github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-01-16 16:47:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,025 Commits 2 Branches 0 Tags
f1bbfc4740d2fc16fb68310fbf00a3bd47163aa9
Commit Graph

84 Commits

Author SHA1 Message Date
Bryant Biggs
f6255c49e4 feat: Add support for addon and identity provider custom tags (#2938) 
feat: Add support for addon and OIDC provider custom tags
 2024-02-21 17:33:59 -05:00
Bourne-ID
1e32e6a9f8 fix: Update access entries kubernetes_groups default value to null (#2897) 
fix: Update default groups from [] to null

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
 2024-02-06 09:04:22 -05:00
Bryant Biggs
417791374c fix: Correct cluster access entry to create multiple policy associations per access entry (#2892) 2024-02-03 06:47:15 -05:00
Bryant Biggs
6b40bdbb1d feat!: Replace the use of aws-auth configmap with EKS cluster access entry (#2858) 
* feat: Replace `resolve_conflicts` with `resolve_conflicts_on_create`/`delete`; raise MSV of AWS provider to `v5.0` to support

* fix: Replace dynamic DNS suffix for `sts:AssumeRole` API calls for static suffix

* feat: Add module tag

* feat: Align Karpenter permissions with Karpenter v1beta1/v0.32 permissions from upstream

* refactor: Move `aws-auth` ConfigMap functionality to its own sub-module

* chore: Update examples

* feat: Add state `moved` block for Karpenter Pod Identity role re-name

* fix: Correct variable `create` description

* feat: Add support for cluster access entries

* chore: Bump MSV of Terraform to `1.3`

* fix: Replace defunct kubectl provider with an updated forked equivalent

* chore: Update and validate examples for access entry; clean up provider usage

* docs: Correct double redundant variable descriptions

* feat: Add support for Cloudwatch log group class argument

* fix: Update usage tag placement, fix Karpenter event spelling, add upcoming changes section to upgrade guide

* feat: Update Karpenter module to generalize naming used and align policy with the upstream Karpenter policy

* feat: Add native support for Windows based managed nodegroups similar to AL2 and Bottlerocket

* feat: Update self-managed nodegroup module to use latest features of ASG

* docs: Update and simplify docs

* fix: Correct variable description for AMI types

* fix: Update upgrade guide with changes; rename Karpenter controller resource names to support migrating for users

* docs: Complete upgrade guide docs for migration and changes applied

* Update examples/karpenter/README.md

Co-authored-by: Anton Babenko <anton@antonbabenko.com>

* Update examples/outposts/README.md

Co-authored-by: Anton Babenko <anton@antonbabenko.com>

* Update modules/karpenter/README.md

Co-authored-by: Anton Babenko <anton@antonbabenko.com>

---------

Co-authored-by: Anton Babenko <anton@antonbabenko.com>
 2024-02-02 09:36:25 -05:00
BlacksmithJoe
4c5c97b5d4 feat: Add tags for CloudWatch log group only (#2841) 
* feature: added cloudwatch log group tags input

* fix: terraform docs run
 2023-12-11 09:54:19 -05:00
Daniel Frankcom
091c68051d feat: Allow OIDC root CA thumbprint to be included/excluded (#2778) 
* fix: Allow OIDC root CA thumbprint to be included/excluded

* chore: Consolidate conditional logic within local conditional

---------

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
 2023-11-14 10:07:47 -05:00
Bryant Biggs
0732bea85f feat: Update KMS module to avoid calling data sources when create_kms_key = false (#2804) 2023-11-04 08:41:59 -04:00
Daniel Frankcom
7e5de1566c fix: Only include CA thumbprint in OIDC provider list (#2769) 
As per #2732 and #32847, only the CA thumbprint should be included in
the OIDC provider thumbprint list.
 2023-10-06 19:26:35 -04:00
Angel Moctezuma
adb47f46dc feat: Add node_iam_role_arns local variable to check for Windows platform on EKS managed nodegroups (#2477) 
Update node_iam_role_arns locals to check for Windows Managed Node Groups

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
 2023-08-03 19:23:36 -04:00
Roberto Devesa
c86f8d4db3 fix: Use coalesce when desired default value is not null (#2696) 
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
 2023-07-27 07:58:01 -04:00
Bryant Biggs
e23139ad2d fix: Revert changes to ignore role_last_used (#2629) 2023-05-24 17:54:33 -04:00
Eric Bailey
f8ea3d08ad feat: Ignore changes to *.aws_iam_role.*.role_last_used (#2628) 2023-05-24 13:46:52 -04:00
visokoo
e64a490d8d fix: Add Name tag for EKS cloudwatch log group (#2500) 
Co-authored-by: Vivian Ta <vivianta@rivian.com>
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
 2023-03-23 11:56:42 -04:00
Bryant Biggs
78027f37e4 feat: Add support for enabling addons before data plane compute is created (#2478) 2023-02-17 07:28:03 -05:00
Matt Parkes
5015b429e6 feat: Ignore changes to labels and annotations on on aws-auth ConfigMap (#2380) 
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
Fixes https://github.com/terraform-aws-modules/terraform-aws-eks/issues/2379
 2023-01-05 12:32:23 -05:00
Bryant Biggs
71b8ecaa87 fix: Use IAM session context data source to resolve the identities role when using assumed_role (#2347) 2022-12-17 07:32:04 -05:00
Bryant Biggs
3b62f6c316 feat: Add support for addon configuration_values (#2345) 
Resolves undefined
 2022-12-16 14:44:21 -05:00
Bryant Biggs
ca03fd9ec1 docs: Correct spelling mistakes (#2334) 
Resolves undefined
 2022-12-08 09:35:28 -05:00
Carlos Santana
b83f6d98bf fix: Ensure that custom KMS key is not created if encryption is not enabled, support computed values in cluster name (#2328) 
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
Resolves undefined
Resolved undefined
Closes undefined
 2022-12-07 11:05:49 -05:00
Sebastian Melchior
3f6d915eef fix: public_access_cidrs require a value even if public endpoint is disabled (#2320) 
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
 2022-12-06 16:55:02 -05:00
Adam Staudt
7bc4a2743f fix: Call to lookup() closed too early, breaks sg rule creation in cluster sg if custom source sg is defined. (#2319) 
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
 2022-12-06 14:10:29 -05:00
Bryant Biggs
b2e97ca3dc feat!: Add support for Outposts, remove node security group, add support for addon preserve and most_recent configurations (#2250) 
Co-authored-by: Anton Babenko <anton@antonbabenko.com>
Resolves undefined
 2022-12-05 16:26:23 -05:00
ThetaSinner
7436178cc1 fix: Include all certificate fingerprints in the OIDC provider thumbprint list (#2307) 
Co-authored-by: gdjensen <gjensen@tradewelltech.co>
 2022-11-22 11:16:39 -05:00
Bryant Biggs
28ccecefe2 fix: Disable creation of cluster security group rules that map to node security group when create_node_security_group = false (#2274) 
* fix: Disable creation of cluster security group rules that map to node security group when `create_node_security_group` = `false`

* feat: Update Fargate example to run only Fargate and show disabling of both cluster and node security groups

* fix: Ensure CoreDNS changes are made ahead of install
 2022-10-14 09:16:57 -04:00
Zvika Nadav
ac4d549629 fix: Update CloudWatch log group creation deny policy to use wildcard (#2267) 
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
 2022-10-11 16:28:06 -04:00
Bryant Biggs
a74e98017b feat: Add output for cluster TLS certificate SHA1 fingerprint and provider tags to cluster primary security group (#2249) 2022-09-29 15:34:20 -04:00
Igor Brites
93065fabdf feat: Default to clusters OIDC issuer URL for aws_eks_identity_provider_config (#2190) 
feat: setting oidc issuer as default option for aws_eks_identity_provider_config

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
 2022-08-09 15:06:39 -04:00
Bryant Biggs
d990ea8aff fix: Pin TLS provider version to 3.x versions only (#2174) 2022-07-22 08:29:00 -04:00
Pedro Fragoso
0fd1ab1db9 fix: Bump kms module to 1.0.2 to fix malformed policy document when not specifying key_owners (#2163) 2022-07-20 14:05:47 -04:00
Bryant Biggs
bc04cd3a0a fix: Update KMS module version which aligns on module version requirements (#2127) 2022-06-29 07:51:44 -04:00
Bryant Biggs
75acb09ec5 feat: Add support for creating KMS key for cluster secret encryption (#2121) 
* feat: Add support for creating KMS key for cluster secret encryption

* fix: Update naming scheme to include `kms_`
 2022-06-28 10:55:39 -04:00
wreulicke
e0f5995a8b docs: Update link for EKS service role (#2118) 2022-06-26 10:15:34 -04:00
Bryant Biggs
5a5a32ed12 fix: Remove modified_at from ignored changes on EKS addons (#2114) 2022-06-19 08:02:07 -04:00
Bryant Biggs
ebc91bcd37 feat: Add support for specifying conrol plane subnets separate from those used by node groups (data plane) (#2113) 2022-06-18 17:52:30 -04:00
Chris Sng
3feb36927f feat: Apply distinct() on role arns to ensure no duplicated roles in aws-auth configmap (#2097) 2022-06-02 08:12:31 -04:00
Bryant Biggs
51e418216f fix: Add conditional variable to allow users to opt out of tagging cluster primary security group (#2034) 2022-04-21 17:34:58 +02:00
Xin Chen
5da692df67 fix: Correct DNS suffix for OIDC provider (#2026) 
Co-authored-by: Xin Chen <chenxin@konvery.com>
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
 2022-04-20 13:44:48 -04:00
Bryant Biggs
b5ae5daa39 fix: Avoid re-naming the primary security group through a Name tag and leave to the EKS service to manage (#2010) 2022-04-12 10:36:03 +02:00
Bryant Biggs
da3d54cde7 feat: Add support for managing aws-auth configmap using new kubernetes_config_map_v1_data resource (#1999) 2022-04-09 09:15:46 +02:00
Bryant Biggs
6db89f8f20 feat: Add create_before_destroy lifecycle hook to security groups created (#1985) 2022-04-04 16:34:29 +02:00
Bryant Biggs
98e137fad9 feat: Add back in CloudWatch log group create deny policy to cluster IAM role (#1974) 2022-03-30 14:34:44 +02:00
Bryant Biggs
fd3a3e9a96 fix: Default to cluster version for EKS and self managed node groups when a cluster_version is not specified (#1963) 2022-03-24 15:56:55 +01:00
Bryant Biggs
9371a2943b feat: Add tags to EKS created cluster security group to match rest of module tagging scheme (#1957) 2022-03-24 08:05:59 +01:00
Bryant Biggs
5935670503 fix: Compact result of cluster security group to avoid disruptive updates when no security groups are supplied (#1934) 2022-03-15 22:06:15 +01:00
Anton Babenko
fad350d5bf feat: Made it clear that we stand with Ukraine 2022-03-12 11:10:02 +01:00
Bryant Biggs
2df1572b8a feat: Add variables to allow users to control attributes on cluster_encryption IAM policy (#1928) 2022-03-09 15:13:18 +01:00
Bryant Biggs
0fefca76f2 fix: Ensure that cluster encryption policy resources are only relevant when creating the IAM role (#1917) 2022-03-02 22:10:22 +01:00
Bryant Biggs
7644952131 feat: Add additional IAM policy to allow cluster role to use KMS key provided for cluster encryption (#1915) 2022-03-02 18:29:35 +01:00
Bryant Biggs
9af0c2495a fix: Add support for overriding DNS suffix for cluster IAM role service principal endpoint (#1905) 2022-03-02 18:26:20 +01:00
Bryant Biggs
8de02b9ff4 fix: Update examples to show integration and usage of new IRSA submodule (#1882) 2022-02-16 21:23:04 +01:00