v0.22.2

What's Changed

EKS Version Bump:

• Updated the default EKS cluster version from 1.33 to 1.34.
• Adjusted validation logic to support Kubernetes versions up to 1.34.
• Improved error messages for unsupported EKS versions.

AWS Secrets Store CSI Driver Provider

• A new variable addon_ascp_enabled (default: true) enables automatic installation of the AWS Secrets Store CSI Driver Provider as an EKS addon.
• Note:
  If you use the SPHTech-Platform/terraform-aws-secrets-store-csi module to install the AWS Secrets Store CSI driver provider, set addon_ascp_enabled = false in this module to prevent duplicate installation.
  Alternatively, consider migrating the addon installation to this module and remove separate module usage.

---

Full Changelog: v0.22.1...v0.22.2

v0.22.1

What's Changed

Fixed:

• Updated the assignment of groupIds for Fargate node security group policies in both fargate_profile.tf and karpenter.tf.
• The value for groupIds now uses tostring(module.eks.node_security_group_id) instead of passing the ID directly.
• This change ensures type consistency and prevents possible issues with resource attribute evaluation when node_security_group_id is not already a string.

Impact:

• Users will see improved compatibility and reliability when applying these resources, especially in cases where the security group ID was previously returned as a number or non-string type.
• No breaking changes, but the fix guards against potential runtime errors during Terraform apply.

v0.22.0

🚨 Breaking Change

This release introduces significant breaking changes to the terraform-aws-eks module. Please read and follow the notes below to ensure your usage is compatible with the latest version.

---

1. Variable Renames and Structural Updates

• Cluster Variable Names

  • cluster_name → Renamed to name
  • cluster_version → Renamed to kubernetes_version
  • cluster_enabled_log_types → Renamed to enabled_log_types
  • cluster_service_ipv4_cidr → Renamed to service_ipv4_cidr
  • cluster_service_ipv6_cidr → Renamed to service_ipv6_cidr
  • cluster_ip_family → Renamed to ip_family
  • cluster_additional_security_group_ids → Renamed to additional_security_group_ids
  • create_cluster_security_group → Renamed to create_security_group
  • cluster_security_group_name → Renamed to security_group_name
  • cluster_security_group_additional_rules → Renamed to security_group_additional_rules
  • cluster_addons → Renamed to addons
  • cluster_addons_timeouts → Renamed to addons_timeouts
  • cluster_endpoint_private_access → Renamed to endpoint_private_access
  • cluster_endpoint_public_access → Renamed to endpoint_public_access
  • cluster_endpoint_public_access_cidrs → Renamed to endpoint_public_access_cidrs

• Module Inputs and Outputs

  • Many input variable names, module blocks, and outputs have changed. Update your root module variables and references accordingly.

---

2. Required Terraform & Provider Versions

• Minimum Terraform version updated to 1.5
• AWS Provider minimum version bumped to 6.0
• Helm/Kubernetes providers minimum versions increased to 3.0 and 2.29 respectively

---

3. IAM & IRSA Module Changes

• The IAM for Service Accounts source changed:
  • Old: modules/iam-role-for-service-accounts-eks
  • New: modules/iam-role-for-service-accounts
• Input names for roles, descriptions, boundary, and policy ARNs have changed for compatibility with v6+.
• Service account ARNs and resource references have changed (e.g., iam_role_arn → arn).

---

4. aws-auth Management Removed

• All aws_auth/RBAC configmap management variables, templates, and functionality have been removed.
• You must now manage the aws-auth configmap outside this module or via an explicit solution.
• Files such as aws_auth.tf and templates/aws_auth.yaml.tpl have been deleted.

---

5. Node Group Input and Default Changes

• Node group variables have been revised (e.g., platform is now ami_type and defaults have moved to AWS EKS expected values).
• Managed Node groups: input variables now require kubernetes_version not cluster_version.
• Additional variables have been added, and some defaults removed or changed.

---

6. Updated Module Sources and Minimums

• All major module sources, including EKS, self-managed nodes, managed nodes, and Fargate, now require newer versions.
• Some features/options have moved or changed in the 21.x versions—review your code for any deprecated blocks.

---

7. Helm/Chart Version Bumps and Structural Updates

• Helm and underlying Kubernetes chart variables and defaults have changed.
• Several chart/component defaults updated to latest releases (e.g., Karpenter, cert-manager, fluent-bit, node-exporter, kube-state-metrics, etc.).
• Chart value structures changed from static templates to dynamic/YAML-encoded blocks in places (see karpenter for an example).

---

8. KEDA Support Added

• Native support for deploying KEDA introduced.
• New variables/blocks: keda_enabled and associated configuration.

---

⚠️ Migration Steps & Action Required

1. Update Terraform Configuration: Carefully review all your variable usages and update names/structure to match the new required inputs.

   Example Migration:

   # ---------------------------------------------------------
   # PREVIOUS CONFIGURATION (v0.21.x)
   # ---------------------------------------------------------
   required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 4.0, < 6.0"
    }
    helm = {
      source  = "hashicorp/helm"
      version = ">= 2.5, < 3.0"
    }
   }
   
   provider "helm" {
     kubernetes  {
       host                   = data.aws_eks_cluster.this.endpoint
       cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority[0].data)
       token                  = data.aws_eks_cluster_auth.this.token
     }
   }
   
   module "eks" {
     source  = "terraform-aws-modules/eks/aws"
     version = "~> 0.21.20"
   
     cluster_name    = "my-cluster"
     cluster_version = "1.32"
   
     cluster_endpoint_private_access = true
     cluster_endpoint_public_access  = true
   
     cluster_addons = {
       coredns = {}
     }
   
     # aws-auth was previously managed here
     manage_aws_auth_configmap = true
   }
   
   
   
   # ---------------------------------------------------------
   # NEW CONFIGURATION (v0.22.x)
   # ---------------------------------------------------------
   required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 4.0"
    }
    helm = {
      source  = "hashicorp/helm"
      version = ">= 2.5"
    }
   }
   
   provider "helm" {
     kubernetes = {
       host                   = data.aws_eks_cluster.this.endpoint
       cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority[0].data)
       token                  = data.aws_eks_cluster_auth.this.token
     }
   }
   
   module "eks" {
     source  = "terraform-aws-modules/eks/aws"
     version = "~> 21.0"
   
     name               = "my-cluster"  # Renamed from cluster_name
     kubernetes_version = "1.33"        # Renamed from cluster_version
   
     endpoint_private_access = true     # Renamed from cluster_endpoint_private_access
     endpoint_public_access  = true     # Renamed from cluster_endpoint_public_access
   
     addons = {                         # Renamed from cluster_addons
       coredns = {}
     }
   
     # aws-auth inputs must be removed; manage external to this module if needed.
   }

2. Uninstall node-local-dns:

   • You must manually uninstall the node-local-dns helm chart before applying this update. This ensures the chart is reinstalled cleanly with the new configuration structure.
   • command: helm uninstall node-local-dns -n kube-system (adjust namespace if different).

3. Remove aws-auth: Remove or migrate any aws-auth configmap management logic outside of this module—this has been deleted.

4. Verify Providers: Ensure your provider versions are upgraded to match the new minimums (AWS >= 6.0, Helm >= 3.0).

---

Terraform plan/apply will fail with outdated variable names, missing required arguments, or provider version mismatches. Thoroughly review the updated documentation, variables, and examples before upgrading.

by @uchinda-sph in #180

Full Changelog: v0.21.25...v0.22.0

v0.21.25

What's Changed

• chore: Updated the EKS cluster version validation to support up to version 1.33.

by @uchinda-sph in #181

Full Changelog: v0.21.24...v0.21.25

v0.21.24

What's Changed

• chore: Update karpenter nodepool to set terminationGracePeriod value by @uchinda-sph in #178

Full Changelog: v0.21.23...v0.21.24

v0.21.23

What's Changed

• fix: Prevented duplicate Fargate profiles per zone when adding multiple subnets by @uchinda-sph in #177

Full Changelog: v0.21.22...v0.21.23

v0.21.22

What's Changed

• add custom parser variable by @zodilib in #176
• add kubernetes api endpoint

Full Changelog: v0.21.21...v0.21.22

v0.21.21

What's Changed

• fix: set nodelocaldns_no_ipv6_lookups variable default value to false by @uchinda-sph in #175

Full Changelog: v0.21.20...v0.21.21

v0.21.20

What's Changed

🛠️ Karpenter

• Upgraded Karpenter to version 1.4.0 for improved stability and performance.

🏗️ EKS Essentials

• Update Local Node DNS Cache: Upgrade the Helm Chart version and Repo to support with IPv6 clusters

Important:

If kube-proxy mode is IPVS, users are required to configure the karpenter_nodeclass_kubelet_clusterdns_ips variable with the same value as the essential module's nodelocaldns_localdns_ip.

Full Changelog: v0.21.19...v0.21.20

v0.21.19

What's Changed

🏗️ EKS Essentials

• Update Local Node DNS Cache: Add nodelocaldns_image_repository variable.

module "eks_essentials" {
  source  = "modules/essentials"

  nodelocaldns_enabled          = true
  nodelocaldns_localdns_ip      = "169.254.20.10"
  nodelocaldns_image_repository = "k8s.gcr.io/dns/k8s-dns-node-cache"
}

Full Changelog: v0.21.18...v0.21.19