same time
- Maintain access if destruction only partly succeeds
Sync github @max-lobur (#184)
Rebuild github dir from the template
Contributors
Nuru and max-lobur
Assets 2
v2.7.0
- No changes
v2.6.0
Contributors
asmithdt
Assets 2
v2.5.0
Contributors
Nuru
Assets 2
v2.4.0
Custom Ingress rules @IkePCampbell (#162)
what
- Added list of objects, which are Security Rule Ingress Definitions.
why
- Sometimes I need to add security groups to access my EKS workers, such as other EC2 instances on a variety of ports. Same with RDS instances.
references
- Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
- Use
closes #123, if this PR closes a GitHub issue#123
Contributors
IkePCampbell
Assets 2
v2.3.2
🐛 Bug Fixes
Exclude only TLS provider version 4.0.0 @Nuru (#160)
what && why
- In #158 we disallowed all TLS provider version >= 4.0.0 due to hashicorp/terraform-provider-tls#244 . In this release we exclude only 4.0.0 exactly because the bug was fixed in 4.0.1.
- Upgrade
gotest dependencies to current to pick up bug and security fixes.
references
Contributors
Nuru
Assets 2
v2.3.1
Bump sigs.k8s.io/aws-iam-authenticator from 0.5.3 to 0.5.9 in /test/src @dependabot (#156)
Bumps sigs.k8s.io/aws-iam-authenticator from 0.5.3 to 0.5.9.
Release notes
Sourced from sigs.k8s.io/aws-iam-authenticator's releases.
v0.5.9
Changelog
- 1209cfe2 Bump version in Makefile
- 029d1dcf Add query parameter validation for multiple parameters
v0.5.7
What's Changed
- Remove duplicate InitMetrics by
@jngo2in kubernetes-sigs/aws-iam-authenticator#448
- fixes a crash when executing authenticator in server mode
New Contributors
@jngo2made their first contribution in kubernetes-sigs/aws-iam-authenticator#448Full Changelog: kubernetes-sigs/aws-iam-authenticator@v0.5.6...v0.5.7
v0.5.6
Changelog
- Bump AWS SDK to v1.43.28 (#445,
@nckturner)- Use the apiversion from KUBERNETES_EXEC_INFO (#439,
@jyotimahapatra)- Bump promptui module to v0.9.0 (#437,
@abhay-krishna)Docker Images
Note: You must log in with the registry ID and your role must have the necessary ECR privileges:
$(aws ecr get-login --no-include-email --region us-west-2 --registry-ids 602401143452)
docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.6docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.6-arm64docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.6-amd64v0.5.5
Changelog
- Use full package name for goreleaser version (#433,
@nckturner)- add sts error metric (#430,
@jyotimahapatra)- emit metric for EC2 describeInstance calls (#428,
@jyotimahapatra)- Rename configmap_watch_failures to configmap_watch_failures_total (#432,
@nckturner)- Simplify goreleaser Dockerfiles (#431,
@jyotimahapatra)- Don't pass metrics around (#423,
@nckturner)Docker Images
Note: You must log in with the registry ID and your role must have the necessary ECR privileges:
$(aws ecr get-login --no-include-email --region us-west-2 --registry-ids 602401143452)
... (truncated)
Commits
1209cfeBump version in Makefile029d1dcAdd query parameter validation for multiple parameters0a72c12Merge pull request #455 from jyotimahapatra/rev2596a043revert use of upstream yaml parsing2a9ee95Merge pull request #448 from jngo2/masterfc4e6cbRemove unused importsf0fe605Remove duplicate InitMetrics99f04d6Merge pull request #447 from nckturner/release-0.5.69dcb6d1Faster multiarch docker buildsa9cc81bBump timeout for image build job- Additional commits viewable in compare view
🐛 Bug Fixes
Disallow TLS provider v4 due to provider issue 244 @Nuru (#158)
what
- Disallow
hashicorp/tlsprovider version >= 4.0.0
why
When using hashicorp/tls provider v4.0.0 and setting oidc_provider_enabled = true on a new EKS cluster deployment, terraform plan will fail with thumbprint_list = [join("", data.tls_certificate.cluster.*.certficates.0.sha1_fingerprint)] and The given key does not identify an element in this collection value: the collection has no elements.
references
Contributors
Nuru and dependabot