v3.0.1

What's Changed

• fix: pod identity iam role name length by @uchinda-sph in #21

Full Changelog: v3.0.0...v3.0.1

v3.0.0

⚠️ Breaking Change:

Major Module & Provider Upgrades

This release introduces several breaking changes to align with the latest AWS and EKS best practices:

• IAM Module Refactor:
  The secrets_manager_role module source and version have been updated:

  • Source changed to iam-role-for-service-accounts (was iam-role-for-service-accounts-eks).
  • Module version bumped to ~> 6.0.
  • Variable names and outputs have changed:
    • Use name, arn, path, and unique_id (was iam_role_name, iam_role_arn, etc.)
    • Update your Terraform code and references accordingly.
  • Moved Block Required:
    • See the new moved blocks for resource migration. If you are upgrading an existing state, ensure you run terraform state mv or terraform apply and carefully review the moved blocks to prevent resource replacement.

• Pod Identity Module

  • Upgraded the eks-pod-identity module version (now ~> 2.0).

• Minimum Terraform and Helm Provider Versions Increased

  • Terraform version updated to >= 1.5 (was >= 1.0).
  • Helm provider required version updated to >= 3.0 (was >= 2.5).

• Default Chart and Image Versions Bumped

  • Default versions for Helm charts and container images (driver, CRDs, registrar, liveness, ASCP) have all been updated. Review override variables if you use custom image or chart versions.

Migration Guide

Important:
You must manually update existing state or configuration according to the new outputs/variables, and review the moved blocks. Back up your state before upgrading.

v2.2.0

Breaking Changes

• Support for EKS Pod Identity: Introduced the iam_role_type variable to select the IAM role type, allowing users to choose between irsa (IAM Roles for Service Accounts) and pod_identity (EKS Pod Identity). This change may affect existing configurations, as the default behavior has been modified to pod_identity.

Upgrade Instructions

1. Review and Update Configuration: Examine your current Terraform configuration and determine which IAM role type (irsa or pod_identity) aligns with your deployment.

2. Set the iam_role_type Variable: Explicitly define the iam_role_type variable in your Terraform configuration to match your chosen IAM role type. For example:

   module "secrets_store_csi" {
     source        = "SPHTech-Platform/secrets-store-csi/aws"
     version       = "~> 2.2.0"
     iam_role_type = "irsa" # or "pod_identity"
     # ... other configurations ...
   }

Notes

• Impact Assessment: Due to the introduction of the iam_role_type variable, existing deployments without this variable set may experience changes in behavior. It's crucial to review and adjust your configuration accordingly to prevent unexpected issues.

Full Changelog: v2.1.1...v2.2.0

v2.1.1

What's Changed

• refactor: Update the chart versions
• fix: ascp image path by @uchinda-sph in #16

Full Changelog: v2.1.0...v2.1.1

v2.1.0

What's Changed

• refactor: update helm repo of ascp and csi driver version by @uchinda-sph in #15

Full Changelog: v2.0.1...v2.1.0

v2.0.1

What's Changed

• update the repo url from gcr.io to k8s.io by @uchinda-sph in #12

Full Changelog: v2.0.0...v2.0.1

v2.0.0

⚠ BREAKING CHANGES

• set default namespace to secrets-store-csi-system

What's Changed

• Add namespace for secrets csi driver by @thepoppingone in #11
• set ascp_priority_class_name default value by @uchinda-sph in #10

New Contributors

• @thepoppingone made their first contribution in #11

Full Changelog: v1.0.2...v2.0.0

v1.0.3

Full Changelog: v1.0.2...v1.0.3

v1.0.2

What's Changed

• Updated resource "requests" for secrets-store-csi-driver pods by @franklinpashok in #8
• set priorityClassName to system-node-critical by @uchinda-sph in #9

Full Changelog: v1.0.1...v1.0.2

v1.0.1

What's Changed

• Update readme by @chrissng in #7

Full Changelog: v1.0.0...v1.0.1