[eks/cluster] Add support for BottleRocket and EFS add-on
What
- Add support for EKS EFS add-on
- Better support for Managed Node Group's Block Device Storage
- Deprecate and ignore
aws_teams_rbac
and remove identity
roles from aws-auth
- Support
eks/cluster
provisioning EC2 Instance Profile for Karpenter nodes (disabled by default via legacy flags) - More options for specifying Availability Zones
- Deprecate
eks/ebs-controller
and eks/efs-controller
- Deprecate
eks/eks-without-spotinst
Why
- Support EKS add-ons, follow-up to
- Support BottleRocket,
gp3
storage, and provisioned iops and throughput - Feature never worked
- Avoid specific failure mode when deleting and recreating an EKS cluster
- Maintain feature parity with
vpc
component - Replace with add-ons
- Was not being maintained or used
upstream `api-gateway` and `api-gateway-settings`
What
- Upstream api-gateway and it's corresponding settings component
Added new variable into `argocd-repo` component to configure ArgoCD's `ignore-differences`
What
- Added new variable into
argocd-repo
component to configure ArcoCD ignore-differences
Why
- There are cases when application and/or third-party operators might want to change k8s API objects. For example,
change the number of replicas in deployment. This will conflict with ArgoCD application because the ArgoCD controller
will spot drift and will try to make an application in sync with the codebase.
References
Spacelift `admin-stack` `var.description`
What
- added missing description option
Why
- Variable is defined, but never passed to the modules
References
n/a
Use s3_object_ownership variable
What
- Pass s3_object_ownership variable into s3 module
Why
- I think it was accidentally not included
- Make possible to disable ACL from stack config
References
`bastion` support for `availability_zones` and public IP and subnets
What
- Add support for
availability_zones
- Fix issue with public IP and subnets
tflint
requirements -- removed all unused locals, variables, formatting
Why
- All instance types are not available in all AZs in a region
- Bug fix
References
Aurora Resource Submodule Requirements
What
- Removed unnecessary requirement for aurora resources for the service name not to equal the user name for submodules of
both aurora resource components
Why
- This conditional doesn't add any value besides creating an unnecessary restriction. We should be able to create a user
name as the service name if we want
References
fix: restore notifications config in argocd
What
- Restore ssm configuration options for argocd notifications
Why
- notifications were not firing and tasks time out in some installations
Upstream `spa-s3-cloudfront`
What
- Update module
- Add Cloudfront Invalidation permission to GitHub policy
Why
- Corrected bug in the module
- Allow GitHub Actions to run invalidations
References
Upstream `spa-s3-cloudfront`
What
- Upstream changes to
spa-s3-cloudfront
Why
- Updated the included modules to support Terraform v5
- Handle disabled WAF from remote-state
References
🚀 Enhancements
[vpc] bugfix, [aurora-postgres] & [cloudtrail-bucket] Tflint fixes
What
- [vpc]: disable vpc_endpoints when enabled = false
- [aurora-postgres]: ensure variables have explicit types
- [cloudtrail-bucket]: ensure variables have explicit types
Why
- bugfix
- tflint fix
- tflint fix
Update `alb` component
What
Why
- Fixes after provisioning and testing on AWS
`elasticsearch` DNS Component Lookup
What
- add environment for
dns-delegated
component lookup
Why
elasticsearch
is deployed in a regional environment, but dns-delegated
is deployed to gbl
References
Bump `lambda-elasticsearch-cleanup` module
What
- bump version of
lambda-elasticsearch-cleanup
module
Why
- Support Terraform provider v5
References
Bump ECS cluster module -lobur
What
- Update ECS cluster module
Why
Bump `elasticache-redis` Module
What
- Bump
elasticache-redis
module
Why
- Resolve issues with terraform provider v5
References
Aurora Postgres Enhanced Monitoring Input
What
- Added
enhanced_monitoring_attributes
as option - Set default
aurora-mysql
component name
Why
- Set this var with a custom value to avoid IAM role length restrictions (default unchanged)
- Set common value as default
References
feat: acm no longer requires zone
What
acm
only looks up zones if process_domain_validation_options
is true
Why
- Allow external validation of acm certs
`alb` and `ssm-parameters` Upstream for Basic Use
What
alb
component can get the ACM cert from either dns-delegated
or acm
- Support deploying
ssm-parameters
without SOPS waf
requires a value for visibility_config
in the stack catalog
Why
- resolving bugs while deploying example components
References
fix: argocd flags, versions, and expressions
What
- adjust expressions in argocd
- update helmchart module
- tidy up variables
Why