xpk/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/terraform-aws-modules/terraform-aws-eks.git synced 2025-09-09 19:32:58 +08:00
Code Activity
Files
3cd819f42216dae3fb684832b1900a0d6f572f69
terraform-aws-eks/UPGRADE-20.0/index.html
T
GitHub Action 75db459071 Deployed 4fe03ae with MkDocs version: 1.6.1
2025-01-17 17:00:24 +00:00

832 lines
54 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="canonical" href="https://terraform-aws-modules/terraform-aws-eks/UPGRADE-20.0/">
<link rel="prev" href="../UPGRADE-19.0/">
<link rel="next" href="../compute_resources/">
<link rel="icon" href="../assets/logo.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.26">
<title>Upgrade from v19.x to v20.x - Terraform AWS EKS</title>
<link rel="stylesheet" href="../assets/stylesheets/main.6543a935.min.css">
<link rel="stylesheet" href="../assets/stylesheets/palette.06af60db.min.css">
<style>:root{--md-admonition-icon--note:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M1 7.775V2.75C1 1.784 1.784 1 2.75 1h5.025c.464 0 .91.184 1.238.513l6.25 6.25a1.75 1.75 0 0 1 0 2.474l-5.026 5.026a1.75 1.75 0 0 1-2.474 0l-6.25-6.25A1.752 1.752 0 0 1 1 7.775Zm1.5 0c0 .066.026.13.073.177l6.25 6.25a.25.25 0 0 0 .354 0l5.025-5.025a.25.25 0 0 0 0-.354l-6.25-6.25a.25.25 0 0 0-.177-.073H2.75a.25.25 0 0 0-.25.25ZM6 5a1 1 0 1 1 0 2 1 1 0 0 1 0-2Z"/></svg>');--md-admonition-icon--abstract:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M2.5 1.75v11.5c0 .138.112.25.25.25h3.17a.75.75 0 0 1 0 1.5H2.75A1.75 1.75 0 0 1 1 13.25V1.75C1 .784 1.784 0 2.75 0h8.5C12.216 0 13 .784 13 1.75v7.736a.75.75 0 0 1-1.5 0V1.75a.25.25 0 0 0-.25-.25h-8.5a.25.25 0 0 0-.25.25Zm13.274 9.537v-.001l-4.557 4.45a.75.75 0 0 1-1.055-.008l-1.943-1.95a.75.75 0 0 1 1.062-1.058l1.419 1.425 4.026-3.932a.75.75 0 1 1 1.048 1.074ZM4.75 4h4.5a.75.75 0 0 1 0 1.5h-4.5a.75.75 0 0 1 0-1.5ZM4 7.75A.75.75 0 0 1 4.75 7h2a.75.75 0 0 1 0 1.5h-2A.75.75 0 0 1 4 7.75Z"/></svg>');--md-admonition-icon--info:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"/></svg>');--md-admonition-icon--tip:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M3.499.75a.75.75 0 0 1 1.5 0v.996C5.9 2.903 6.793 3.65 7.662 4.376l.24.202c-.036-.694.055-1.422.426-2.163C9.1.873 10.794-.045 12.622.26 14.408.558 16 1.94 16 4.25c0 1.278-.954 2.575-2.44 2.734l.146.508.065.22c.203.701.412 1.455.476 2.226.142 1.707-.4 3.03-1.487 3.898C11.714 14.671 10.27 15 8.75 15h-6a.75.75 0 0 1 0-1.5h1.376a4.484 4.484 0 0 1-.563-1.191 3.835 3.835 0 0 1-.05-2.063 4.647 4.647 0 0 1-2.025-.293.75.75 0 0 1 .525-1.406c1.357.507 2.376-.006 2.698-.318l.009-.01a.747.747 0 0 1 1.06 0 .748.748 0 0 1-.012 1.074c-.912.92-.992 1.835-.768 2.586.221.74.745 1.337 1.196 1.621H8.75c1.343 0 2.398-.296 3.074-.836.635-.507 1.036-1.31.928-2.602-.05-.603-.216-1.224-.422-1.93l-.064-.221c-.12-.407-.246-.84-.353-1.29a2.425 2.425 0 0 1-.507-.441 3.075 3.075 0 0 1-.633-1.248.75.75 0 0 1 1.455-.364c.046.185.144.436.31.627.146.168.353.305.712.305.738 0 1.25-.615 1.25-1.25 0-1.47-.95-2.315-2.123-2.51-1.172-.196-2.227.387-2.706 1.345-.46.92-.27 1.774.019 3.062l.042.19a.884.884 0 0 1 .01.05c.348.443.666.949.94 1.553a.75.75 0 1 1-1.365.62c-.553-1.217-1.32-1.94-2.3-2.768L6.7 5.527c-.814-.68-1.75-1.462-2.692-2.619a3.737 3.737 0 0 0-1.023.88c-.406.495-.663 1.036-.722 1.508.116.122.306.21.591.239.388.038.797-.06 1.032-.19a.75.75 0 0 1 .728 1.31c-.515.287-1.23.439-1.906.373-.682-.067-1.473-.38-1.879-1.193L.75 5.677V5.5c0-.984.48-1.94 1.077-2.664.46-.559 1.05-1.055 1.673-1.353V.75Z"/></svg>');--md-admonition-icon--success:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M13.78 4.22a.75.75 0 0 1 0 1.06l-7.25 7.25a.75.75 0 0 1-1.06 0L2.22 9.28a.751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018L6 10.94l6.72-6.72a.75.75 0 0 1 1.06 0Z"/></svg>');--md-admonition-icon--question:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.92 6.085h.001a.749.749 0 1 1-1.342-.67c.169-.339.436-.701.849-.977C6.845 4.16 7.369 4 8 4a2.756 2.756 0 0 1 1.637.525c.503.377.863.965.863 1.725 0 .448-.115.83-.329 1.15-.205.307-.47.513-.692.662-.109.072-.22.138-.313.195l-.006.004a6.24 6.24 0 0 0-.26.16.952.952 0 0 0-.276.245.75.75 0 0 1-1.248-.832c.184-.264.42-.489.692-.661.103-.067.207-.132.313-.195l.007-.004c.1-.061.182-.11.258-.161a.969.969 0 0 0 .277-.245C8.96 6.514 9 6.427 9 6.25a.612.612 0 0 0-.262-.525A1.27 1.27 0 0 0 8 5.5c-.369 0-.595.09-.74.187a1.01 1.01 0 0 0-.34.398ZM9 11a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z"/></svg>');--md-admonition-icon--warning:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M6.457 1.047c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0 1 14.082 15H1.918a1.75 1.75 0 0 1-1.543-2.575Zm1.763.707a.25.25 0 0 0-.44 0L1.698 13.132a.25.25 0 0 0 .22.368h12.164a.25.25 0 0 0 .22-.368Zm.53 3.996v2.5a.75.75 0 0 1-1.5 0v-2.5a.75.75 0 0 1 1.5 0ZM9 11a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z"/></svg>');--md-admonition-icon--failure:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M2.344 2.343h-.001a8 8 0 0 1 11.314 11.314A8.002 8.002 0 0 1 .234 10.089a8 8 0 0 1 2.11-7.746Zm1.06 10.253a6.5 6.5 0 1 0 9.108-9.275 6.5 6.5 0 0 0-9.108 9.275ZM6.03 4.97 8 6.94l1.97-1.97a.749.749 0 0 1 1.275.326.749.749 0 0 1-.215.734L9.06 8l1.97 1.97a.749.749 0 0 1-.326 1.275.749.749 0 0 1-.734-.215L8 9.06l-1.97 1.97a.749.749 0 0 1-1.275-.326.749.749 0 0 1 .215-.734L6.94 8 4.97 6.03a.751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018Z"/></svg>');--md-admonition-icon--danger:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M9.504.43a1.516 1.516 0 0 1 2.437 1.713L10.415 5.5h2.123c1.57 0 2.346 1.909 1.22 3.004l-7.34 7.142a1.249 1.249 0 0 1-.871.354h-.302a1.25 1.25 0 0 1-1.157-1.723L5.633 10.5H3.462c-1.57 0-2.346-1.909-1.22-3.004L9.503.429Zm1.047 1.074L3.286 8.571A.25.25 0 0 0 3.462 9H6.75a.75.75 0 0 1 .694 1.034l-1.713 4.188 6.982-6.793A.25.25 0 0 0 12.538 7H9.25a.75.75 0 0 1-.683-1.06l2.008-4.418.003-.006a.036.036 0 0 0-.004-.009l-.006-.006-.008-.001c-.003 0-.006.002-.009.004Z"/></svg>');--md-admonition-icon--bug:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M4.72.22a.75.75 0 0 1 1.06 0l1 .999a3.488 3.488 0 0 1 2.441 0l.999-1a.748.748 0 0 1 1.265.332.75.75 0 0 1-.205.729l-.775.776c.616.63.995 1.493.995 2.444v.327c0 .1-.009.197-.025.292.408.14.764.392 1.029.722l1.968-.787a.75.75 0 0 1 .556 1.392L13 7.258V9h2.25a.75.75 0 0 1 0 1.5H13v.5c0 .409-.049.806-.141 1.186l2.17.868a.75.75 0 0 1-.557 1.392l-2.184-.873A4.997 4.997 0 0 1 8 16a4.997 4.997 0 0 1-4.288-2.427l-2.183.873a.75.75 0 0 1-.558-1.392l2.17-.868A5.036 5.036 0 0 1 3 11v-.5H.75a.75.75 0 0 1 0-1.5H3V7.258L.971 6.446a.75.75 0 0 1 .558-1.392l1.967.787c.265-.33.62-.583 1.03-.722a1.677 1.677 0 0 1-.026-.292V4.5c0-.951.38-1.814.995-2.444L4.72 1.28a.75.75 0 0 1 0-1.06Zm.53 6.28a.75.75 0 0 0-.75.75V11a3.5 3.5 0 1 0 7 0V7.25a.75.75 0 0 0-.75-.75ZM6.173 5h3.654A.172.172 0 0 0 10 4.827V4.5a2 2 0 1 0-4 0v.327c0 .096.077.173.173.173Z"/></svg>');--md-admonition-icon--example:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M5 5.782V2.5h-.25a.75.75 0 0 1 0-1.5h6.5a.75.75 0 0 1 0 1.5H11v3.282l3.666 5.76C15.619 13.04 14.543 15 12.767 15H3.233c-1.776 0-2.852-1.96-1.899-3.458Zm-2.4 6.565a.75.75 0 0 0 .633 1.153h9.534a.75.75 0 0 0 .633-1.153L12.225 10.5h-8.45ZM9.5 2.5h-3V6c0 .143-.04.283-.117.403L4.73 9h6.54L9.617 6.403A.746.746 0 0 1 9.5 6Z"/></svg>');--md-admonition-icon--quote:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path d="M1.75 2.5h10.5a.75.75 0 0 1 0 1.5H1.75a.75.75 0 0 1 0-1.5Zm4 5h8.5a.75.75 0 0 1 0 1.5h-8.5a.75.75 0 0 1 0-1.5Zm0 5h8.5a.75.75 0 0 1 0 1.5h-8.5a.75.75 0 0 1 0-1.5ZM2.5 7.75v6a.75.75 0 0 1-1.5 0v-6a.75.75 0 0 1 1.5 0Z"/></svg>');}</style>
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=ember:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"ember";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="deep-purple" data-md-color-accent="indgo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#upgrade-from-v19x-to-v20x" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
</div>
<header class="md-header md-header--shadow md-header--lifted" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href=".." title="Terraform AWS EKS" class="md-header__button md-logo" aria-label="Terraform AWS EKS" data-md-component="logo">
<img src="../assets/terraform-aws.png" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Terraform AWS EKS
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Upgrade from v19.x to v20.x
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/terraform-aws-modules/terraform-aws-eks" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
</div>
<div class="md-source__repository">
terraform-aws-eks
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href=".." title="Terraform AWS EKS" class="md-nav__button md-logo" aria-label="Terraform AWS EKS" data-md-component="logo">
<img src="../assets/terraform-aws.png" alt="logo">
</a>
Terraform AWS EKS
</label>
<div class="md-nav__source">
<a href="https://github.com/terraform-aws-modules/terraform-aws-eks" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
</div>
<div class="md-source__repository">
terraform-aws-eks
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../local/" class="md-nav__link">
<span class="md-ellipsis">
Local Develpment
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#list-of-backwards-incompatible-changes" class="md-nav__link">
<span class="md-ellipsis">
List of backwards incompatible changes
</span>
</a>
<nav class="md-nav" aria-label="List of backwards incompatible changes">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#upcoming-changes-planned-in-v210" class="md-nav__link">
<span class="md-ellipsis">
⚠️ Upcoming Changes Planned in v21.0 ⚠️
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#additional-changes" class="md-nav__link">
<span class="md-ellipsis">
Additional changes
</span>
</a>
<nav class="md-nav" aria-label="Additional changes">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#added" class="md-nav__link">
<span class="md-ellipsis">
Added
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modified" class="md-nav__link">
<span class="md-ellipsis">
Modified
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#removed" class="md-nav__link">
<span class="md-ellipsis">
Removed
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#variable-and-output-changes" class="md-nav__link">
<span class="md-ellipsis">
Variable and output changes
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#upgrade-migrations" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Migrations
</span>
</a>
<nav class="md-nav" aria-label="Upgrade Migrations">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#diff-of-before-v1921-vs-after-v200" class="md-nav__link">
<span class="md-ellipsis">
Diff of Before (v19.21) vs After (v20.0)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#karpenter-diff-of-before-v1921-vs-after-v200" class="md-nav__link">
<span class="md-ellipsis">
Karpenter Diff of Before (v19.21) vs After (v20.0)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#terraform-state-moves" class="md-nav__link">
<span class="md-ellipsis">
Terraform State Moves
</span>
</a>
<nav class="md-nav" aria-label="Terraform State Moves">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#authentication-mode-changes" class="md-nav__link">
<span class="md-ellipsis">
⚠️ Authentication Mode Changes ⚠️
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#authentication_mode-api_and_config_map" class="md-nav__link">
<span class="md-ellipsis">
authentication_mode = "API_AND_CONFIG_MAP"
</span>
</a>
<nav class="md-nav" aria-label="authentication_mode = "API_AND_CONFIG_MAP"">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#i-terraform-17-users" class="md-nav__link">
<span class="md-ellipsis">
️ Terraform 1.7+ users
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#authentication_mode-api" class="md-nav__link">
<span class="md-ellipsis">
authentication_mode = "API"
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="upgrade-from-v19x-to-v20x">Upgrade from v19.x to v20.x<a class="headerlink" href="#upgrade-from-v19x-to-v20x" title="Permanent link">&para;</a></h1>
<p>Please consult the <code>examples</code> directory for reference example configurations. If you find a bug, please open an issue with supporting configuration to reproduce.</p>
<h2 id="list-of-backwards-incompatible-changes">List of backwards incompatible changes<a class="headerlink" href="#list-of-backwards-incompatible-changes" title="Permanent link">&para;</a></h2>
<ul>
<li>Minium supported AWS provider version increased to <code>v5.34</code></li>
<li>Minimum supported Terraform version increased to <code>v1.3</code> to support Terraform state <code>moved</code> blocks as well as other advanced features</li>
<li>The <code>resolve_conflicts</code> argument within the <code>cluster_addons</code> configuration has been replaced with <code>resolve_conflicts_on_create</code> and <code>resolve_conflicts_on_update</code> now that <code>resolve_conflicts</code> is deprecated</li>
<li>The default/fallback value for the <code>preserve</code> argument of <code>cluster_addons</code>is now set to <code>true</code>. This has shown to be useful for users deprovisioning clusters while avoiding the situation where the CNI is deleted too early and causes resources to be left orphaned resulting in conflicts.</li>
<li>The Karpenter sub-module's use of the <code>irsa</code> naming convention has been removed, along with an update to the Karpenter controller IAM policy to align with Karpenter's <code>v1beta1</code>/<code>v0.32</code> changes. Instead of referring to the role as <code>irsa</code> or <code>pod_identity</code>, its simply just an IAM role used by the Karpenter controller and there is support for use with either IRSA and/or Pod Identity (default) at this time</li>
<li>The <code>aws-auth</code> ConfigMap resources have been moved to a standalone sub-module. This removes the Kubernetes provider requirement from the main module and allows for the <code>aws-auth</code> ConfigMap to be managed independently of the main module. This sub-module will be removed entirely in the next major release.</li>
<li>Support for cluster access management has been added with the default authentication mode set as <code>API_AND_CONFIG_MAP</code>. Support for <code>CONFIG_MAP</code> is no longer supported; instead you will need to use <code>API_AND_CONFIG_MAP</code> at minimum</li>
<li>Karpenter EventBridge rule key <code>spot_interrupt</code> updated to correct mis-spelling (was <code>spot_interupt</code>). This will cause the rule to be replaced</li>
</ul>
<h3 id="upcoming-changes-planned-in-v210">⚠️ Upcoming Changes Planned in v21.0 ⚠️<a class="headerlink" href="#upcoming-changes-planned-in-v210" title="Permanent link">&para;</a></h3>
<p>To give users advanced notice and provide some future direction for this module, these are the following changes we will be looking to make in the next major release of this module:</p>
<ol>
<li>The <code>aws-auth</code> sub-module will be removed entirely from the project. Since this sub-module is captured in the v20.x releases, users can continue using it even after the module moves forward with the next major version. The long term strategy and direction is cluster access entry and to rely only on the AWS Terraform provider.</li>
<li>The default value for <code>authentication_mode</code> will change to <code>API</code>. Aligning with point 1 above, this is a one way change, but users are free to specify the value of their choosing in place of this default (when the change is made). This module will proceed with an EKS API first strategy.</li>
<li>The launch template and autoscaling group usage contained within the EKS managed node group and self-managed node group sub-modules *might be replaced with the <a href="https://github.com/terraform-aws-modules/terraform-aws-autoscaling"><code>terraform-aws-autoscaling</code></a> module. At minimum, it makes sense to replace most of functionality in the self-managed node group module with this external module, but its not yet clear if there is any benefit of using it in the EKS managed node group sub-module. The interface that users interact with will stay the same, the changes will be internal to the implementation and we will do everything we can to keep the disruption to a minimum.</li>
<li>The <code>platform</code> variable will be replaced and instead <code>ami_type</code> will become the standard across both self-managed node group(s) and EKS managed node group(s). As EKS expands its portfolio of supported operating systems, the <code>ami_type</code> is better suited to associate the correct user data format to the respective OS. The <code>platform</code> variable is a legacy artifact of self-managed node groups but not as descriptive as the <code>ami_type</code>, and therefore it will be removed in favor of <code>ami_type</code>.</li>
</ol>
<h2 id="additional-changes">Additional changes<a class="headerlink" href="#additional-changes" title="Permanent link">&para;</a></h2>
<h3 id="added">Added<a class="headerlink" href="#added" title="Permanent link">&para;</a></h3>
<ul>
<li>A module tag has been added to the cluster control plane</li>
<li>Support for cluster access entries. The <code>bootstrap_cluster_creator_admin_permissions</code> setting on the control plane has been hardcoded to <code>false</code> since this operation is a one time operation only at cluster creation per the EKS API. Instead, users can enable/disable <code>enable_cluster_creator_admin_permissions</code> at any time to achieve the same functionality. This takes the identity that Terraform is using to make API calls and maps it into a cluster admin via an access entry. For users on existing clusters, you will need to remove the default cluster administrator that was created by EKS prior to the cluster access entry APIs - see the section <a href="https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/"><code>Removing the default cluster administrator</code></a> for more details.</li>
<li>Support for specifying the CloudWatch log group class (standard or infrequent access)</li>
<li>Native support for Windows based managed node groups similar to AL2 and Bottlerocket</li>
<li>Self-managed node groups now support <code>instance_maintenance_policy</code> and have added <code>max_healthy_percentage</code>, <code>scale_in_protected_instances</code>, and <code>standby_instances</code> arguments to the <code>instance_refresh.preferences</code> block</li>
</ul>
<h3 id="modified">Modified<a class="headerlink" href="#modified" title="Permanent link">&para;</a></h3>
<ul>
<li>For <code>sts:AssumeRole</code> permissions by services, the use of dynamically looking up the DNS suffix has been replaced with the static value of <code>amazonaws.com</code>. This does not appear to change by partition and instead requires users to set this manually for non-commercial regions.</li>
<li>The default value for <code>kms_key_enable_default_policy</code> has changed from <code>false</code> to <code>true</code> to align with the default behavior of the <code>aws_kms_key</code> resource</li>
<li>The Karpenter default value for <code>create_instance_profile</code> has changed from <code>true</code> to <code>false</code> to align with the changes in Karpenter v0.32</li>
<li>The Karpenter variable <code>create_instance_profile</code> default value has changed from <code>true</code> to <code>false</code>. Starting with Karpenter <code>v0.32.0</code>, Karpenter accepts an IAM role and creates the EC2 instance profile used by the nodes</li>
</ul>
<h3 id="removed">Removed<a class="headerlink" href="#removed" title="Permanent link">&para;</a></h3>
<ul>
<li>The <code>complete</code> example has been removed due to its redundancy with the other examples</li>
<li>References to the IRSA sub-module in the IAM repository have been removed. Once https://github.com/clowdhaus/terraform-aws-eks-pod-identity has been updated and moved into the organization, the documentation here will be updated to mention the new module.</li>
</ul>
<h3 id="variable-and-output-changes">Variable and output changes<a class="headerlink" href="#variable-and-output-changes" title="Permanent link">&para;</a></h3>
<ol>
<li>
<p>Removed variables:</p>
</li>
<li>
<p><code>cluster_iam_role_dns_suffix</code> - replaced with a static string of <code>amazonaws.com</code></p>
</li>
<li><code>manage_aws_auth_configmap</code></li>
<li><code>create_aws_auth_configmap</code></li>
<li><code>aws_auth_node_iam_role_arns_non_windows</code></li>
<li><code>aws_auth_node_iam_role_arns_windows</code></li>
<li><code>aws_auth_fargate_profile_pod_execution_role_arn</code></li>
<li><code>aws_auth_roles</code></li>
<li><code>aws_auth_users</code></li>
<li>
<p><code>aws_auth_accounts</code></p>
</li>
<li>
<p>Karpenter</p>
<ul>
<li><code>irsa_tag_key</code></li>
<li><code>irsa_tag_values</code></li>
<li><code>irsa_subnet_account_id</code></li>
<li><code>enable_karpenter_instance_profile_creation</code></li>
</ul>
</li>
<li>
<p>Renamed variables:</p>
</li>
<li>
<p>Karpenter</p>
<ul>
<li><code>create_irsa</code> -&gt; <code>create_iam_role</code></li>
<li><code>irsa_name</code> -&gt; <code>iam_role_name</code></li>
<li><code>irsa_use_name_prefix</code> -&gt; <code>iam_role_name_prefix</code></li>
<li><code>irsa_path</code> -&gt; <code>iam_role_path</code></li>
<li><code>irsa_description</code> -&gt; <code>iam_role_description</code></li>
<li><code>irsa_max_session_duration</code> -&gt; <code>iam_role_max_session_duration</code></li>
<li><code>irsa_permissions_boundary_arn</code> -&gt; <code>iam_role_permissions_boundary_arn</code></li>
<li><code>irsa_tags</code> -&gt; <code>iam_role_tags</code></li>
<li><code>policies</code> -&gt; <code>iam_role_policies</code></li>
<li><code>irsa_policy_name</code> -&gt; <code>iam_policy_name</code></li>
<li><code>irsa_ssm_parameter_arns</code> -&gt; <code>ami_id_ssm_parameter_arns</code></li>
<li><code>create_iam_role</code> -&gt; <code>create_node_iam_role</code></li>
<li><code>iam_role_additional_policies</code> -&gt; <code>node_iam_role_additional_policies</code></li>
<li><code>policies</code> -&gt; <code>iam_role_policies</code></li>
<li><code>iam_role_arn</code> -&gt; <code>node_iam_role_arn</code></li>
<li><code>iam_role_name</code> -&gt; <code>node_iam_role_name</code></li>
<li><code>iam_role_name_prefix</code> -&gt; <code>node_iam_role_name_prefix</code></li>
<li><code>iam_role_path</code> -&gt; <code>node_iam_role_path</code></li>
<li><code>iam_role_description</code> -&gt; <code>node_iam_role_description</code></li>
<li><code>iam_role_max_session_duration</code> -&gt; <code>node_iam_role_max_session_duration</code></li>
<li><code>iam_role_permissions_boundary_arn</code> -&gt; <code>node_iam_role_permissions_boundary_arn</code></li>
<li><code>iam_role_attach_cni_policy</code> -&gt; <code>node_iam_role_attach_cni_policy</code></li>
<li><code>iam_role_additional_policies</code> -&gt; <code>node_iam_role_additional_policies</code></li>
<li><code>iam_role_tags</code> -&gt; <code>node_iam_role_tags</code></li>
</ul>
</li>
<li>
<p>Added variables:</p>
</li>
<li>
<p><code>create_access_entry</code></p>
</li>
<li><code>enable_cluster_creator_admin_permissions</code></li>
<li><code>authentication_mode</code></li>
<li><code>access_entries</code></li>
<li>
<p><code>cloudwatch_log_group_class</code></p>
</li>
<li>
<p>Karpenter</p>
<ul>
<li><code>iam_policy_name</code></li>
<li><code>iam_policy_use_name_prefix</code></li>
<li><code>iam_policy_description</code></li>
<li><code>iam_policy_path</code></li>
<li><code>enable_irsa</code></li>
<li><code>create_access_entry</code></li>
<li><code>access_entry_type</code></li>
</ul>
</li>
<li>
<p>Self-managed node group</p>
<ul>
<li><code>instance_maintenance_policy</code></li>
<li><code>create_access_entry</code></li>
<li><code>iam_role_arn</code></li>
</ul>
</li>
<li>
<p>Removed outputs:</p>
</li>
<li>
<p><code>aws_auth_configmap_yaml</code></p>
</li>
<li>
<p>Renamed outputs:</p>
</li>
<li>
<p>Karpenter</p>
<ul>
<li><code>irsa_name</code> -&gt; <code>iam_role_name</code></li>
<li><code>irsa_arn</code> -&gt; <code>iam_role_arn</code></li>
<li><code>irsa_unique_id</code> -&gt; <code>iam_role_unique_id</code></li>
<li><code>role_name</code> -&gt; <code>node_iam_role_name</code></li>
<li><code>role_arn</code> -&gt; <code>node_iam_role_arn</code></li>
<li><code>role_unique_id</code> -&gt; <code>node_iam_role_unique_id</code></li>
</ul>
</li>
<li>
<p>Added outputs:</p>
</li>
<li>
<p><code>access_entries</code></p>
</li>
<li>
<p>Karpenter</p>
<ul>
<li><code>node_access_entry_arn</code></li>
</ul>
</li>
<li>
<p>Self-managed node group</p>
<ul>
<li><code>access_entry_arn</code></li>
</ul>
</li>
</ol>
<h2 id="upgrade-migrations">Upgrade Migrations<a class="headerlink" href="#upgrade-migrations" title="Permanent link">&para;</a></h2>
<h3 id="diff-of-before-v1921-vs-after-v200">Diff of Before (v19.21) vs After (v20.0)<a class="headerlink" href="#diff-of-before-v1921-vs-after-v200" title="Permanent link">&para;</a></h3>
<div class="language-diff highlight"><pre><span></span><code><span id="__span-0-1"><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a><span class="w"> </span>module &quot;eks&quot; {
</span><span id="__span-0-2"><a id="__codelineno-0-2" name="__codelineno-0-2" href="#__codelineno-0-2"></a><span class="w"> </span> source = &quot;terraform-aws-modules/eks/aws&quot;
</span><span id="__span-0-3"><a id="__codelineno-0-3" name="__codelineno-0-3" href="#__codelineno-0-3"></a><span class="gd">- version = &quot;~&gt; 19.21&quot;</span>
</span><span id="__span-0-4"><a id="__codelineno-0-4" name="__codelineno-0-4" href="#__codelineno-0-4"></a><span class="gi">+ version = &quot;~&gt; 20.0&quot;</span>
</span><span id="__span-0-5"><a id="__codelineno-0-5" name="__codelineno-0-5" href="#__codelineno-0-5"></a>
</span><span id="__span-0-6"><a id="__codelineno-0-6" name="__codelineno-0-6" href="#__codelineno-0-6"></a># If you want to maintain the current default behavior of v19.x
</span><span id="__span-0-7"><a id="__codelineno-0-7" name="__codelineno-0-7" href="#__codelineno-0-7"></a><span class="gi">+ kms_key_enable_default_policy = false</span>
</span><span id="__span-0-8"><a id="__codelineno-0-8" name="__codelineno-0-8" href="#__codelineno-0-8"></a>
</span><span id="__span-0-9"><a id="__codelineno-0-9" name="__codelineno-0-9" href="#__codelineno-0-9"></a><span class="gd">- manage_aws_auth_configmap = true</span>
</span><span id="__span-0-10"><a id="__codelineno-0-10" name="__codelineno-0-10" href="#__codelineno-0-10"></a>
</span><span id="__span-0-11"><a id="__codelineno-0-11" name="__codelineno-0-11" href="#__codelineno-0-11"></a><span class="gd">- aws_auth_roles = [</span>
</span><span id="__span-0-12"><a id="__codelineno-0-12" name="__codelineno-0-12" href="#__codelineno-0-12"></a><span class="gd">- {</span>
</span><span id="__span-0-13"><a id="__codelineno-0-13" name="__codelineno-0-13" href="#__codelineno-0-13"></a><span class="gd">- rolearn = &quot;arn:aws:iam::66666666666:role/role1&quot;</span>
</span><span id="__span-0-14"><a id="__codelineno-0-14" name="__codelineno-0-14" href="#__codelineno-0-14"></a><span class="gd">- username = &quot;role1&quot;</span>
</span><span id="__span-0-15"><a id="__codelineno-0-15" name="__codelineno-0-15" href="#__codelineno-0-15"></a><span class="gd">- groups = [&quot;custom-role-group&quot;]</span>
</span><span id="__span-0-16"><a id="__codelineno-0-16" name="__codelineno-0-16" href="#__codelineno-0-16"></a><span class="gd">- },</span>
</span><span id="__span-0-17"><a id="__codelineno-0-17" name="__codelineno-0-17" href="#__codelineno-0-17"></a><span class="gd">- ]</span>
</span><span id="__span-0-18"><a id="__codelineno-0-18" name="__codelineno-0-18" href="#__codelineno-0-18"></a>
</span><span id="__span-0-19"><a id="__codelineno-0-19" name="__codelineno-0-19" href="#__codelineno-0-19"></a><span class="gd">- aws_auth_users = [</span>
</span><span id="__span-0-20"><a id="__codelineno-0-20" name="__codelineno-0-20" href="#__codelineno-0-20"></a><span class="gd">- {</span>
</span><span id="__span-0-21"><a id="__codelineno-0-21" name="__codelineno-0-21" href="#__codelineno-0-21"></a><span class="gd">- userarn = &quot;arn:aws:iam::66666666666:user/user1&quot;</span>
</span><span id="__span-0-22"><a id="__codelineno-0-22" name="__codelineno-0-22" href="#__codelineno-0-22"></a><span class="gd">- username = &quot;user1&quot;</span>
</span><span id="__span-0-23"><a id="__codelineno-0-23" name="__codelineno-0-23" href="#__codelineno-0-23"></a><span class="gd">- groups = [&quot;custom-users-group&quot;]</span>
</span><span id="__span-0-24"><a id="__codelineno-0-24" name="__codelineno-0-24" href="#__codelineno-0-24"></a><span class="gd">- },</span>
</span><span id="__span-0-25"><a id="__codelineno-0-25" name="__codelineno-0-25" href="#__codelineno-0-25"></a><span class="gd">- ]</span>
</span><span id="__span-0-26"><a id="__codelineno-0-26" name="__codelineno-0-26" href="#__codelineno-0-26"></a>}
</span><span id="__span-0-27"><a id="__codelineno-0-27" name="__codelineno-0-27" href="#__codelineno-0-27"></a>
</span><span id="__span-0-28"><a id="__codelineno-0-28" name="__codelineno-0-28" href="#__codelineno-0-28"></a><span class="gi">+ module &quot;eks_aws_auth&quot; {</span>
</span><span id="__span-0-29"><a id="__codelineno-0-29" name="__codelineno-0-29" href="#__codelineno-0-29"></a><span class="gi">+ source = &quot;terraform-aws-modules/eks/aws//modules/aws-auth&quot;</span>
</span><span id="__span-0-30"><a id="__codelineno-0-30" name="__codelineno-0-30" href="#__codelineno-0-30"></a><span class="gi">+ version = &quot;~&gt; 20.0&quot;</span>
</span><span id="__span-0-31"><a id="__codelineno-0-31" name="__codelineno-0-31" href="#__codelineno-0-31"></a>
</span><span id="__span-0-32"><a id="__codelineno-0-32" name="__codelineno-0-32" href="#__codelineno-0-32"></a><span class="gi">+ manage_aws_auth_configmap = true</span>
</span><span id="__span-0-33"><a id="__codelineno-0-33" name="__codelineno-0-33" href="#__codelineno-0-33"></a>
</span><span id="__span-0-34"><a id="__codelineno-0-34" name="__codelineno-0-34" href="#__codelineno-0-34"></a><span class="gi">+ aws_auth_roles = [</span>
</span><span id="__span-0-35"><a id="__codelineno-0-35" name="__codelineno-0-35" href="#__codelineno-0-35"></a><span class="gi">+ {</span>
</span><span id="__span-0-36"><a id="__codelineno-0-36" name="__codelineno-0-36" href="#__codelineno-0-36"></a><span class="gi">+ rolearn = &quot;arn:aws:iam::66666666666:role/role1&quot;</span>
</span><span id="__span-0-37"><a id="__codelineno-0-37" name="__codelineno-0-37" href="#__codelineno-0-37"></a><span class="gi">+ username = &quot;role1&quot;</span>
</span><span id="__span-0-38"><a id="__codelineno-0-38" name="__codelineno-0-38" href="#__codelineno-0-38"></a><span class="gi">+ groups = [&quot;custom-role-group&quot;]</span>
</span><span id="__span-0-39"><a id="__codelineno-0-39" name="__codelineno-0-39" href="#__codelineno-0-39"></a><span class="gi">+ },</span>
</span><span id="__span-0-40"><a id="__codelineno-0-40" name="__codelineno-0-40" href="#__codelineno-0-40"></a><span class="gi">+ ]</span>
</span><span id="__span-0-41"><a id="__codelineno-0-41" name="__codelineno-0-41" href="#__codelineno-0-41"></a>
</span><span id="__span-0-42"><a id="__codelineno-0-42" name="__codelineno-0-42" href="#__codelineno-0-42"></a><span class="gi">+ aws_auth_users = [</span>
</span><span id="__span-0-43"><a id="__codelineno-0-43" name="__codelineno-0-43" href="#__codelineno-0-43"></a><span class="gi">+ {</span>
</span><span id="__span-0-44"><a id="__codelineno-0-44" name="__codelineno-0-44" href="#__codelineno-0-44"></a><span class="gi">+ userarn = &quot;arn:aws:iam::66666666666:user/user1&quot;</span>
</span><span id="__span-0-45"><a id="__codelineno-0-45" name="__codelineno-0-45" href="#__codelineno-0-45"></a><span class="gi">+ username = &quot;user1&quot;</span>
</span><span id="__span-0-46"><a id="__codelineno-0-46" name="__codelineno-0-46" href="#__codelineno-0-46"></a><span class="gi">+ groups = [&quot;custom-users-group&quot;]</span>
</span><span id="__span-0-47"><a id="__codelineno-0-47" name="__codelineno-0-47" href="#__codelineno-0-47"></a><span class="gi">+ },</span>
</span><span id="__span-0-48"><a id="__codelineno-0-48" name="__codelineno-0-48" href="#__codelineno-0-48"></a><span class="gi">+ ]</span>
</span><span id="__span-0-49"><a id="__codelineno-0-49" name="__codelineno-0-49" href="#__codelineno-0-49"></a><span class="gi">+ }</span>
</span></code></pre></div>
<h3 id="karpenter-diff-of-before-v1921-vs-after-v200">Karpenter Diff of Before (v19.21) vs After (v20.0)<a class="headerlink" href="#karpenter-diff-of-before-v1921-vs-after-v200" title="Permanent link">&para;</a></h3>
<div class="language-diff highlight"><pre><span></span><code><span id="__span-1-1"><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a><span class="w"> </span>module &quot;eks_karpenter&quot; {
</span><span id="__span-1-2"><a id="__codelineno-1-2" name="__codelineno-1-2" href="#__codelineno-1-2"></a><span class="w"> </span> source = &quot;terraform-aws-modules/eks/aws//modules/karpenter&quot;
</span><span id="__span-1-3"><a id="__codelineno-1-3" name="__codelineno-1-3" href="#__codelineno-1-3"></a><span class="gd">- version = &quot;~&gt; 19.21&quot;</span>
</span><span id="__span-1-4"><a id="__codelineno-1-4" name="__codelineno-1-4" href="#__codelineno-1-4"></a><span class="gi">+ version = &quot;~&gt; 20.0&quot;</span>
</span><span id="__span-1-5"><a id="__codelineno-1-5" name="__codelineno-1-5" href="#__codelineno-1-5"></a>
</span><span id="__span-1-6"><a id="__codelineno-1-6" name="__codelineno-1-6" href="#__codelineno-1-6"></a># If you wish to maintain the current default behavior of v19.x
</span><span id="__span-1-7"><a id="__codelineno-1-7" name="__codelineno-1-7" href="#__codelineno-1-7"></a><span class="gi">+ enable_irsa = true</span>
</span><span id="__span-1-8"><a id="__codelineno-1-8" name="__codelineno-1-8" href="#__codelineno-1-8"></a><span class="gi">+ create_instance_profile = true</span>
</span><span id="__span-1-9"><a id="__codelineno-1-9" name="__codelineno-1-9" href="#__codelineno-1-9"></a>
</span><span id="__span-1-10"><a id="__codelineno-1-10" name="__codelineno-1-10" href="#__codelineno-1-10"></a># To avoid any resource re-creation
</span><span id="__span-1-11"><a id="__codelineno-1-11" name="__codelineno-1-11" href="#__codelineno-1-11"></a><span class="gi">+ iam_role_name = &quot;KarpenterIRSA-${module.eks.cluster_name}&quot;</span>
</span><span id="__span-1-12"><a id="__codelineno-1-12" name="__codelineno-1-12" href="#__codelineno-1-12"></a><span class="gi">+ iam_role_description = &quot;Karpenter IAM role for service account&quot;</span>
</span><span id="__span-1-13"><a id="__codelineno-1-13" name="__codelineno-1-13" href="#__codelineno-1-13"></a><span class="gi">+ iam_policy_name = &quot;KarpenterIRSA-${module.eks.cluster_name}&quot;</span>
</span><span id="__span-1-14"><a id="__codelineno-1-14" name="__codelineno-1-14" href="#__codelineno-1-14"></a><span class="gi">+ iam_policy_description = &quot;Karpenter IAM role for service account&quot;</span>
</span><span id="__span-1-15"><a id="__codelineno-1-15" name="__codelineno-1-15" href="#__codelineno-1-15"></a>}
</span></code></pre></div>
<h2 id="terraform-state-moves">Terraform State Moves<a class="headerlink" href="#terraform-state-moves" title="Permanent link">&para;</a></h2>
<h4 id="authentication-mode-changes">⚠️ Authentication Mode Changes ⚠️<a class="headerlink" href="#authentication-mode-changes" title="Permanent link">&para;</a></h4>
<p>Changing the <code>authentication_mode</code> is a one-way decision. See <a href="https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/">announcement blog</a> for further details:</p>
<blockquote>
<p>Switching authentication modes on an existing cluster is a one-way operation. You can switch from CONFIG_MAP to API_AND_CONFIG_MAP. You can then switch from API_AND_CONFIG_MAP to API. You cannot revert these operations in the opposite direction. Meaning you cannot switch back to CONFIG_MAP or API_AND_CONFIG_MAP from API.</p>
<p>[!IMPORTANT]
If migrating to cluster access entries and you will NOT have any entries that remain in the <code>aws-auth</code> ConfigMap, you do not need to remove the configmap from the statefile. You can simply follow the migration guide and once access entries have been created, you can let Terraform remove/delete the <code>aws-auth</code> ConfigMap.</p>
<p>If you WILL have entries that remain in the <code>aws-auth</code> ConfigMap, then you will need to remove the ConfigMap resources from the statefile to avoid any disruptions. When you add the new <code>aws-auth</code> sub-module and apply the changes, the sub-module will upsert the ConfigMap on the cluster. Provided the necessary entries are defined in that sub-module's definition, it will "re-adopt" the ConfigMap under Terraform's control.</p>
</blockquote>
<h3 id="authentication_mode-api_and_config_map">authentication_mode = "API_AND_CONFIG_MAP"<a class="headerlink" href="#authentication_mode-api_and_config_map" title="Permanent link">&para;</a></h3>
<p>When using <code>authentication_mode = "API_AND_CONFIG_MAP"</code> and there are entries that will remain in the configmap (entries that cannot be replaced by cluster access entry), you will first need to update the <code>authentication_mode</code> on the cluster to <code>"API_AND_CONFIG_MAP"</code>. To help make this upgrade process easier, a copy of the changes defined in the <a href="https://github.com/terraform-aws-modules/terraform-aws-eks/pull/2858"><code>v20.0.0</code></a> PR have been captured <a href="https://github.com/clowdhaus/terraform-aws-eks-v20-migrate">here</a> but with the <code>aws-auth</code> components still provided in the module. This means you get the equivalent of the <code>v20.0.0</code> module, but it still includes support for the <code>aws-auth</code> configmap. You can follow the provided README on that interim migration module for the order of execution and return here once the <code>authentication_mode</code> has been updated to <code>"API_AND_CONFIG_MAP"</code>. Note - EKS automatically adds access entries for the roles used by EKS managed node groups and Fargate profiles; users do not need to do anything additional for these roles.</p>
<p>Once the <code>authentication_mode</code> has been updated, next you will need to remove the configmap from the statefile to avoid any disruptions:</p>
<blockquote>
<p>[!NOTE]
This is only required if there are entries that will remain in the <code>aws-auth</code> ConfigMap after migrating. Otherwise, you can skip this step and let Terraform destroy the ConfigMap.</p>
</blockquote>
<div class="language-sh highlight"><pre><span></span><code><span id="__span-2-1"><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a>terraform<span class="w"> </span>state<span class="w"> </span>rm<span class="w"> </span><span class="s1">&#39;module.eks.kubernetes_config_map_v1_data.aws_auth[0]&#39;</span>
</span><span id="__span-2-2"><a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a>terraform<span class="w"> </span>state<span class="w"> </span>rm<span class="w"> </span><span class="s1">&#39;module.eks.kubernetes_config_map.aws_auth[0]&#39;</span><span class="w"> </span><span class="c1"># include if Terraform created the original configmap</span>
</span></code></pre></div>
<h4 id="i-terraform-17-users">️ Terraform 1.7+ users<a class="headerlink" href="#i-terraform-17-users" title="Permanent link">&para;</a></h4>
<p>If you are using Terraform <code>v1.7+</code>, you can utilize the <a href="https://developer.hashicorp.com/terraform/language/resources/syntax#removing-resources"><code>remove</code></a> to facilitate both the removal of the configmap through code. You can create a fork/clone of the provided <a href="https://github.com/clowdhaus/terraform-aws-eks-migrate-v19-to-v20">migration module</a> and add the <code>remove</code> blocks and apply those changes before proceeding. We do not want to force users onto the bleeding edge with this module, so we have not included <code>remove</code> support at this time.</p>
<p>Once the configmap has been removed from the statefile, you can add the new <code>aws-auth</code> sub-module and copy the relevant definitions from the EKS module over to the new <code>aws-auth</code> sub-module definition (see before after diff above). When you apply the changes with the new sub-module, the configmap in the cluster will get updated with the contents provided in the sub-module definition, so please be sure all of the necessary entries are added before applying the changes. In the before/example above - the configmap would remove any entries for roles used by node groups and/or Fargate Profiles, but maintain the custom entries for users and roles passed into the module definition.</p>
<h3 id="authentication_mode-api">authentication_mode = "API"<a class="headerlink" href="#authentication_mode-api" title="Permanent link">&para;</a></h3>
<p>In order to switch to <code>API</code> only using cluster access entry, you first need to update the <code>authentication_mode</code> on the cluster to <code>API_AND_CONFIG_MAP</code> without modifying the <code>aws-auth</code> configmap. To help make this upgrade process easier, a copy of the changes defined in the <a href="https://github.com/terraform-aws-modules/terraform-aws-eks/pull/2858"><code>v20.0.0</code></a> PR have been captured <a href="https://github.com/clowdhaus/terraform-aws-eks-v20-migrate">here</a> but with the <code>aws-auth</code> components still provided in the module. This means you get the equivalent of the <code>v20.0.0</code> module, but it still includes support for the <code>aws-auth</code> configmap. You can follow the provided README on that interim migration module for the order of execution and return here once the <code>authentication_mode</code> has been updated to <code>"API_AND_CONFIG_MAP"</code>. Note - EKS automatically adds access entries for the roles used by EKS managed node groups and Fargate profiles; users do not need to do anything additional for these roles.</p>
<p>Once the <code>authentication_mode</code> has been updated, you can update the <code>authentication_mode</code> on the cluster to <code>API</code> and remove the <code>aws-auth</code> configmap components.</p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": ["navigation.tabs.sticky"], "search": "../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
<script src="../assets/javascripts/bundle.ad660dcc.min.js"></script>
</body>
</html>
View Git Blame Copy Permalink