BREAKING CHANGES: The private endpoint security group rule has been renamed to allow the use of CIDR blocks and Security Groups as source. This will delete the `cluster_private_access` Security Group Rule for existing cluster. Please rename by `aws_security_group_rule.cluster_private_access[0]` into `aws_security_group_rule.cluster_private_access_cidrs_source[0]`.
Co-authored-by: Thierno IB. BARRY <ibrahima.br@gmail.com>
NOTES: Using the [terraform-aws-modules/http](https://registry.terraform.io/providers/terraform-aws-modules/http/latest) provider is a more platform agnostic way to wait for the cluster availability than using a local-exec. With this change we're able to provision EKS clusters and manage the `aws_auth` configmap while still using the `hashicorp/tfc-agent` docker image.
NOTE: The usage of customer managed policy, not an inline policy, for the `cluster_elb_sl_role_creation policy` is common for "enterprise" AWS users to disallow inline policies with an SCP rule for auditing-related reasons, and this accomplishes the same thing.
BREAKING CHANGES: Default for `cluster_endpoint_private_access_cidrs` is now `null` instead of `["0.0.0.0/0"]`. It makes the variable required when `cluster_create_endpoint_private_access_sg_rule` is set to `true`. This will force everyone who want to have a private access to set explicitly their allowed subnets for the sake of the principle of least access by default.
In order to ensure proper ordering when running terraform destroy. This will block Terraform from removing up security group rules before the cluster has finished its clean up chores.
* Configurable local exec command for waiting until cluster is healthy
* readme
* line feeds
* format
* fix readme
* fix readme
* Configurable local exec command for waiting until cluster is healthy (#1)
* Configurable local exec command for waiting until cluster is healthy
* readme
* line feeds
* format
* fix readme
* fix readme
* change log
* Configurable local exec wait 4 cluster op (#2)
* Configurable local exec command for waiting until cluster is healthy
* readme
* line feeds
* format
* fix readme
* fix readme
* change log
* changelog (#3)
* Changelog (#4)
* changelog
* changelog
* simplify wait_for_cluster command
* readme
* no op for manage auth false
* formatting
* docs? not sure
* linter
* specify dependency to wait for cluster more accurately
* wait for cluster to respond before creating auth config map
* adds changelog entry
* fixup tf format
* fixup kubernetes required version
* fixup missing local for kubeconfig_filename
* combine wait for cluster into provisioner on cluster; change status check to /healthz on endpoint
* fix: make kubernetes provider version more permissive
* Add destroy-time flag
* Update changelog
Fix cluster count
* Fix cluster count
* Fix docs
* Fix outputs
* Fix unsupported attribute on cluster_certificate_authority_data output
Co-Authored-By: Daniel Piddock <33028589+dpiddockcmp@users.noreply.github.com>
* Remove unnecessary flatten from cluster_endpoint output
Co-Authored-By: Daniel Piddock <33028589+dpiddockcmp@users.noreply.github.com>
* Improve description of var.enabled
* Fix errors manifesting when used on an existing-cluster
* Update README.md
* Renamed destroy-time flag
* Revert removal of changelog addition entry
* Update flag name in readme
* Update flag variable name
* Update cluster referencing for consistency
* Update flag name to `create_eks`
* Fixed incorrect count-based reference to aws_eks_cluster.this (there's only one)
* Replaced all incorrect aws_eks_cluster.this[count.index] references (there will be just one, so using '[0]').
* Changelog update, explicitly mentioning flag
* Fixed interpolation deprecation warning
* Fixed outputs to support conditional cluster
* Applied create_eks to aws_auth.tf
* Removed unused variable. Updated Changelog. Formatting.
* Fixed references to aws_eks_cluster.this[0] that would raise errors when setting create_eks to false whilst having launch templates or launch configurations configured.
* Readme and example updates.
* Revert "Readme and example updates."
This reverts commit 18a0746355e136010ad54858a1b518406f6a3638.
* Updated readme section of conditionally creation with provider example.
* Added conditions to node_groups.
* Fixed reversed map_roles check
* Update aws_auth.tf
Revert this due to https://github.com/terraform-aws-modules/terraform-aws-eks/pull/611
* Adding tags for Cloudwatch log group
* Adding tags for workers IAM role
* Update CHANGELOG.md
* Removing change in CHANGELOG.md
* Fixing formatting issues
* run terraform upgrade tool
* fix post upgrade TODOs
* use strict typing for variables
* upgrade examples, point them at VPC module tf 0.12 PR
* remove unnecessary `coalesce()` calls
coalesce(lookup(map, key, ""), default) -> lookup(map, key, default)
* Fix autoscaling_enabled broken (#1)
* always set a value for tags, fix coalescelist calls
* always set a value for these tags
* fix tag value
* fix tag value
* default element available
* added default value
* added a general default
without this default - TF is throwing an error when running a destroy
* Fix CI
* Change vpc module back to `terraform-aws-modules/vpc/aws` in example
* Update CHANGELOG.md
* Change type of variable `cluster_log_retention_in_days` to number
* Remove `xx_count` variables
* Actual lists instead of strings with commas
* Remove `xx_count` variable from docs
* Replace element with list indexing
* Change variable `worker_group_tags` to a attribute of worker_group
* Fix workers_launch_template_mixed tags
* Change override_instance_type_x variables to list.
* Update CHANGELOG.md
* Adding new mixed type of worker group with instance overrides and mixed instances policy
* moving all count and lifecycle rule parameters to top/bottom
* adding custom IAM parts
* updating doc with new options
* fixes for spot instances
