feat: Add support for upgrade_policy (#3112)

* feat: Add support for `upgrade_policy` * chore: Update test and validate
2026-01-17 00:57:28 +01:00 · 2024-08-05 09:07:13 -05:00
parent 705eb80cfa
commit e12ab7a5de
27 changed files with 55 additions and 36 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.92.0
+    rev: v1.92.1
    hooks:
      - id: terraform_fmt
      - id: terraform_docs
--- a/README.md
+++ b/README.md
@@ -176,7 +176,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9 |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 3.0 |

@@ -184,7 +184,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 | <a name="provider_time"></a> [time](#provider\_time) | >= 0.9 |
 | <a name="provider_tls"></a> [tls](#provider\_tls) | >= 3.0 |

@@ -267,6 +267,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple
 | <a name="input_cluster_service_ipv6_cidr"></a> [cluster\_service\_ipv6\_cidr](#input\_cluster\_service\_ipv6\_cidr) | The CIDR block to assign Kubernetes pod and service IP addresses from if `ipv6` was specified when the cluster was created. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster | `string` | `null` | no |
 | <a name="input_cluster_tags"></a> [cluster\_tags](#input\_cluster\_tags) | A map of additional tags to add to the cluster | `map(string)` | `{}` | no |
 | <a name="input_cluster_timeouts"></a> [cluster\_timeouts](#input\_cluster\_timeouts) | Create, update, and delete timeout configurations for the cluster | `map(string)` | `{}` | no |
+| <a name="input_cluster_upgrade_policy"></a> [cluster\_upgrade\_policy](#input\_cluster\_upgrade\_policy) | Configuration block for the cluster upgrade policy | `any` | `{}` | no |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.27`) | `string` | `null` | no |
 | <a name="input_control_plane_subnet_ids"></a> [control\_plane\_subnet\_ids](#input\_control\_plane\_subnet\_ids) | A list of subnet IDs where the EKS cluster control plane (ENIs) will be provisioned. Used for expanding the pool of subnets used by nodes/node groups without replacing the EKS control plane | `list(string)` | `[]` | no |
 | <a name="input_create"></a> [create](#input\_create) | Controls if resources should be created (affects nearly all resources) | `bool` | `true` | no |
--- a/examples/eks-managed-node-group/versions.tf
+++ b/examples/eks-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
  }
 }
--- a/examples/karpenter/README.md
+++ b/examples/karpenter/README.md
@@ -89,7 +89,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.7 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 2.0 |

@@ -97,8 +97,8 @@ Note that this example may create resources which cost money. Run `terraform des

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58 |
-| <a name="provider_aws.virginia"></a> [aws.virginia](#provider\_aws.virginia) | >= 5.58 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
+| <a name="provider_aws.virginia"></a> [aws.virginia](#provider\_aws.virginia) | >= 5.61 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.7 |
 | <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | >= 2.0 |

--- a/examples/karpenter/versions.tf
+++ b/examples/karpenter/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
    helm = {
      source  = "hashicorp/helm"
--- a/examples/outposts/README.md
+++ b/examples/outposts/README.md
@@ -46,14 +46,14 @@ terraform destroy --auto-approve
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.20 |

 ## Providers

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.20 |

 ## Modules
--- a/examples/outposts/prerequisites/versions.tf
+++ b/examples/outposts/prerequisites/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
  }
 }
--- a/examples/outposts/versions.tf
+++ b/examples/outposts/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
--- a/examples/self-managed-node-group/versions.tf
+++ b/examples/self-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
  }
 }
--- a/main.tf
+++ b/main.tf
@@ -84,6 +84,14 @@ resource "aws_eks_cluster" "this" {
    }
  }

+  dynamic "upgrade_policy" {
+    for_each = length(var.cluster_upgrade_policy) > 0 ? [var.cluster_upgrade_policy] : []
+
+    content {
+      support_type = try(upgrade_policy.value.support_type, null)
+    }
+  }
+
  tags = merge(
    { terraform-aws-modules = "eks" },
    var.tags,
--- a/modules/eks-managed-node-group/README.md
+++ b/modules/eks-managed-node-group/README.md
@@ -64,13 +64,13 @@ module "eks_managed_node_group" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |

 ## Providers

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |

 ## Modules

--- a/modules/eks-managed-node-group/versions.tf
+++ b/modules/eks-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
  }
 }
--- a/modules/fargate-profile/README.md
+++ b/modules/fargate-profile/README.md
@@ -29,13 +29,13 @@ module "fargate_profile" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |

 ## Providers

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |

 ## Modules

--- a/modules/fargate-profile/versions.tf
+++ b/modules/fargate-profile/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
  }
 }
--- a/modules/karpenter/README.md
+++ b/modules/karpenter/README.md
@@ -86,13 +86,13 @@ module "karpenter" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |

 ## Providers

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |

 ## Modules

--- a/modules/karpenter/versions.tf
+++ b/modules/karpenter/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
  }
 }
--- a/modules/self-managed-node-group/README.md
+++ b/modules/self-managed-node-group/README.md
@@ -43,13 +43,13 @@ module "self_managed_node_group" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |

 ## Providers

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |

 ## Modules

--- a/modules/self-managed-node-group/versions.tf
+++ b/modules/self-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
  }
 }
--- a/tests/eks-managed-node-group/README.md
+++ b/tests/eks-managed-node-group/README.md
@@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |

 ## Providers

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |

 ## Modules

--- a/tests/eks-managed-node-group/main.tf
+++ b/tests/eks-managed-node-group/main.tf
@@ -7,7 +7,7 @@ data "aws_availability_zones" "available" {}

 locals {
  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
-  cluster_version = "1.29"
+  cluster_version = "1.30"
  region          = "eu-west-1"

  vpc_cidr = "10.0.0.0/16"
@@ -61,6 +61,10 @@ module "eks" {
    }
  }

+  cluster_upgrade_policy = {
+    support_type = "STANDARD"
+  }
+
  vpc_id                   = module.vpc.vpc_id
  subnet_ids               = module.vpc.private_subnets
  control_plane_subnet_ids = module.vpc.intra_subnets
--- a/tests/eks-managed-node-group/versions.tf
+++ b/tests/eks-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
  }
 }
--- a/tests/fargate-profile/README.md
+++ b/tests/fargate-profile/README.md
@@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |

 ## Providers

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |

 ## Modules

--- a/tests/fargate-profile/versions.tf
+++ b/tests/fargate-profile/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
  }
 }
--- a/tests/self-managed-node-group/README.md
+++ b/tests/self-managed-node-group/README.md
@@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61 |

 ## Providers

 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61 |

 ## Modules

--- a/tests/self-managed-node-group/versions.tf
+++ b/tests/self-managed-node-group/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
  }
 }
--- a/variables.tf
+++ b/variables.tf
@@ -44,6 +44,12 @@ variable "authentication_mode" {
  default     = "API_AND_CONFIG_MAP"
 }

+variable "cluster_upgrade_policy" {
+  description = "Configuration block for the cluster upgrade policy"
+  type        = any
+  default     = {}
+}
+
 variable "cluster_additional_security_group_ids" {
  description = "List of additional, externally created security group IDs to attach to the cluster control plane"
  type        = list(string)
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.58"
+      version = ">= 5.61"
    }
    tls = {
      source  = "hashicorp/tls"