From 614d815c3c6eb47970686a37c84cfa13f6c00d1e Mon Sep 17 00:00:00 2001 From: Max Williams Date: Thu, 28 Nov 2019 15:03:26 +0100 Subject: [PATCH] Misc doc and changelog format changes (#604) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 👊 --- CHANGELOG.md | 211 +++++------------- README.md | 28 +-- docs/spot-instances.md | 6 +- ...grading-to-aws-auth-kubernetes-provider.md | 14 -- 4 files changed, 66 insertions(+), 193 deletions(-) delete mode 100644 docs/upgrading-to-aws-auth-kubernetes-provider.md diff --git a/CHANGELOG.md b/CHANGELOG.md index b5e8df4..abee4af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,12 +9,7 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [[v7.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v7.0.0...HEAD)] - 2019-??-??] -### Added - - Test against minimum versions specified in `versions.tf` (by @dpiddockcmp) - -### Changed - - Updated instance_profile_names and instance_profile_arns outputs to also consider launch template as well as asg (by @ankitwal) - **Breaking:** Configure the aws-auth configmap using the terraform kubernetes providers. Read the [docs](docs/upgrading-to-aws-auth-kubernetes-provider.md) for more info (by @sdehaes) - Updated application of `aws-auth` configmap to create `kube_config.yaml` and `aws_auth_configmap.yaml` in sequence (and not parallel) to `kubectl apply` (by @knittingdev) @@ -22,104 +17,97 @@ project adheres to [Semantic Versioning](http://semver.org/). - Fix deprecated interpolation-only expression (by @angelabad) - Fix broken terraform plan/apply on a cluster < 1.14 (by @hodduc) +#### Important notes + +The way the `aws-auth` configmap in the `kube-system` namespaces is managed has been changed. Before this was managed via kubectl using a null resources. This was changed to be managed by the terraform Kubernetes provider. + +To upgrade you have to add the kubernetes provider to the place you are calling the module. You can see examples in +the [examples](../examples) folder. Then you should import the configmap into Terraform: + +``` +terraform import module.cluster1.kubernetes_config_map.aws_auth[0] kube-system/aws-auth +``` + +You could also delete the aws-auth config map before doing an apply but this means you need to the apply with the **same user/role that created the cluster**. + # History ## [[v7.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v6.0.2...v7.0.0)] - 2019-10-30] -### Added - - **Breaking:** Allow for specifying a custom AMI for the worker nodes. (by @bmcstdio) - Added support for Windows workers AMIs (by @hodduc) - Allow for replacing the full userdata text with a `userdata_template_file` template and `userdata_template_extra_args` in `worker_groups` (by @snstanton) - -### Changed - - **Breaking:** The `kubectl` configuration file can now be fully-specified using `config_output_path`. Previously it was assumed that `config_output_path` referred to a directory and always ended with a forward slash. This is a breaking change if `config_output_path` does **not** end with a forward slash (which was advised against by the documentation). - Changed logic for setting default ebs_optimized to only require maintaining a list of instance types that don't support it (by @jeffmhastings) - Bumped minimum terraform version to 0.12.2 to prevent an error on yamlencode function (by @toadjaune) - Access conditional resource using join function in combination with splat syntax (by @miguelaferreira) +#### Important notes + +An AMI is now specified using the whole name, for example `amazon-eks-node-1.14-v20190927`. + ## [[v6.0.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v6.0.1...v6.0.2)] - 2019-10-07] -### Added - - Added `tags` to `aws_eks_cluster` introduced by terraform-provider-aws 2.31.0 (by @morganchristiansson) - -### Changed - - - Add option to enable lifecycle hooks creation (by @barryib) - - Remove helm chart value `sslCertPath` described in `docs/autoscaling.md` (by @wi1dcard) - - Attaching of IAM policies for autoscaler and CNI to the worker nodes now optional (by @dpiddockcmp) +- Add option to enable lifecycle hooks creation (by @barryib) +- Remove helm chart value `sslCertPath` described in `docs/autoscaling.md` (by @wi1dcard) +- Attaching of IAM policies for autoscaler and CNI to the worker nodes now optional (by @dpiddockcmp) ## [[v6.0.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v6.0.0...v6.0.1)] - 2019-09-25] -### Added - - - Added support for different workers AMI's, i.e. with GPU support (by @rvoitenko) - -### Changed - +- Added support for different workers AMI's, i.e. with GPU support (by @rvoitenko) - Use null as default value for `target_group_arns` attribute of worker autoscaling group (by @tatusl) - Output empty string when cluster identity is empty (by @tbarry) ## [[v6.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v5.1.0...v6.0.0)] - 2019-09-17] - - Added `market_type` to `workers_launch_template.tf` allow the usage of spot nodegroups without mixed instances policy. - - Added support for log group tag in `./cluster.tf` (@lucas-giaco) - - Added support for workers iam role tag in `./workers.tf` (@lucas-giaco) - - Added `required_providers` to enforce provider minimum versions (by @dpiddockcmp) - - Updated `local.spot_allocation_strategy` docstring to indicate availability of new `capacity-optimized` option. (by @sc250024) - - Added support for initial lifecycle hooks for autosacling groups (@barryib) - - Added option to recreate ASG when LT or LC changes (by @barryib) - - Ability to specify workers role name (by @ivanich) - - Added output for OIDC Issuer URL (by @russwhelan) - - Added support for Mixed Instance ASG using `worker_groups_launch_template` variable (by @sppwf) - - Changed ASG Tags generation using terraform 12 `for` utility (by @sppwf) - - **Breaking:** Removed `worker_groups_launch_template_mixed` variable (by @sppwf) +- Added `market_type` to `workers_launch_template.tf` allow the usage of spot nodegroups without mixed instances policy. +- Added support for log group tag in `./cluster.tf` (@lucas-giaco) +- Added support for workers iam role tag in `./workers.tf` (@lucas-giaco) +- Added `required_providers` to enforce provider minimum versions (by @dpiddockcmp) +- Updated `local.spot_allocation_strategy` docstring to indicate availability of new `capacity-optimized` option. (by @sc250024) +- Added support for initial lifecycle hooks for autosacling groups (@barryib) +- Added option to recreate ASG when LT or LC changes (by @barryib) +- Ability to specify workers role name (by @ivanich) +- Added output for OIDC Issuer URL (by @russwhelan) +- Added support for Mixed Instance ASG using `worker_groups_launch_template` variable (by @sppwf) +- Changed ASG Tags generation using terraform 12 `for` utility (by @sppwf) +- **Breaking:** Removed `worker_groups_launch_template_mixed` variable (by @sppwf) +- Update to EKS 1.14 (by @nauxliu) +- **Breaking:** Support map users and roles to multiple groups (by @nauxliu) +- Fixed errors sometimes happening during destroy due to usage of coalesce() in local.tf (by @petrikero) +- Removed historical mention of adding caller's IPv4 to cluster security group (by @dpiddockcmp) +- Wrapped `kubelet_extra_args` in double quotes instead of singe quotes (by @nxf5025) +- Make terraform plan more consistent and avoid unnecessary "(known after apply)" (by @barryib) +- Made sure that `market_type` was correctly passed to `workers_launch_template` (by @to266) -### Changed +#### Important notes - - Update to EKS 1.14 (by @nauxliu) - - **Breaking:** Support map users and roles to multiple groups (by @nauxliu) - - Fixed errors sometimes happening during destroy due to usage of coalesce() in local.tf (by @petrikero) - - Removed historical mention of adding caller's IPv4 to cluster security group (by @dpiddockcmp) - - Wrapped `kubelet_extra_args` in double quotes instead of singe quotes (by @nxf5025) - - Make terraform plan more consistent and avoid unnecessary "(known after apply)" (by @barryib) - - Made sure that `market_type` was correctly passed to `workers_launch_template` (by @to266) +You will need to move worker groups from `worker_groups_launch_template_mixed` to `worker_groups_launch_template`. You can rename terraform resources in the state to avoid an destructive changes. + +Map roles need to rename `role_arn` to `rolearn` and `group = ""` to `groups = [""]`. ## [[v5.1.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v5.1.0...v5.1.1)] - 2019-07-30] -### Added - - - Added new tag in `worker.tf` with autoscaling_enabled = true flag (by @insider89) +- Added new tag in `worker.tf` with autoscaling_enabled = true flag (by @insider89) ## [[v5.1.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v5.0.0...v5.1.0)] - 2019-07-30] -### Added - - - Option to set a KMS key for the log group and encrypt it (by @till-krauss) - - Output the name of the cloudwatch log group (by @gbooth27) - - Added `cpu_credits` param for the workers defined in `worker_groups_launch_template` (by @a-shink) - - Added support for EBS Volumes tag in `worker_groups_launch_template` and `workers_launch_template_mixed.tf` (by @sppwf) - - Basic example now tags networks correctly, as per [ELB documentation](https://docs.aws.amazon.com/eks/latest/userguide/load-balancing.html) and [ALB documentation](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) (by @karolinepauls) - -### Changed - - - Update default override instance types to work with Cluster Autoscaler (by @nauxliu on behalf of RightCapital) - - Examples now specify `enable_dns_hostnames = true`, as per [EKS documentation](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) (by @karolinepauls) +- Option to set a KMS key for the log group and encrypt it (by @till-krauss) +- Output the name of the cloudwatch log group (by @gbooth27) +- Added `cpu_credits` param for the workers defined in `worker_groups_launch_template` (by @a-shink) +- Added support for EBS Volumes tag in `worker_groups_launch_template` and `workers_launch_template_mixed.tf` (by @sppwf) +- Basic example now tags networks correctly, as per [ELB documentation](https://docs.aws.amazon.com/eks/latest/userguide/load-balancing.html) and [ALB documentation](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) (by @karolinepauls) +- Update default override instance types to work with Cluster Autoscaler (by @nauxliu on behalf of RightCapital) +- Examples now specify `enable_dns_hostnames = true`, as per [EKS documentation](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) (by @karolinepauls) ## [[v5.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.2...v5.0.0)] - 2019-06-19] -### Added - - Added Termination Policy Option to worker ASGs (by @undeadops) - Update EBS optimized instances type (by @gloutsch) - Added tagging for iam role created in `./cluster.tf` (@camilosantana) - Enable log retention for cloudwatch log groups (by @yuriipolishchuk) - Update to EKS 1.13 (by @gloutsch) - -### Changed - - Finally, Terraform 0.12 support, [Upgrade Guide](https://github.com/terraform-aws-modules/terraform-aws-eks/pull/394) (by @alex-goncharov @nauxliu @timboven) - All the xx_count variables have been removed (by @nauxliu on behalf of RightCapital) - Use actual lists in the workers group maps instead of strings with commas (by @nauxliu on behalf of RightCapital) @@ -128,9 +116,6 @@ project adheres to [Semantic Versioning](http://semver.org/). - Fix toggle for IAM instance profile creation for mixed launch templates (by @jnozo) ## [[v4.0.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.1...v4.0.2)] - 2019-05-07] - -### Changed - - Added 2 new examples, also tidy up basic example (by @max-rocket-internet) - Updates to travis, PR template (by @max-rocket-internet) - Fix typo in data.tf (by @max-rocket-internet) @@ -138,23 +123,16 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [[v4.0.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.0...v4.0.1)] - 2019-05-07] -### Changed - - Fix annoying typo: worker_group_xx vs worker_groups_xx (by @max-rocket-internet) ## [[v4.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v3.0.0...v4.0.0)] - 2019-05-07] -### Added - - Added support for custom service linked role for Auto Scaling group (by @voanhduy1512) - Added support for custom IAM roles for cluster and workers (by @erks) - Added cluster ARN to outputs (by @alexsn) - Added outputs for `workers_user_data` and `workers_default_ami_id` (by @max-rocket-internet) - Added doc about spot instances (by @max-rocket-internet) - Added new worker group option with a mixed instances policy (by @max-rocket-internet) - -### Changed - - Set default suspended processes for ASG to `AZRebalance` (by @max-rocket-internet) - 4 small changes to `aws_launch_template` resource (by @max-rocket-internet) - (Breaking Change) Rewritten and de-duplicated code related to Launch Templates (by @max-rocket-internet) @@ -164,32 +142,20 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [[v3.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v2.3.1...v3.0.0)] - 2019-04-15] -### Added - - Fixed: Ability to destroy clusters due to security groups being attached to ENI's (by @whiskeyjimbo) - Added outputs for worker IAM instance profile(s) (by @soapergem) - Added support for cluster logging via the `cluster_enabled_log_types` variable (by @sc250024) - -### Changed - - - Updated vpc module version and aws provider version. (by @chenrui333) - - Upgraded default kubernetes version from 1.11 to 1.12 (by @stijndehaes) +- Updated vpc module version and aws provider version. (by @chenrui333) +- Upgraded default kubernetes version from 1.11 to 1.12 (by @stijndehaes) ## [[v2.3.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v2.3.0...v2.3.1)] - 2019-03-26] -### Added - - Added support for eks public and private endpoints (by @stijndehaes) - Added minimum inbound traffic rule to the cluster worker security group as per the [EKS security group requirements](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) (by @sc250024) - -### Changed - - (Breaking Change) Replaced `enable_docker_bridge` with a generic option called `bootstrap_extra_args` to resolve [310](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/310) (by @max-rocket-internet) ## [[v2.3.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v2.2.1...v2.3.0)] - 2019-03-20] -### Added - - Allow additional policies to be attached to worker nodes (by @rottenbytes) - Ability to specify a placement group for each worker group (by @matheuss) - "k8s.io/cluster-autoscaler/{cluster-name}" and "k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage" tags for autoscaling groups (by @tbarrella) @@ -202,37 +168,25 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [[v2.2.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v2.2.1...v2.2.2)] - 2019-02-25] -### Added - - Ability to specify a path for IAM roles (by @tekn0ir) ## [[v2.2.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v2.2.0...v2.2.1)] - 2019-02-18] ## [[v2.2.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v2.1.0...v2.2.0)] - 2019-02-07] -### Added - - Ability to specify a permissions_boundary for IAM roles (by @dylanhellems) - Ability to configure force_delete for the worker group ASG (by @stefansedich) - Ability to configure worker group ASG tags (by @stefansedich) - Added EBS optimized mapping for the g3s.xlarge instance type (by @stefansedich) - `enabled_metrics` input (by @zanitete) - write_aws_auth_config to input (by @yutachaos) - -### Changed - - Change worker group ASG to use create_before_destroy (by @stefansedich) - Fixed a bug where worker group defaults were being used for launch template user data (by @leonsodhi-lf) - Managed_aws_auth option is true, the aws-auth configmap file is no longer created, and write_aws_auth_config must be set to true to generate config_map. (by @yutachaos) ## [[v2.1.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v2.0.0...v2.1.0)] - 2019-01-15] -### Added - - Initial support for worker groups based on Launch Templates (by @skang0601) - -### Changed - - Updated the `update_config_map_aws_auth` resource to trigger when the EKS cluster endpoint changes. This likely means that a new cluster was spun up so our ConfigMap won't exist (fixes #234) (by @elatt) - Removed invalid action from worker_autoscaling iam policy (by @marcelloromani) - Fixed zsh-specific syntax in retry loop for aws auth config map (by @marcelloromani) @@ -240,14 +194,9 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [[v2.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.8.0...v2.0.0)] - 2018-12-14] -### Added - - (Breaking Change) New input variables `map_accounts_count`, `map_roles_count` and `map_users_count` to allow using computed values as part of `map_accounts`, `map_roles` and `map_users` configs (by @chili-man on behalf of OpenGov). - (Breaking Change) New variables `cluster_create_security_group` and `worker_create_security_group` to stop `value of 'count' cannot be computed` error. - Added ability to choose local-exec interpreter (by @rothandrew) - -### Changed - - Added `--with-aggregate-type-defaults` option to terraform-docs (by @max-rocket-internet) - Updated AMI ID filtering to only filter AMIs from current cluster k8s version (by @max-rocket-internet) - Added `pre-commit-terraform` git hook to automatically create documentation of inputs/outputs (by @antonbabenko) @@ -256,17 +205,12 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [[v1.8.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.7.0...v1.8.0)] - 2018-12-04] -### Added - - Support for using AWS Launch Templates to define autoscaling groups (by @skang0601) - `suspended_processes` to `worker_groups` input (by @bkmeneguello) - `target_group_arns` to `worker_groups` input (by @zihaoyu) - `force_detach_policies` to `aws_iam_role` `cluster` and `workers` (by @marky-mark) - Added sleep while trying to apply the kubernetes configurations if failed, up to 50 seconds (by @rmakram-ims) - `cluster_create_security_group` and `worker_create_security_group`. This allows using computed cluster and worker security groups. (by @rmakram-ims) - -### Changed - - new variables worker_groups_launch_template and worker_group_count_launch_template (by @skang0601) - Remove aws_iam_service_linked_role (by @max-rocket-internet) - Adjust the order and correct/update the ec2 instance type info. (@chenrui333) @@ -275,15 +219,10 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [[v1.7.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.6.0...v1.7.0)] - 2018-10-09] -### Added - - Worker groups can be created with a specified IAM profile. (from @laverya) - exposed `aws_eks_cluster` create and destroy timeouts (by @RGPosadas) - exposed `placement_tenancy` for autoscaling group (by @monsterxx03) - Allow port 443 from EKS service to nodes to run `metrics-server`. (by @max-rocket-internet) - -### Changed - - fix default worker subnets not working (by @erks) - fix default worker autoscaling_enabled not working (by @erks) - Cosmetic syntax changes to improve readability. (by @max-rocket-internet) @@ -291,15 +230,10 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [[v1.6.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.5.0...v1.6.0)] - 2018-09-04] -### Added - - add support for [`amazon-eks-node-*` AMI with bootstrap script](https://aws.amazon.com/blogs/opensource/improvements-eks-worker-node-provisioning/) (by @erks) - expose `kubelet_extra_args` worker group option (replacing `kubelet_node_labels`) to allow specifying arbitrary kubelet options (e.g. taints and labels) (by @erks) - add optional input `worker_additional_security_group_ids` to allow one or more additional security groups to be added to all worker launch configurations - #47 (by @hhobbsh @mr-joshua) - add optional input `additional_security_group_ids` to allow one or more additional security groups to be added to a specific worker launch configuration - #47 (by @mr-joshua) - -### Changed - - allow a custom AMI to be specified as a default (by @erks) - bugfix for above change (by @max-rocket-internet) - **Breaking change** Removed support for `eks-worker-*` AMI. The cluster specifying a custom AMI based off of `eks-worker-*` AMI will have to rebuild the AMI from `amazon-eks-node-*`. (by @erks) @@ -307,48 +241,31 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [[v1.5.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.4.0...v1.5.0)] - 2018-08-30] -### Added - - add spot_price option to aws_launch_configuration - add enable_monitoring option to aws_launch_configuration - add t3 instance class settings - add aws_iam_service_linked_role for elasticloadbalancing. (by @max-rocket-internet) - Added autoscaling policies into module that are optionally attached when enabled for a worker group. (by @max-rocket-internet) - -### Changed - - **Breaking change** Removed `workstation_cidr` variable, http callout and unnecessary security rule. (by @dpiddockcmp) If you are upgrading from 1.4 you should fix state after upgrade: `terraform state rm module.eks.data.http.workstation_external_ip` - Can now selectively override keys in `workers_group_defaults` variable rather than callers maintaining a duplicate of the whole map. (by @dpiddockcmp) ## [[v1.4.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.3.0...v1.4.0)] - 2018-08-02] -### Added - - manage eks workers' root volume size and type. - `workers_asg_names` added to outputs. (kudos to @laverya) - New top level variable `worker_group_count` added to replace the use of `length(var.worker_groups)`. This allows using computed values as part of worker group configs. (complaints to @laverya) ## [[v1.3.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.2.0...v1.3.0)] - 2018-07-11] -### Added - - New variables `map_accounts`, `map_roles` and `map_users` in order to manage additional entries in the `aws-auth` configmap. (by @max-rocket-internet) - kubelet_node_labels worker group option allows setting --node-labels= in kubelet. (Hat-tip, @bshelton229 👒) - `worker_iam_role_arn` added to outputs. Sweet, @hatemosphere 🔥 - -### Changed - - Worker subnets able to be specified as a dedicated list per autoscaling group. (up top, @bshelton229 🙏) ## [[v1.2.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.1.0...v1.2.0)] - 2018-07-01] -### Added - - new variable `pre_userdata` added to worker launch configuration allows to run scripts before the plugin does anything. (W00t, @jimbeck 🦉) - -### Changed - - kubeconfig made much more flexible. (Bang up job, @sdavids13 💥) - ASG desired capacity is now ignored as ASG size is more effectively handed by k8s. (Thanks, @ozbillwang 💇‍♂️) - Providing security groups didn't behave as expected. This has been fixed. (Good catch, @jimbeck 🔧) @@ -356,54 +273,34 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [[v1.1.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v1.0.0...v1.1.0)] - 2018-06-25] -### Added - - new variable `worker_sg_ingress_from_port` allows to change the minimum port number from which pods will accept communication (Thanks, @ilyasotkov 👏). - expanded on worker example to show how multiple worker autoscaling groups can be created. - IPv4 is used explicitly to resolve testing from IPv6 networks (thanks, @tsub 🙏). - Configurable public IP attachment and ssh keys for worker groups. Defaults defined in `worker_group_defaults`. Nice, @hatemosphere 🌂 - `worker_iam_role_name` now an output. Sweet, @artursmet 🕶️ - -### Changed - - IAM test role repaired by @lcharkiewicz 💅 - `kube-proxy` restart no longer needed in userdata. Good catch, @hatemosphere 🔥 - worker ASG reattachment wasn't possible when using `name`. Moved to `name_prefix` to allow recreation of resources. Kudos again, @hatemosphere 🐧 ## [[v1.0.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v0.2.0...v1.0.0)] - 2018-06-11] -### Added - - security group id can be provided for either/both of the cluster and the workers. If not provided, security groups will be created with sufficient rules to allow cluster-worker communication. - kudos to @tanmng on the idea ⭐ - outputs of security group ids and worker ASG arns added for working with these resources outside the module. - -### Changed - - Worker build out refactored to allow multiple autoscaling groups each having differing specs. If none are given, a single ASG is created with a set of sane defaults - big thanks to @kppullin 🥨 ## [[v0.2.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v0.1.1...v0.2.0)] - 2018-06-08] -### Added - - ability to specify extra userdata code to execute following kubelet services start. - EBS optimization used whenever possible for the given instance type. - When `configure_kubectl_session` is set to true the current shell will be configured to talk to the kubernetes cluster using config files output from the module. - -### Changed - - files rendered from dedicated templates to separate out raw code and config from `hcl` - `workers_ami_id` is now made optional. If not specified, the module will source the latest AWS supported EKS AMI instead. ## [[v0.1.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v0.1.0...v0.1.1)] - 2018-06-07] - -### Changed - - Pre-commit hooks fixed and working. - Made progress on CI, advancing the build to the final `kitchen test` stage before failing. ## [v0.1.0] - 2018-06-07 -### Added - - Everything! Initial release of the module. - added a local variable to do a lookup against for a dynamic value in userdata which was previously static. Kudos to @tanmng for finding and fixing bug #1! diff --git a/README.md b/README.md index 1ff10e5..6e534ea 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -# terraform-aws-eks +# terraform-aws-eks [![Lint Status](https://github.com/terraform-aws-modules/terraform-aws-eks/workflows/Lint/badge.svg)](https://github.com/terraform-aws-modules/terraform-aws-eks/actions) -[![LICENSE](https://img.shields.io/github/license/terraform-aws-modules/terraform-aws-eks)](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/LICENSE) +[![LICENSE](https://img.shields.io/github/license/terraform-aws-modules/terraform-aws-eks)](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/LICENSE) A terraform module to create a managed Kubernetes cluster on AWS EKS. Available through the [Terraform registry](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws). @@ -19,10 +19,6 @@ Read the [AWS docs on EKS to get connected to the k8s dashboard](https://docs.aw ## Usage example A full example leveraging other community modules is contained in the [examples/basic directory](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/basic). -Please do not forget to set the provider to the EKS cluster. This is needed to provision the aws_auth configmap in -kube-system. You can also use this provider to create your own kubernetes resources with the terraform kubernetes -provider. -Here's the gist of using it via the Terraform registry: ```hcl data "aws_eks_cluster" "cluster" { @@ -42,26 +38,18 @@ provider "kubernetes" { } module "my-cluster" { - source = "terraform-aws-modules/eks/aws" - cluster_name = "my-cluster" - subnets = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"] - vpc_id = "vpc-1234556abcdef" + source = "terraform-aws-modules/eks/aws" + cluster_name = "my-cluster" + cluster_version = "1.14" + subnets = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"] + vpc_id = "vpc-1234556abcdef" worker_groups = [ { instance_type = "m4.large" asg_max_size = 5 - tags = [{ - key = "foo" - value = "bar" - propagate_at_launch = true - }] } ] - - tags = { - environment = "test" - } } ``` @@ -116,7 +104,7 @@ The [changelog](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/ ## Authors Created by [Brandon O'Connor](https://github.com/brandoconnor) - brandon@atscale.run. -Maintained by [Max Williams](https://github.com/max-rocket-internet) +Maintained by [Max Williams](https://github.com/max-rocket-internet) and [Thierno IB. BARRY](https://github.com/barryib). Many thanks to [the contributors listed here](https://github.com/terraform-aws-modules/terraform-aws-eks/graphs/contributors)! ## License diff --git a/docs/spot-instances.md b/docs/spot-instances.md index 4dcd8f1..06ca2e8 100644 --- a/docs/spot-instances.md +++ b/docs/spot-instances.md @@ -87,6 +87,8 @@ Launch Template support is a recent addition to both AWS and this module. It mig ] ``` -## Important issues +## Important Notes -- https://github.com/kubernetes/autoscaler/issues/1133 +An issue with the cluster-autoscaler: https://github.com/kubernetes/autoscaler/issues/1133 + +AWS have released their own termination handler now: https://github.com/aws/aws-node-termination-handler diff --git a/docs/upgrading-to-aws-auth-kubernetes-provider.md b/docs/upgrading-to-aws-auth-kubernetes-provider.md deleted file mode 100644 index 345828b..0000000 --- a/docs/upgrading-to-aws-auth-kubernetes-provider.md +++ /dev/null @@ -1,14 +0,0 @@ -# Upgrading from version <= 7.x to 8.0.0 - -In version 8.0.0 the way the aws-auth config map in the kube-system namespaces is managed, has been changed. -Before this was managed via kubectl using a null resources. This was changed to be managed by the terraform kubernetes -provider. - -To upgrade you have to add the kubernetes provider to the place you are calling the module. You can see examples in -the [examples](../examples) folder. -You also have to delete the aws-auth config map before doing an apply. - -**This means you need to the apply with the same user/role that created the cluster.** - -Since this user will be the only one with admin on the k8s cluster. After that the resource is managed trough the -terraform kubernetes provider. \ No newline at end of file