Kubernetes 1.23

Notable changes

• Loki charts has been upgrade to v3 and is now distributed
• Bottlerocket v1.9
• EKS Kubernetes 1.23
• All modules and dependecnies upgraded to latest

Thanks to everyone for reporting issues 💯

What's Changed

• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v8.1.1 by @renovate in #109
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.26.6 by @renovate in #104
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v8.2.1 by @renovate in #111
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9 by @renovate in #112
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.27.1 by @renovate in #113
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.28.0 by @renovate in #114
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9.1.0 by @renovate in #116
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.29.0 by @renovate in #117
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-aws-kms to v1.2.0 by @renovate in #118
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9.2.0 by @renovate in #119
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.14.3 by @renovate in #120
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.14.4 by @renovate in #121
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9.3.0 by @renovate in #122
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9.3.1 by @renovate in #123
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9.4.0 by @renovate in #127
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.15.0 by @renovate in #129
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.29.1 by @renovate in #130
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.16.0 by @renovate in #131
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.30.0 by @renovate in #137
• fix: iam_role statement can't find global_values.yaml by @applike-ss in #133

New Contributors

• @applike-ss made their first contribution in #133

Full Changelog: v8.0.0...v9.0.0

v8.0.0: Native ASG tags, control plane subnets, bottlerocket 1.8

Notable changed

• Dropped AL2 EKS AMI, only Bottlerocket is present now
• use native terraform resources to tag ASG and node groups for cluster autoscaler to and from 0 scaling
• upgrade default kubernetes version to 1.22
• upgrade all EKS addons to latest

What's Changed

• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v4.1.0 by @renovate in #46
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.11.5 by @renovate in #44
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.2.4 by @renovate in #45
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.2.7 by @renovate in #47
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v4.2.0 by @renovate in #48
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.12.0 by @renovate in #50
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.5.0 by @renovate in #49
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.7.1 by @renovate in #53
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v4.3.0 by @renovate in #52
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.7.2 by @renovate in #55
• chore(ci): update actions/setup-python action to v3 by @renovate in #57
• chore(ci): update actions/setup-node action to v3 by @renovate in #56
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.8.1 by @renovate in #60
• chore(ci): update actions/checkout action to v3 by @renovate in #58
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.9.0 by @renovate in #61
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.13.0 by @renovate in #64
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.10.0 by @renovate in #65
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.15.0 by @renovate in #68
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v4.5.0 by @renovate in #66
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5 by @renovate in #69
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.17.0 by @renovate in #70
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.14.0 by @renovate in #71
• Fix README.md links by @svg153 in #76
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.20.2 by @renovate in #77
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5.2.0 by @renovate in #78
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.20.4 by @renovate in #79
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.20.5 by @renovate in #80
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5.3.0 by @renovate in #81
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5.3.1 by @renovate in #82
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5.3.2 by @renovate in #83
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.21.0 by @renovate in #84
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5.4.0 by @renovate in #85
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v6 by @renovate in #86
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v6.1.0 by @renovate in #87
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v6.2.0 by @renovate in #88
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.22.0 by @renovate in #89
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.23.0 by @renovate in #90
• chore(ci): update pre-commit/action action to v3 by @renovate in #91
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-aws-kms to v1.1.0 by @renovate in #95
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.14.1 by @renovate in #96
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.24.0 by @renovate in #97
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.24.1 by @renovate in #98
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.14.2 by @renovate in #99
• feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v7 by @renovate in #94
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.26.0 by @renovate in #102
• feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.26.1 by @renovate in #103
• prep release by @ArchiFleKs in #108

New Contributors

• @svg153 made their first contribution in #76
• @ArchiFleKs made their first contribution in #108

Full Changelog: v7.0.0...v8.0.0

v7.0.0 : 2022, Bottlerocket, full encryption, SSM and more

This is a major release, it took some time to have something clean. Lot's of changes.

Check out the full README for more details on new features

Quickstart

Check out the QUICKSTART guide to get started right away

Upstream modules

This release now use the latest Terraform AWS EKS module in version 18 which had a lot of breaking changes

Bottlerocket support

Bottlerocket OS is available for node groups (see example here). Bottlerocket is a container centric OS with less attack surface and no default shell.

AWS Session Manager support

All the instances (Bottlerocket or Amazon Linux) are registered with AWS Session Manager. No SSH keys or SSH access is open on instances. Shell access on every instance can be given with SSM for added security.

aws ssm start-session --target INSTANCE_ID

From and to Zero scaling with EKS Managed Node Groups

tEKS support scaling to and from 0, even with using well know Kubernetes labels, there are a number of ongoing issues for support of EKS Managed node groups with Cluster Autoscaler. Thanks to automatic ASG tagging, tEKS adds the necessary tags on autoscaling group to balance similar node groups and allow you to scale to and from 0 and even to use well know labels such as node.kubernetes.io/instance-type or topology.kubernetes.io/zone . The logic can be extended to support other well known labels.

Automatic dependencies upgrade

We are using renovate to automatically open PR with the latest dependencies update (Terraform modules upgrade) so you never miss an upgrade and are always up to date with the latest features.

Enforced security

• Encryption by default for root volume on instances with Custom KMS Key
• AWS EBS CSI volumes encrypted by default with Custom KMS Key
• No IAM credentials on instances, everything is enforced with IRSA.
• Each addons is deployed in it's own namespace with sensible default network policies.
• Calico Tigera Operator for network policy.
• PSP are enabled but not enforced because of depreciation.

Out of the box logging

Three stacks are supported:

• AWS for Fluent Bit: Forward containers logs to Cloudwatch Logs
• Grafana Loki: Uses Promtail to forward logs to Loki. Grafana or a tEKS supported monitoring stack (see below) is necessary to display logs.

Out of the box monitoring

• Prometheus Operator with defaults dashboards
• Addons that support metrics are enable along with their serviceMonitor
• Custom grafana dashboard are available by default

Two stacks are supported:

• Victoria Metrics Stack: Victoria Metrics is a Prometheus alertnative, compatible with prometheus CRDs
• Kube Prometheus Stack: Classic Prometheus Monitoring

Long term storage with Thanos

With Prometheus, tEKS includes Thanos by default. Thanos uses S3 to store and query metrics, offering long term storage without the costs. For more information check out our article on the CNCF Blog

Support for ARM instances

With either Amazon Linux or BottleRocket, you can use a mix of ARM and AMD64 instances. Check out our example

v6.0.0: Helm v3, IRSA, PSP and more

This is a major release, it took some time to have something clean. Lot's of changes.

Documentation

Documentation is on it's way here. If someone wants to help with that I'm opened ;)

Upstream module and dependencies

• uses upstream VPC and EKS module.

Kubectl provider

terraform-provider-kubectl is now used to handle custom manifests which work way better than local-exec.

Helm v3

• All the addons now support Helm v3 and have been tested with terraform-provider-helm v1
• More consistent defaults that will make it easier to add or remove feature

Monitoring

• When prometheus-operator is enabled, metrics and serviceMonitor on every other enabled addons that supports it will be enabled.
• In addition of the defaults grafana dashboards, nginx-ingress, cluster-autoscaler and kong dashboard are now shipped with Grafana out of the box

IAM permission

• Addons that required specific IAM permission can now use IRSA which is the default and recommended way .
• KIAM is still available but is not the default.

Pod Security Policy

• default eks privileged PSP is removed, see
• more sensible defaults psp are added (default and privileged)
• kube-system can use privileged psp by default
• added the possibility to make specific namespaces "privileged"
• All addons have specific PSP enabled

Network Policy

• Support Calico
• Addons are deployed into their own namespaces
• Each addons has a default curated network policy

Priority Classes

• make use of priority classes to ensure addons are schedule
• make use of priority classes to ensure addons daemonset have higher priority that default addons that can be scheduled anywhere

Deprecated addons

• istio has been removed because Helm chart is going to be deprecated and istio-operator has been added instead.
• rancher has been removed.

v5.1.0

5.1.0 (2019-12-05)

Feature

• update requirements (e1b2577)
• add demo env (244eefa)
• cleanup old live sample (49c9261)

v5.0.0

5.0.0 (2019-12-05)

Breaking Changes

• remove eks addons module (33c70ae)

BREAKING CHANGE: eks addons module is now in its own repository

https://github.com/clusterfrak-dynamics/terraform-kubernetes-addons

Signed-off-by: Kevin Lefevre <lefevre.kevin@gmail.com>

• remove eks module (f242d18)

BREAKING CHANGE: eks module is now in its own repository

https://github.com/clusterfrak-dynamics/terraform-kubernetes-eks

Signed-off-by: Kevin Lefevre <lefevre.kevin@gmail.com>

Documentation

• update README to reflect v5 (5503067)

Feature

• remove eks-namespaces modules (0f94f7e)

v4.0.1

4.0.1 (2019-12-02)

Bug Fixes

• missing variable (90027cd)

v4.0.0

4.0.0 (2019-12-02)

Breaking Changes

• remove providers (7e2fc15)

BREAKING CHANGES:

remove providers.tf. This is best pratice and allow for further
customization without touching the core modules

Signed-off-by: Kevin Lefevre <lefevre.kevin@gmail.com>

v3.11.0

3.11.0 (2019-11-26)

Feature

• eks-addons: bump tiller to v2.16.1 (0ebb8ff)
• eks-addons: fix arbitrary default selector (85f2bbe)

v3.10.4

3.10.4 (2019-11-13)

Bug Fixes

• add eks-namespace output (73858db)