[eks/cluster] Add support for BottleRocket and EFS add-on
What
- Add support for EKS EFS add-on
- Better support for Managed Node Group's Block Device Storage
- Deprecate and ignore
aws_teams_rbac and remove identity roles from aws-auth - Support
eks/cluster provisioning EC2 Instance Profile for Karpenter nodes (disabled by default via legacy flags) - More options for specifying Availability Zones
- Deprecate
eks/ebs-controller and eks/efs-controller - Deprecate
eks/eks-without-spotinst
Why
- Support EKS add-ons, follow-up to
- Support BottleRocket,
gp3 storage, and provisioned iops and throughput - Feature never worked
- Avoid specific failure mode when deleting and recreating an EKS cluster
- Maintain feature parity with
vpc component - Replace with add-ons
- Was not being maintained or used
upstream `api-gateway` and `api-gateway-settings`
What
- Upstream api-gateway and it's corresponding settings component
Added new variable into `argocd-repo` component to configure ArgoCD's `ignore-differences`
What
- Added new variable into
argocd-repo component to configure ArcoCD ignore-differences
Why
- There are cases when application and/or third-party operators might want to change k8s API objects. For example,
change the number of replicas in deployment. This will conflict with ArgoCD application because the ArgoCD controller
will spot drift and will try to make an application in sync with the codebase.
References
Spacelift `admin-stack` `var.description`
What
- added missing description option
Why
- Variable is defined, but never passed to the modules
References
n/a
Use s3_object_ownership variable
What
- Pass s3_object_ownership variable into s3 module
Why
- I think it was accidentally not included
- Make possible to disable ACL from stack config
References
`bastion` support for `availability_zones` and public IP and subnets
What
- Add support for
availability_zones - Fix issue with public IP and subnets
tflint requirements -- removed all unused locals, variables, formatting
Why
- All instance types are not available in all AZs in a region
- Bug fix
References
Aurora Resource Submodule Requirements
What
- Removed unnecessary requirement for aurora resources for the service name not to equal the user name for submodules of
both aurora resource components
Why
- This conditional doesn't add any value besides creating an unnecessary restriction. We should be able to create a user
name as the service name if we want
References
fix: restore notifications config in argocd
What
- Restore ssm configuration options for argocd notifications
Why
- notifications were not firing and tasks time out in some installations
Upstream `spa-s3-cloudfront`
What
- Update module
- Add Cloudfront Invalidation permission to GitHub policy
Why
- Corrected bug in the module
- Allow GitHub Actions to run invalidations
References
Upstream `spa-s3-cloudfront`
What
- Upstream changes to
spa-s3-cloudfront
Why
- Updated the included modules to support Terraform v5
- Handle disabled WAF from remote-state
References
🚀 Enhancements
[vpc] bugfix, [aurora-postgres] & [cloudtrail-bucket] Tflint fixes
What
- [vpc]: disable vpc_endpoints when enabled = false
- [aurora-postgres]: ensure variables have explicit types
- [cloudtrail-bucket]: ensure variables have explicit types
Why
- bugfix
- tflint fix
- tflint fix
Update `alb` component
What
Why
- Fixes after provisioning and testing on AWS
`elasticsearch` DNS Component Lookup
What
- add environment for
dns-delegated component lookup
Why
elasticsearch is deployed in a regional environment, but dns-delegated is deployed to gbl
References
Bump `lambda-elasticsearch-cleanup` module
What
- bump version of
lambda-elasticsearch-cleanup module
Why
- Support Terraform provider v5
References
Bump ECS cluster module -lobur
What
- Update ECS cluster module
Why
Bump `elasticache-redis` Module
What
- Bump
elasticache-redis module
Why
- Resolve issues with terraform provider v5
References
Aurora Postgres Enhanced Monitoring Input
What
- Added
enhanced_monitoring_attributes as option - Set default
aurora-mysql component name
Why
- Set this var with a custom value to avoid IAM role length restrictions (default unchanged)
- Set common value as default
References
feat: acm no longer requires zone
What
acm only looks up zones if process_domain_validation_options is true
Why
- Allow external validation of acm certs
`alb` and `ssm-parameters` Upstream for Basic Use
What
alb component can get the ACM cert from either dns-delegated or acm- Support deploying
ssm-parameters without SOPS waf requires a value for visibility_config in the stack catalog
Why
- resolving bugs while deploying example components
References
fix: argocd flags, versions, and expressions
What
- adjust expressions in argocd
- update helmchart module
- tidy up variables
Why