github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-02-24 19:44:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
780 Commits 2 Branches 0 Tags
ca7854a49ce3025842a8a67b8d08560ecdc13bb1
Commit Graph

158 Commits

Author SHA1 Message Date
Anton Babenko
fad350d5bf feat: Made it clear that we stand with Ukraine 2022-03-12 11:10:02 +01:00
Bryant Biggs
2df1572b8a feat: Add variables to allow users to control attributes on cluster_encryption IAM policy (#1928) 2022-03-09 15:13:18 +01:00
Bryant Biggs
7644952131 feat: Add additional IAM policy to allow cluster role to use KMS key provided for cluster encryption (#1915) 2022-03-02 18:29:35 +01:00
Bryant Biggs
9af0c2495a fix: Add support for overriding DNS suffix for cluster IAM role service principal endpoint (#1905) 2022-03-02 18:26:20 +01:00
Fernando Viana
3fc9f2d69c feat: Add variable to provide additional OIDC thumbprints (#1865) 
Co-authored-by: Anton Babenko <anton@antonbabenko.com>
 2022-02-15 14:42:44 +01:00
Janosch Maier
6a30b73fe4 docs: Update security group additional rules description for sourcing created security groups (#1860) 
Co-authored-by: Anton Babenko <anton@antonbabenko.com>
 2022-02-09 13:54:38 +01:00
Bryant Biggs
21c3802dea feat: enable IRSA by default (#1849) 2022-02-06 20:36:34 +01:00
Bryant Biggs
314192e2eb feat: Add support for networking ip_family which enables support for IPV6 (#1759) 2022-01-14 21:17:03 +01:00
Devin Young
7089c71e64 fix: Remove trailing hyphen from cluster security group and iam role name prefix (#1745) 2022-01-06 21:29:15 +01:00
Pedro Magalhães
89218279d4 fix: Change variable "node_security_group_additional_rules" from type map(any) to any (#1747) 2022-01-06 21:10:10 +01:00
Bryant Biggs
a2c7caac9f fix: Correct conditional map for cluster security group additional rules (#1738) 2022-01-06 12:27:04 +01:00
Bryant Biggs
ee9f0c646a feat!: Removed support for launch configuration and replace count with for_each (#1680) 2022-01-05 13:01:31 +01:00
Dawid Rogaczewski
4e54eaac16 chore: update cluster_version description (#1671) 2021-11-05 11:12:26 +01:00
Vilvaramadurai Samidurai (Vilva)
ed048f3c1a feat: Added support for client.authentication.k8s.io/v1beta1 (#1550) 2021-11-02 11:19:40 +01:00
Dawid Rogaczewski
99d289988d fix: Rebuild examples (#1625) 2021-10-12 15:20:14 +02:00
Marco Kilchhofer
46f16d6ae8 feat: Ability to specify cluster update timeout (#1588) 2021-09-17 16:45:49 +02:00
Anton Babenko
2bdf7d7dd6 refactor: Refactoring to match the rest of terraform-aws-modules (#1583) 2021-09-16 11:35:44 +02:00
DayneD89
4a7678d372 feat: Added ability to pass different subnets for fargate and the cluster (#1527) 2021-09-06 15:15:38 +02:00
Robert Kozak
b7413b3e37 feat: Allow override of timeouts in node_groups (#1552) 2021-09-03 17:07:59 +02:00
Anton Babenko
c2490c5148 feat: Ability to tag just EKS cluster (#1569) 2021-09-03 16:54:59 +02:00
Scott Cabrinha
6fb02c4fc4 feat: Allow users to add more Audiences to OpenID Connect (#1451) 2021-08-31 12:27:04 +02:00
SNA
686193ed4e feat: Add var.wait_for_cluster_timeout to allow configuring the wait for cluster timeout (#1420) 2021-06-01 23:10:31 +02:00
Marc Haase
796cbead2f feat: Add ability to use Security Groups as source for private endpoint access (#1274) 
BREAKING CHANGES: The private endpoint security group rule has been renamed to allow the use of CIDR blocks and Security Groups as source. This will delete the `cluster_private_access` Security Group Rule for existing cluster. Please rename by `aws_security_group_rule.cluster_private_access[0]` into `aws_security_group_rule.cluster_private_access_cidrs_source[0]`.

Co-authored-by: Thierno IB. BARRY <ibrahima.br@gmail.com>
 2021-05-28 14:56:02 +02:00
Thierno IB. BARRY
d7630ef632 docs: Clarify about the cluster_endpoint_private_access_cidrs usage (#1400) 2021-05-28 02:34:52 +02:00
Thierno IB. BARRY
8765362093 feat: Rename config_output_path into kubeconfig_output_path for naming consistency (#1399) 
BREAKING CHANGES: The  variable `config_output_path` is renamed into `kubeconfig_output_path` for naming consistency. Please upgrade your configuration accordingly.

NOTES: The kubeconfig file permission is not world and group readable anymore. The default permission is now `600`. This value can be changed with the variable `var.kubeconfig_file_permission`.
 2021-05-27 22:59:09 +02:00
Iryna Shustava
4a9fc3af11 feat: Kubeconfig file should not be world or group readable by default (#1114) 
Co-authored-by: Thierno IB. BARRY <ibrahima.br@gmail.com>
 2021-05-27 22:29:17 +02:00
Thierno IB. BARRY
e3bf48bba2 feat: Replace the local-exec script with a http datasource for waiting cluster (#1339) 
NOTES: Using the [terraform-aws-modules/http](https://registry.terraform.io/providers/terraform-aws-modules/http/latest) provider is a more platform agnostic way to wait for the cluster availability than using a local-exec. With this change we're able to provision EKS clusters and manage the `aws_auth` configmap while still using the `hashicorp/tfc-agent` docker image.
 2021-05-17 10:11:36 +02:00
Matt Dainty
2a78efd082 feat: Allow to override cluster and workers egress CIDRs (#1237) 2021-04-20 11:13:14 +02:00
Xavier Fernandez
81bc7a2dd1 feat: Allow to specify the managed cluster IAM role name (#1199) 2021-04-20 10:26:39 +02:00
Peter Parada
8912ae9a8b docs: Fix typos in README and CONTRIBUTING (#1167) 2021-01-28 23:22:53 +01:00
Suresh Kumar Nalluru
d48ff6dccb feat: Add support for service_ipv4_cidr for the EKS cluster (#1139) 2021-01-28 23:14:53 +01:00
nitro
618019e331 docs: Make it more obvious that var.cluster_iam_role_name will allow reusing an existing IAM Role for the cluster. (#1133) 2020-12-23 11:13:01 +01:00
Masih H. Derkani
5d90c8fa7a docs: Fixes typo in variables description (#1154) 2020-12-22 16:50:04 +01:00
Thierno IB. BARRY
0d77e30075 feat: Add EKS Fargate support (#1067) 
Co-authored-by: Simon Gurcke <simon@gurcke.de>
Co-authored-by: Daniel Piddock <33028589+dpiddockcmp@users.noreply.github.com>
 2020-11-07 23:03:12 +01:00
huddy
bba7c151c8 feat: Tags passed into worker groups override tags from var.tags for Autoscaling Groups (#1092) 
NOTES: Tags that are passed into `var.worker_groups_launch_template` or `var.worker_groups` now override tags passed in via `var.tags` for Autoscaling Groups only. This allow ASG Tags to be overwritten, so that `propagate_at_launch` can be tweaked for a particular key.
 2020-11-07 22:20:22 +01:00
Paul Pop
ca7593a6db fix: The type of the output cloudwatch_log_group_name should be a string instead of a list of strings (#1061) 
NOTES: The output `cloudwatch_log_group_name` was incorrectly returning the log group name as a list of strings. As a workaround, people were using `module.eks_cluster.cloudwatch_log_group_name[0]` but that was totally inconsistent with output name. Those users can now use `module.eks_cluster.cloudwatch_log_group_name` directly.
 2020-10-28 22:37:21 +01:00
Guillaume GILL
751c422330 feat: Add kubernetes standard labels to avoid manual mistakes on the managed aws-auth configmap (#989) 2020-10-25 15:14:50 +01:00
Thierno IB. BARRY
094e363362 fix: Use the amazon ImageOwnerAlias for worker ami owner instead of owner id (#1038) 2020-10-06 14:26:50 +02:00
Dawid Rogaczewski
d8ab5d4d6d improvement: update the wait_for_cluster_cmd logic to use curl if wget doesn't exist (#1002) 2020-10-05 14:59:40 +02:00
Anthony Dahanne
1adbe82e15 fix: Create cluster_private_access security group rules when it should (#981) 
BREAKING CHANGES: Default for `cluster_endpoint_private_access_cidrs` is now `null` instead of `["0.0.0.0/0"]`. It makes the variable required when `cluster_create_endpoint_private_access_sg_rule` is set to `true`. This will force everyone who want to have a private access to set explicitly their allowed subnets for the sake of the principle of least access by default.
 2020-09-02 22:38:02 +02:00
Daniel Piddock
1bd5bf5ab9 feat: Cluster version is now a required variable. (#972) 
BREAKING CHANGES: `cluster_version` variable is now required.
 2020-08-14 16:06:53 +02:00
Simon Gurcke
3fefc2a66c feat: Allow communication between pods on workers and pods using the primary cluster security group (optional) (#892) 
NOTES: New variable `worker_create_cluster_primary_security_group_rules` to allow communication between pods on workers and pods using the primary cluster security group (Managed Node Groups or Fargate). It defaults to `false` to avoid potential conflicts with existing security group rules users may have implemented.
 2020-05-30 22:43:26 +02:00
Scott Crooks
99f59bfcc9 feat: Change EKS default version to 1.16 (#857) 2020-05-06 17:20:28 +02:00
Viacheslav Vasilyev
de1419b597 feat: Add interpreter option to wait_for_cluster_cmd (#795) 
Co-authored-by: Vasilyev, Viacheslav <viacheslav.vasilyev@accenture.com>
Co-authored-by: Thierno IB. BARRY <ibrahima.br@gmail.com>
 2020-03-20 21:34:33 +01:00
slimm609
9951c87a86 fix: add ip address when manage_aws_auth is true and public_access is false (#745) 2020-03-19 16:22:22 +01:00
Daniel Piddock
2c98a00b21 improvement: Add timeout to default wait_for_cluster_cmd (#791) 2020-03-17 19:06:09 +01:00
Scott Crooks
7dc56e976b EKS 1.15 Support (#776) 
* chore(eks): Support EKS 1.15

* docs(changelog): Adding entry to CHANGELOG

* chore(examples): Removing VPC tags from merged PR #772

* docs(changelog): Adding 'breaking' to CHANGELOG entry
 2020-03-11 17:06:55 +01:00
Wolodja Wentland
23c005e5ef Add EKS Secret envelope encryption support (#772) 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/
 2020-03-11 12:26:06 +01:00
Igor Konforti
da53b5cab3 changing timeout (#736) 
* change timeout

* Update README.md

Co-authored-by: Max Williams <max.williams@deliveryhero.com>
 2020-02-27 11:41:41 +01:00
Dawid Rogaczewski
3e44835172 change default value for wait_for_cluster_cmd (#750) 
* change wait_for_cluster_cmd method

change default method for wait_for_cluster_cmd from curl to wget to solve https://github.com/terraform-aws-modules/terraform-aws-eks/issues/741

* Update CHANGELOG.md

* update docs

Co-authored-by: Max Williams <max.williams@deliveryhero.com>
 2020-02-27 11:31:20 +01:00