Skip to content

Releases: pulumi/pulumi-eks

v3.6.0

23 Dec 20:27
ea64dcc
Compare
Choose a tag to compare

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

What's Changed

Full Changelog: v3.5.0...v3.6.0

v3.5.0

16 Dec 22:03
684aabe
Compare
Choose a tag to compare

Does the PR have any schema changes?

Found 60 breaking changes:

Resources

  • "eks:index:Cluster":
    • inputs:
      • 🟡 "clusterSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
      • 🟡 "instanceRole" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"
      • 🟡 "instanceRoles": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"
      • 🟡 "serviceRole" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"
    • properties:
      • 🟡 "awsProvider" type changed from "/aws/v6.18.2/schema.json#/provider" to "/aws/v6.65.0/schema.json#/provider"
      • 🟡 "clusterSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
      • 🟡 "eksCluster" type changed from "/aws/v6.18.2/schema.json#/resources/aws:eks%2Fcluster:Cluster" to "/aws/v6.65.0/schema.json#/resources/aws:eks%2Fcluster:Cluster"
      • 🟡 "eksClusterIngressRule" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule"
      • 🟡 "instanceRoles": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"
      • 🟡 "nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
  • 🟡 "eks:index:ClusterCreationRoleProvider": properties: "role" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"
  • "eks:index:ManagedNodeGroup":
    • inputs:
      • 🟡 "launchTemplate" type changed from "/aws/v6.18.2/schema.json#/types/aws:eks%2FNodeGroupLaunchTemplate:NodeGroupLaunchTemplate" to "/aws/v6.65.0/schema.json#/types/aws:eks%2FNodeGroupLaunchTemplate:NodeGroupLaunchTemplate"
      • 🟡 "nodeRole" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"
      • 🟡 "remoteAccess" type changed from "/aws/v6.18.2/schema.json#/types/aws:eks%2FNodeGroupRemoteAccess:NodeGroupRemoteAccess" to "/aws/v6.65.0/schema.json#/types/aws:eks%2FNodeGroupRemoteAccess:NodeGroupRemoteAccess"
      • 🟡 "scalingConfig" type changed from "/aws/v6.18.2/schema.json#/types/aws:eks%2FNodeGroupScalingConfig:NodeGroupScalingConfig" to "/aws/v6.65.0/schema.json#/types/aws:eks%2FNodeGroupScalingConfig:NodeGroupScalingConfig"
      • 🟡 "taints": items type changed from "/aws/v6.18.2/schema.json#/types/aws:eks%2FNodeGroupTaint:NodeGroupTaint" to "/aws/v6.65.0/schema.json#/types/aws:eks%2FNodeGroupTaint:NodeGroupTaint"
    • 🟡 properties: "nodeGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:eks%2FnodeGroup:NodeGroup" to "/aws/v6.65.0/schema.json#/resources/aws:eks%2FnodeGroup:NodeGroup"
  • "eks:index:NodeGroup":
    • inputs:
      • 🟡 "clusterIngressRule" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule"
      • 🟡 "extraNodeSecurityGroups": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
      • 🟡 "instanceProfile" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile"
      • 🟡 "nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
    • properties:
      • 🟡 "cfnStack" type changed from "/aws/v6.18.2/schema.json#/resources/aws:cloudformation%2Fstack:Stack" to "/aws/v6.65.0/schema.json#/resources/aws:cloudformation%2Fstack:Stack"
      • 🟡 "extraNodeSecurityGroups": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
      • 🟡 "nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
  • "eks:index:NodeGroupSecurityGroup":
    • inputs:
      • 🟡 "clusterSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
      • 🟡 "eksCluster" type changed from "/aws/v6.18.2/schema.json#/resources/aws:eks%2Fcluster:Cluster" to "/aws/v6.65.0/schema.json#/resources/aws:eks%2Fcluster:Cluster"
    • properties:
      • 🟡 "securityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
      • 🟡 "securityGroupRule" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule"
  • "eks:index:NodeGroupV2":
    • inputs:
      • 🟡 "clusterIngressRule" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule"
      • 🟡 "extraNodeSecurityGroups": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
      • 🟡 "instanceProfile" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile"
      • 🟡 "launchTemplateTagSpecifications": items type changed from "/aws/v6.18.2/schema.json#/types/aws:ec2%2FLaunchTemplateTagSpecification:LaunchTemplateTagSpecification" to "/aws/v6.65.0/schema.json#/types/aws:ec2%2FLaunchTemplateTagSpecification:LaunchTemplateTagSpecification"
      • 🟡 "nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
    • properties:
      • 🟡 "autoScalingGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:autoscaling%2Fgroup:Group" to "/aws/v6.65.0/schema.json#/resources/aws:autoscaling%2Fgroup:Group"
      • 🟡 "extraNodeSecurityGroups": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
      • 🟡 "nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"

Types

  • 🟡 "eks:index:AccessPolicyAssociation": properties: "accessScope" type changed from "/aws/v6.18.2/schema.json#/types/aws:eks%2FAccessPolicyAssociationAccessScope:AccessPolicyAssociationAccessScope" to "/aws/v6.65.0/schema.json#/types/aws:eks%2FAccessPolicyAssociationAccessScope:AccessPolicyAssociationAccessScope"
  • "eks:index:ClusterNodeGroupOptions": properties:
    • 🟡 "clusterIngressRule" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule"
    • 🟡 "extraNodeSecurityGroups": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
    • 🟡 "instanceProfile" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile"
    • 🟡 "launchTemplateTagSpecifications": items type changed from "/aws/v6.18.2/schema.json#/types/aws:ec2%2FLaunchTemplateTagSpecification:LaunchTemplateTagSpecification" to "/aws/v6.65.0/schema.json#/types/aws:ec2%2FLaunchTemplateTagSpecification:LaunchTemplateTagSpecification"
    • 🟡 "nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
  • "eks:index:CoreData": properties:
    • 🟡 "awsProvider" type changed from "/aws/v6.18.2/schema.json#/provider" to "/aws/v6.65.0/schema.json#/provider"
    • 🟡 "cluster" type changed from "/aws/v6.18.2/schema.json#/resources/aws:eks%2Fcluster:Cluster" to "/aws/v6.65.0/schema.json#/resources/aws:eks%2Fcluster:Cluster"
    • 🟡 "clusterIamRole" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"
    • 🟡 "clusterSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
    • 🟡 "eksNodeAccess" type changed from "/kubernetes/v4.4.0/schema.json#/re...
Read more

v3.4.0

06 Dec 19:26
9c128c5
Compare
Choose a tag to compare

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

What's Changed

  • Allow creating default instance role even when no default node group is created by @flostadler in #1511
  • Document createInstanceRole cluster option by @flostadler in #1516

Full Changelog: v3.3.0...v3.4.0

v3.3.0

26 Nov 14:18
230eba5
Compare
Choose a tag to compare

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

What's Changed

New Contributors

Full Changelog: v3.2.0...v3.3.0

v3.2.0

19 Nov 20:52
a1061b6
Compare
Choose a tag to compare

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

What's Changed

Full Changelog: v3.1.0...v3.2.0

v3.1.0

15 Nov 10:41
b170816
Compare
Choose a tag to compare

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

What's Changed

Full Changelog: v3.0.2...v3.1.0

v3.0.2

12 Nov 19:10
507a914
Compare
Choose a tag to compare

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

What's Changed

Full Changelog: v3.0.1...v3.0.2

v3.0.1

29 Oct 14:29
00353a9
Compare
Choose a tag to compare

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

What's Changed

Full Changelog: v3.0.0...v3.0.1

v3.0.0

17 Oct 21:43
Compare
Choose a tag to compare

This is the 3.0.0 major release (see #1425).

This release delivers significant improvements in flexibility, security and introduces new features to enhance your Kubernetes experience on AWS.
AWS recently announced the deprecation of two features used by default in Pulumi EKS: the aws-auth ConfigMap and the AL2 operating system. Pulumi EKS v3 addresses these deprecations, enhances the maintainability of the provider, and aligns it with EKS best practices.

Key Highlights of EKS V3

  1. Support for Amazon Linux 2023 (AL2023) and Bottlerocket Operating Systems: Enhanced operating system options for node groups, allowing you to choose the OS that best fits your workloads and compliance needs. This addresses the upcoming deprecation of Amazon Linux 2 (AL2).

  2. Access Entries for IAM Integration: Enables replacement of the deprecated aws-auth ConfigMap with Access Entries for managing Kubernetes authentication.

  3. EKS Managed Addons: Simplified management of vpc-cni, coredns, and kube-proxy as EKS managed addons.

  4. EKS Security Groups for Pods and Network Policies: Enhanced network security and control within EKS clusters.

New Features and Improvements

Support for Amazon Linux 2023 and Bottlerocket

We have expanded the operating system options for node groups in EKS v3 to address the upcoming deprecation of Amazon Linux 2 (AL2). You can now choose between Amazon Linux 2 (deprecated), Amazon Linux 2023 and Bottlerocket for your EKS nodes. This flexibility allows you to select the OS that best fits your workloads, security requirements, and compliance needs, while ensuring you are using a supported and actively maintained operating system. We've introduced a new operatingSystem property for node groups to facilitate this choice.

Access Entries for IAM Integration

AWS has introduced Access Entries as a new method for granting IAM principals access to Kubernetes resources. This approach relies solely on AWS resources for managing Kubernetes auth, replacing the deprecated aws-auth ConfigMap. You can now leverage Access Entries by setting the authenticationMode to API in your cluster configuration.

EKS Managed Addons

The EKS cluster components vpc-cni, coredns, and kube-proxy are now configured as EKS managed addons. This change simplifies management, especially for clusters with private API endpoints, and ensures that these critical components stay up to date automatically. Additionally it removes the dependency on kubectl, allowing pulumi-native management of clusters.

Cluster Autoscaler Integration

Pulumi EKS v3 introduces better support for the Kubernetes Cluster Autoscaler. A new ignoreScalingChanges parameter for node groups allows Pulumi to ignore external scaling changes, facilitating seamless integration with dynamic scaling solutions.

EKS Security Groups for Pods and Network Policies

We've added support for EKS security groups for pods (example) and EKS Network Policies (example), providing more granular control over pod-to-pod and pod-to-external network communication within your EKS clusters.

Migration Guide

To help you transition smoothly, we've prepared a migration guide with these key steps:

  1. Update node groups to use AL2023 or explicitly configure AL2 if needed.
  2. Replace the deprecated NodeGroup component with NodeGroupV2.
  3. Update your code to handle new output types for certain properties.
  4. Review and update your use of default security groups, which can now be disabled.

Please refer to our EKS v3 Migration Documentation for a detailed guide.

Full Changelog: v2.8.1...v3.0.0

v3.0.0-beta.2

17 Oct 16:15
d40deeb
Compare
Choose a tag to compare

What's Changed

Full Changelog: v3.0.0-beta.1...v3.0.0-beta.2