Releases: particuleio/teks
Kubernetes 1.23
Notable changes
- Loki charts has been upgrade to v3 and is now distributed
- Bottlerocket v1.9
- EKS Kubernetes 1.23
- All modules and dependecnies upgraded to latest
Thanks to everyone for reporting issues 💯
What's Changed
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v8.1.1 by @renovate in #109
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.26.6 by @renovate in #104
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v8.2.1 by @renovate in #111
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9 by @renovate in #112
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.27.1 by @renovate in #113
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.28.0 by @renovate in #114
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9.1.0 by @renovate in #116
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.29.0 by @renovate in #117
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-aws-kms to v1.2.0 by @renovate in #118
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9.2.0 by @renovate in #119
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.14.3 by @renovate in #120
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.14.4 by @renovate in #121
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9.3.0 by @renovate in #122
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9.3.1 by @renovate in #123
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v9.4.0 by @renovate in #127
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.15.0 by @renovate in #129
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.29.1 by @renovate in #130
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.16.0 by @renovate in #131
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.30.0 by @renovate in #137
- fix: iam_role statement can't find global_values.yaml by @applike-ss in #133
New Contributors
- @applike-ss made their first contribution in #133
Full Changelog: v8.0.0...v9.0.0
v8.0.0: Native ASG tags, control plane subnets, bottlerocket 1.8
Notable changed
- Dropped AL2 EKS AMI, only Bottlerocket is present now
- use native terraform resources to tag ASG and node groups for cluster autoscaler to and from 0 scaling
- upgrade default kubernetes version to 1.22
- upgrade all EKS addons to latest
What's Changed
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v4.1.0 by @renovate in #46
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.11.5 by @renovate in #44
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.2.4 by @renovate in #45
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.2.7 by @renovate in #47
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v4.2.0 by @renovate in #48
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.12.0 by @renovate in #50
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.5.0 by @renovate in #49
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.7.1 by @renovate in #53
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v4.3.0 by @renovate in #52
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.7.2 by @renovate in #55
- chore(ci): update actions/setup-python action to v3 by @renovate in #57
- chore(ci): update actions/setup-node action to v3 by @renovate in #56
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.8.1 by @renovate in #60
- chore(ci): update actions/checkout action to v3 by @renovate in #58
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.9.0 by @renovate in #61
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.13.0 by @renovate in #64
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.10.0 by @renovate in #65
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.15.0 by @renovate in #68
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v4.5.0 by @renovate in #66
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5 by @renovate in #69
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.17.0 by @renovate in #70
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.14.0 by @renovate in #71
- Fix README.md links by @svg153 in #76
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.20.2 by @renovate in #77
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5.2.0 by @renovate in #78
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.20.4 by @renovate in #79
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.20.5 by @renovate in #80
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5.3.0 by @renovate in #81
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5.3.1 by @renovate in #82
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5.3.2 by @renovate in #83
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.21.0 by @renovate in #84
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v5.4.0 by @renovate in #85
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v6 by @renovate in #86
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v6.1.0 by @renovate in #87
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v6.2.0 by @renovate in #88
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.22.0 by @renovate in #89
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.23.0 by @renovate in #90
- chore(ci): update pre-commit/action action to v3 by @renovate in #91
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-aws-kms to v1.1.0 by @renovate in #95
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.14.1 by @renovate in #96
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.24.0 by @renovate in #97
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.24.1 by @renovate in #98
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-vpc to v3.14.2 by @renovate in #99
- feat(tf): update terragrunt dependency github.com/particuleio/terraform-kubernetes-addons to v7 by @renovate in #94
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.26.0 by @renovate in #102
- feat(tf): update terragrunt dependency github.com/terraform-aws-modules/terraform-aws-eks to v18.26.1 by @renovate in #103
- prep release by @ArchiFleKs in #108
New Contributors
- @svg153 made their first contribution in #76
- @ArchiFleKs made their first contribution in #108
Full Changelog: v7.0.0...v8.0.0
v7.0.0 : 2022, Bottlerocket, full encryption, SSM and more
This is a major release, it took some time to have something clean. Lot's of changes.
Check out the full README for more details on new features
Quickstart
Check out the QUICKSTART guide to get started right away
Upstream modules
This release now use the latest Terraform AWS EKS module in version 18 which had a lot of breaking changes
Bottlerocket support
Bottlerocket OS is available for node groups (see example here). Bottlerocket is a container centric OS with less attack surface and no default shell.
AWS Session Manager support
All the instances (Bottlerocket or Amazon Linux) are registered with AWS Session Manager. No SSH keys or SSH access is open on instances. Shell access on every instance can be given with SSM for added security.
aws ssm start-session --target INSTANCE_ID
From and to Zero scaling with EKS Managed Node Groups
tEKS support scaling to and from 0, even with using well know Kubernetes labels, there are a number of ongoing issues for support of EKS Managed node groups with Cluster Autoscaler. Thanks to automatic ASG tagging, tEKS adds the necessary tags on autoscaling group to balance similar node groups and allow you to scale to and from 0 and even to use well know labels such as node.kubernetes.io/instance-type
or topology.kubernetes.io/zone
. The logic can be extended to support other well known labels.
Automatic dependencies upgrade
We are using renovate to automatically open PR with the latest dependencies update (Terraform modules upgrade) so you never miss an upgrade and are always up to date with the latest features.
Enforced security
- Encryption by default for root volume on instances with Custom KMS Key
- AWS EBS CSI volumes encrypted by default with Custom KMS Key
- No IAM credentials on instances, everything is enforced with IRSA.
- Each addons is deployed in it's own namespace with sensible default network policies.
- Calico Tigera Operator for network policy.
- PSP are enabled but not enforced because of depreciation.
Out of the box logging
Three stacks are supported:
- AWS for Fluent Bit: Forward containers logs to Cloudwatch Logs
- Grafana Loki: Uses Promtail to forward logs to Loki. Grafana or a tEKS supported monitoring stack (see below) is necessary to display logs.
Out of the box monitoring
- Prometheus Operator with defaults dashboards
- Addons that support metrics are enable along with their
serviceMonitor
- Custom grafana dashboard are available by default
Two stacks are supported:
- Victoria Metrics Stack: Victoria Metrics is a Prometheus alertnative, compatible with prometheus CRDs
- Kube Prometheus Stack: Classic Prometheus Monitoring
Long term storage with Thanos
With Prometheus, tEKS includes Thanos by default. Thanos uses S3 to store and query metrics, offering long term storage without the costs. For more information check out our article on the CNCF Blog
Support for ARM instances
With either Amazon Linux or BottleRocket, you can use a mix of ARM and AMD64 instances. Check out our example
v6.0.0: Helm v3, IRSA, PSP and more
This is a major release, it took some time to have something clean. Lot's of changes.
Documentation
Documentation is on it's way here. If someone wants to help with that I'm opened ;)
Upstream module and dependencies
Kubectl provider
terraform-provider-kubectl
is now used to handle custom manifests which work way better than local-exec.
Helm v3
- All the addons now support Helm v3 and have been tested with
terraform-provider-helm
v1 - More consistent defaults that will make it easier to add or remove feature
Monitoring
- When
prometheus-operator
is enabled, metrics andserviceMonitor
on every other enabled addons that supports it will be enabled. - In addition of the defaults grafana dashboards,
nginx-ingress
,cluster-autoscaler
andkong
dashboard are now shipped with Grafana out of the box
IAM permission
- Addons that required specific IAM permission can now use IRSA which is the default and recommended way .
- KIAM is still available but is not the default.
Pod Security Policy
- default eks privileged PSP is removed, see
- more sensible defaults psp are added (default and privileged)
kube-system
can use privileged psp by default- added the possibility to make specific namespaces "privileged"
- All addons have specific PSP enabled
Network Policy
- Support Calico
- Addons are deployed into their own namespaces
- Each addons has a default curated network policy
Priority Classes
- make use of priority classes to ensure addons are schedule
- make use of priority classes to ensure addons daemonset have higher priority that default addons that can be scheduled anywhere
Deprecated addons
- istio has been removed because Helm chart is going to be deprecated and istio-operator has been added instead.
- rancher has been removed.
v5.1.0
v5.0.0
5.0.0 (2019-12-05)
Breaking Changes
- remove eks addons module (33c70ae)
BREAKING CHANGE: eks addons module is now in its own repository
https://github.com/clusterfrak-dynamics/terraform-kubernetes-addons
Signed-off-by: Kevin Lefevre <[email protected]>
- remove eks module (f242d18)
BREAKING CHANGE: eks module is now in its own repository
https://github.com/clusterfrak-dynamics/terraform-kubernetes-eks
Signed-off-by: Kevin Lefevre <[email protected]>
Documentation
- update README to reflect v5 (5503067)
Feature
- remove eks-namespaces modules (0f94f7e)
v4.0.1
v4.0.0
4.0.0 (2019-12-02)
Breaking Changes
- remove providers (7e2fc15)
BREAKING CHANGES:
remove providers.tf. This is best pratice and allow for further
customization without touching the core modules
Signed-off-by: Kevin Lefevre <[email protected]>