Skip to main content
← Back to index page


Update EKS basic components

What && why

Update EKS cluster and basic Kubernetes components for better behavior on initial deployment and on terraform destroy.

  • Update minimum Terraform version to 1.1.0 and use one() where applicable to manage resources that can be disabled with count = 0 and for bug fixes regarding destroy behavior
  • Update terraform-aws-eks-cluster to v2.5.0 for better destroy behavior
  • Update all components' (plus account-map/modules/)remote-state to v1.2.0 for better destroy behavior
  • Update all components' helm-release to v0.7.0 and move namespace creation via Kubernetes provider into it to avoid race conditions regarding creating IAM roles, Namespaces, and deployments, and to delete namespaces when destroyed
  • Update alb-controller to deploy a default IngressClass for central, obvious configuration of shared default ingress for services that do not have special needs.
  • Add alb-controller-ingress-class for the rare case when we want to deploy a non-default IngressClass outside of the component that will be using it
  • Update echo-server to use the default IngressClass and not specify any configuration that affects other Ingresses, and remove dependence on alb-controller-ingress-group (which should be deprecated in favor of alb-controller-ingress-class and perhaps a specialized future alb-controller-ingress)
  • Update cert-manager to remove (which had a lot of settings) and add dependencies so that initial deployment succeeds in one terraform apply and destroy works in one terraform destroy
  • Update external-dns to remove (which had a lot of settings)
  • Update karpenter to v0.18.0, fix/update IAM policy (README still needs work, but leaving that for another day)
  • Update karpenter-provisioner to require Terraform 1.3 and make elements of the Provisioner configuration optional. Support block device mappings (previously broken). Avoid perpetual Terraform plan diff/drift caused by setting fields to null.
  • Update reloader
  • Update mixins/provider-helm to better support terraform destroy and to default the Kubernetes client authentication API version to



Pull Requests