mirror of
https://github.com/terraform-aws-modules/terraform-aws-eks.git
synced 2025-09-09 19:32:58 +08:00
Bryant Biggs
416515a0da
* feat!: Upgrade min AWS provider and Terraform versions to `6.0` and `1.5.7` respectively * fix: Remove deprecated arguments in AWS v6.0 provider, upgrade Helm provider to v3.0, bump VPC module to v6.0 * fix: Remove `aws-auth` sub-module * fix: Remove `platform` and `cluster_service_ipv4_cidr` variables from `user-data` sub-module * fix: Resolve all marked `todos` that have been accumulated * fix: Set default `http_put_response_hop_limit` to `1` * fix: Remove IRSA support from Karpenter sub-module * fix: Avoid making GET requests from data sources unless absolutely necessary * feat: Add variable optional attribute definitions * feat: Bump KMS key module version to latest, add remaining variable attribute definitions * fix: Remove `cluster_` prefix from variable names to better match the underlying API * fix: Move all EFA logic to the nodegroup itself * fix: Remove arguments that do not make sense in EKS * fix: Updates from plan validation * fix: Remove more self-managed node group attributes that are commonly not used in EKS clusters * fix: Remove data plane compute `*_defaults` variables that do not work with variable optional attributes * fix: Ignore changes to `bootstrap_self_managed_addons` to aid in upgrade * feat: Add support for `region` argument on relevant resources * feat: Initial pass on upgrade guide * fix: Updates from testing and validating EKS managed node group * fix: Updates from testing and validating self-managed node group * docs: Ensure addon ussage documented is aligned * feat: Switch to dualstack OIDC issuer URL * feat: Allow sourcing over overriding the Karpenter assume role policy * fix: Use `Bool` instead of `StringEquals` for DenyHTTP queue policy * fix: Correct use of `nullable` and default value propagation
EKS Hybrid Node IAM Role
Usage
To provision the provided configurations you need to execute:
$ terraform init
$ terraform plan
$ terraform apply --auto-approve
Note that this example may create resources which cost money. Run terraform destroy when you don't need these resources.
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.5.7 |
| aws | >= 6.0 |
| tls | >= 4.0 |
Providers
| Name | Version |
|---|---|
| tls | >= 4.0 |
Modules
| Name | Source | Version |
|---|---|---|
| disabled_eks_hybrid_node_role | ../../modules/hybrid-node-role | n/a |
| eks_hybrid_node_role | ../../modules/hybrid-node-role | n/a |
| ira_eks_hybrid_node_role | ../../modules/hybrid-node-role | n/a |
Resources
| Name | Type |
|---|---|
| tls_private_key.example | resource |
| tls_self_signed_cert.example | resource |
Inputs
No inputs.
Outputs
| Name | Description |
|---|---|
| arn | The Amazon Resource Name (ARN) specifying the node IAM role |
| intermediate_role_arn | The Amazon Resource Name (ARN) specifying the node IAM role |
| intermediate_role_name | The name of the node IAM role |
| intermediate_role_unique_id | Stable and unique string identifying the node IAM role |
| ira_arn | The Amazon Resource Name (ARN) specifying the node IAM role |
| ira_intermediate_role_arn | The Amazon Resource Name (ARN) specifying the node IAM role |
| ira_intermediate_role_name | The name of the node IAM role |
| ira_intermediate_role_unique_id | Stable and unique string identifying the node IAM role |
| ira_name | The name of the node IAM role |
| ira_unique_id | Stable and unique string identifying the node IAM role |
| name | The name of the node IAM role |
| unique_id | Stable and unique string identifying the node IAM role |