- Support for the ENI_CONFIG_LABEL_DEF environment variable #411
- feat(nodegroup): Support encryption of the root block device for nodes #407
- fix(ex/default-sg): rm Output tag values per string type reqs #404
- nodegroup(asgName): fix asgName definition #401
- Cutting new release to include missing generated API docs from v0.19.1
- feat(nodegroup): add opt to attach extra security groups #390
- feat(cluster): add encryptionConfigKeyArn opt to encrypt k8s Secrets #389
For a more detailed list of the changes introduced in this release, please visit #381.
- fix(dashboard): disable dashboard from deploying if not set #378
- fix(cluster): use scoped kubeconfig with non-default AWS credentials #367
- Update node & go pulumi deps to 2.0 #375
- fix(aws): rm sync invokes for AWS data source calls #373
- refactor(aws-auth): replace aws-iam-authenticator with aws eks get-token
#362
- Note: for existing clusters, this change will recompute the kubeconfig
used, as its auth arguments and settings get updated to work with
aws eks get-token. It should not affect cluster access or cause replacements of existing k8s resources.
- Note: for existing clusters, this change will recompute the kubeconfig
used, as its auth arguments and settings get updated to work with
- feat(nodegroup): use the latest recommended AMIs from the SSM store #366
- feat(cluster): support HTTP(S) proxy for cluster readiness & OIDC config #365
- deps(pulumi): bump node and go pulumi/pulumi to v1.13.1 #361
- feat(cluster): add getKubeconfig method to generate scoped kubeconfigs #356
- fix(oidc): Fix issue in OIDC getThumbprint helper function #346
- fix(oidc): use thumbprint of the intermediate root CA #342
- update(cni): update from v1.5.3 -> v1.6.0 #325
- fix(storageClasses): fix userStorageClass initialization #336
- feat(cluster): allow optional configuration of cluster name #322
- feat(identity): add support to setup OIDC provider #320
- Refactor managed nodegroup API and require its role be provided to the cluster #302
- Update pulumi/pulumi and re-enable withUpdate tests #327
- Fix js-yaml dependency changes in pulumi/k8s #324
- Unblock CI by disabling debug logging, rm unnecessary tests, and fixing broken tests #309
- feat(cluster): Support public access controls #295
- feat(cluster): Add cluster tagging #262
- refactor(vpcCni): set node anti-affinity to not deploy to fargate #291
- build: Upgrade to go1.13.4 #290
- feat(nodes): add support for Fargate #283
- feat(nodes): add createManagedNodeGroup #280
- fix(vpc-cni): allow logLevel & logFile to be set, or defaulted if not #274
- Update pulumi to 1.4.0 #270
- refactor(cluster): allow ClusterOptions to accept NodeGroupOptions #259
- Add new publicSubnetIds and privateSubnetIds cluster options. Also, update tests to use new awsx.ec2.Vpc API and new subnet options #238
- fix(iam): improve YAML error handling & reporting in IAM ops #231
- feat(iam): create eks cluster & resources with iam role provider #205
- fix(cni): read CNI YAML outside of the dynamic provider and update to v1.5.3 #223
- Revert "fix(cni): modify CNI filepath to store the relative path" #220
- Fix and improve migrate-nodegroup test (bump CNI from
v1.5.0->v1.5.2) #214 - fix(asgName): check 'NodeGroup' CFStack output key exists #213
- chore(cluster): add deprecation for kube-dashboard, customInstanceRolePolicy #202
- feat(storage-classes): export all user created storage classes #172
- update(eks): add example of migrating node groups with zero downtime #195
- refactor(secgroup): export createNodeGroupSecurityGroup & consolidate rules #183
- wait for EKS cluster endpoint to be available #193
- fix(cluster): support configuring private and public endpoint access #154
- fix(cluster): support passing additional arguments to /etc/eks/bootstrap.sh and --kubelet-extra-args #181
-
Default to a node AMI that matches the cluster version #175
-
fix(tags): rm ASG tag dupes, and consider tag inheritance for all tags #162
-
fix(nodegroup): make VPN-only subnets private #163
-
feature(cluster): Allow service role and instance profile to be injected during cluster creation #159
- ci(aws-iam-authenticator): use official S3 bucket to install bin #166
- fix(tags): change map types used in all tags to pulumi.Inputs of the map #157
- fix(cluster): expose instanceRoles #155
- tests(cluster): enable test to replace cluster by adding more subnets #150
- update(aws-k8s-cni): move from 1.4.1 -> 1.5.0 #148
- fix(cluster): rm dupe default storage class #136
- Expand nodejs SDK tests coverage, and add Kubernetes Smoke Tests for examples & tests #130
- update(aws-k8s-cni): move from 1.3.0 -> 1.4.1 #134
- fix(cluster): export missing instanceRoles in the cluster's CoreData #133
- fix(nodeSecurityGroupTags): only expose option through Cluster class #126
- fix(secgroups): do not null out ingress & egress
#128
- Note: This PR reverses the default null values used for the
ingress and egress in-line rules of the secgroups, introduced in
v0.18.3. The null default was required to move to standalone secgroup rules, but it has introduced issues, and thus is being removed in this PR. - Upgrade Path - This is a breaking change unless you do the following steps:
- If using >=
v0.18.3: update using the typical package update path. - If using <=
v0.18.2:- First, update your cluster from using your current version to
v0.18.4. - Next, update your cluster from
v0.18.4tov0.18.5(or higher) using the typical package update path.
- First, update your cluster from using your current version to
- If using >=
- Note: This PR reverses the default null values used for the
ingress and egress in-line rules of the secgroups, introduced in
- feat(tags): Set default tags & add opts: tags, and other resource tags #122
- feat(control plane logging): Enable control plane logging to cloudwatch. #100.
- fix(ami): only apply AMI smart-default selection on creation #114
- fix(secgroups): use standalone secgroup rules instead of in-line rules #109. Note, because we are replacing existing in-line secgroup rules with standalone rules, there may be a brief period of outage where the security group rules are removed before they get added back. This update happens in a matter of seconds (~5 sec), so any interruptions are short-lived.
- fix(nodegroup): filter on x86_64 arch for node AMI #112
- feat(nodePools): support per-nodegroup IAM instance roles #98
- Moves to the new 0.18.0 version of
@pulumi/aws. Version 0.18.0 ofpulumi-awsis now based on v2.2.0 of the AWS Terraform Provider, which has a variety of breaking changes from the previous version. See documentation in@pulumi/awsrepo for more details.
- Fix a bug where the regex used to retrieve Worker Node AMIs was not returning correct AMIs when either: specifying the master / control plane version, or relying on smart defaults of the lastest available image. #92
- feat(workers): add 'nodeAssociatePublicIpAddress' to toggle public IPs #81
- fix(getAmi): allow setting master version & explicitly filter Linux AMIs
#85
- Fix a bug where the wrong AMI was being returned due to a loosely defined regex.
- Add support for setting the master / control plane version of the cluster.
- Re-cut 0.17.1 as 0.17.2, due to a broken master branch caused by a pushed tag publishing the NPM package before master was able to.
- Support for
taintsonNodeGroups. #63
- Depend on latest version of
@pulumi/pulumito get more precise delete before create semantics #46
- Expose the AutoScalingGroup on NodeGroups. #53
- Fix a bug where
desiredCapacitywas not being handled correctly. #55
- Support for multiple Worker
NodeGroups connected to a single EKS cluster. #39 - Support for Spot instances in
NodeGroups. #49 - Support for adding cutom policies to node
InstanceRole. #49 - Support for adding labels to each instance in a
NodeGroup. #49
- Allow configuring the subnets that worker nodes use.
- Improve detection of public vs. private subnets.