Releases: pulumi/pulumi-eks
v3.6.0
Does the PR have any schema changes?
Looking good! No breaking changes found.
No new resources/functions.
What's Changed
- chore: Remove gotestfmt from CI by @t0yv0 in #1529
- Removes gotestfmt from Makefile by @t0yv0 in #1535
- chore: configure Renovate by @t0yv0 in #1539
- Refactor e2e tests and make them more reliable by @flostadler in #1543
- chore: fix renovate config by @t0yv0 in #1542
- Correct description of NodeadmOptions.content by @flostadler in #1544
- chore: make renovate to generate but not build by @t0yv0 in #1545
- Add Nvidia GPU optimized AL2023 AMI by @flostadler in #1534
- chore: fix renovate config by @t0yv0 in #1551
Full Changelog: v3.5.0...v3.6.0
v3.5.0
Does the PR have any schema changes?
Found 60 breaking changes:
Resources
- "eks:index:Cluster":
- inputs:
🟡
"clusterSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"🟡
"instanceRole" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"🟡
"instanceRoles": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"🟡
"serviceRole" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"
- properties:
🟡
"awsProvider" type changed from "/aws/v6.18.2/schema.json#/provider" to "/aws/v6.65.0/schema.json#/provider"🟡
"clusterSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"🟡
"eksCluster" type changed from "/aws/v6.18.2/schema.json#/resources/aws:eks%2Fcluster:Cluster" to "/aws/v6.65.0/schema.json#/resources/aws:eks%2Fcluster:Cluster"🟡
"eksClusterIngressRule" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule"🟡
"instanceRoles": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"🟡
"nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
- inputs:
🟡
"eks:index:ClusterCreationRoleProvider": properties: "role" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"- "eks:index:ManagedNodeGroup":
- inputs:
🟡
"launchTemplate" type changed from "/aws/v6.18.2/schema.json#/types/aws:eks%2FNodeGroupLaunchTemplate:NodeGroupLaunchTemplate" to "/aws/v6.65.0/schema.json#/types/aws:eks%2FNodeGroupLaunchTemplate:NodeGroupLaunchTemplate"🟡
"nodeRole" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"🟡
"remoteAccess" type changed from "/aws/v6.18.2/schema.json#/types/aws:eks%2FNodeGroupRemoteAccess:NodeGroupRemoteAccess" to "/aws/v6.65.0/schema.json#/types/aws:eks%2FNodeGroupRemoteAccess:NodeGroupRemoteAccess"🟡
"scalingConfig" type changed from "/aws/v6.18.2/schema.json#/types/aws:eks%2FNodeGroupScalingConfig:NodeGroupScalingConfig" to "/aws/v6.65.0/schema.json#/types/aws:eks%2FNodeGroupScalingConfig:NodeGroupScalingConfig"🟡
"taints": items type changed from "/aws/v6.18.2/schema.json#/types/aws:eks%2FNodeGroupTaint:NodeGroupTaint" to "/aws/v6.65.0/schema.json#/types/aws:eks%2FNodeGroupTaint:NodeGroupTaint"
🟡
properties: "nodeGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:eks%2FnodeGroup:NodeGroup" to "/aws/v6.65.0/schema.json#/resources/aws:eks%2FnodeGroup:NodeGroup"
- inputs:
- "eks:index:NodeGroup":
- inputs:
🟡
"clusterIngressRule" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule"🟡
"extraNodeSecurityGroups": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"🟡
"instanceProfile" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile"🟡
"nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
- properties:
🟡
"cfnStack" type changed from "/aws/v6.18.2/schema.json#/resources/aws:cloudformation%2Fstack:Stack" to "/aws/v6.65.0/schema.json#/resources/aws:cloudformation%2Fstack:Stack"🟡
"extraNodeSecurityGroups": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"🟡
"nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
- inputs:
- "eks:index:NodeGroupSecurityGroup":
- inputs:
🟡
"clusterSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"🟡
"eksCluster" type changed from "/aws/v6.18.2/schema.json#/resources/aws:eks%2Fcluster:Cluster" to "/aws/v6.65.0/schema.json#/resources/aws:eks%2Fcluster:Cluster"
- properties:
🟡
"securityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"🟡
"securityGroupRule" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule"
- inputs:
- "eks:index:NodeGroupV2":
- inputs:
🟡
"clusterIngressRule" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule"🟡
"extraNodeSecurityGroups": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"🟡
"instanceProfile" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile"🟡
"launchTemplateTagSpecifications": items type changed from "/aws/v6.18.2/schema.json#/types/aws:ec2%2FLaunchTemplateTagSpecification:LaunchTemplateTagSpecification" to "/aws/v6.65.0/schema.json#/types/aws:ec2%2FLaunchTemplateTagSpecification:LaunchTemplateTagSpecification"🟡
"nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
- properties:
🟡
"autoScalingGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:autoscaling%2Fgroup:Group" to "/aws/v6.65.0/schema.json#/resources/aws:autoscaling%2Fgroup:Group"🟡
"extraNodeSecurityGroups": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"🟡
"nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
- inputs:
Types
🟡
"eks:index:AccessPolicyAssociation": properties: "accessScope" type changed from "/aws/v6.18.2/schema.json#/types/aws:eks%2FAccessPolicyAssociationAccessScope:AccessPolicyAssociationAccessScope" to "/aws/v6.65.0/schema.json#/types/aws:eks%2FAccessPolicyAssociationAccessScope:AccessPolicyAssociationAccessScope"- "eks:index:ClusterNodeGroupOptions": properties:
🟡
"clusterIngressRule" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroupRule:SecurityGroupRule"🟡
"extraNodeSecurityGroups": items type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"🟡
"instanceProfile" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2FinstanceProfile:InstanceProfile"🟡
"launchTemplateTagSpecifications": items type changed from "/aws/v6.18.2/schema.json#/types/aws:ec2%2FLaunchTemplateTagSpecification:LaunchTemplateTagSpecification" to "/aws/v6.65.0/schema.json#/types/aws:ec2%2FLaunchTemplateTagSpecification:LaunchTemplateTagSpecification"🟡
"nodeSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"
- "eks:index:CoreData": properties:
🟡
"awsProvider" type changed from "/aws/v6.18.2/schema.json#/provider" to "/aws/v6.65.0/schema.json#/provider"🟡
"cluster" type changed from "/aws/v6.18.2/schema.json#/resources/aws:eks%2Fcluster:Cluster" to "/aws/v6.65.0/schema.json#/resources/aws:eks%2Fcluster:Cluster"🟡
"clusterIamRole" type changed from "/aws/v6.18.2/schema.json#/resources/aws:iam%2Frole:Role" to "/aws/v6.65.0/schema.json#/resources/aws:iam%2Frole:Role"🟡
"clusterSecurityGroup" type changed from "/aws/v6.18.2/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup" to "/aws/v6.65.0/schema.json#/resources/aws:ec2%2FsecurityGroup:SecurityGroup"🟡
"eksNodeAccess" type changed from "/kubernetes/v4.4.0/schema.json#/re...
v3.4.0
Does the PR have any schema changes?
Looking good! No breaking changes found.
No new resources/functions.
What's Changed
- Allow creating default instance role even when no default node group is created by @flostadler in #1511
- Document createInstanceRole cluster option by @flostadler in #1516
Full Changelog: v3.3.0...v3.4.0
v3.3.0
Does the PR have any schema changes?
Looking good! No breaking changes found.
No new resources/functions.
What's Changed
- adds instanceProfileName field to nodegroups by @jdavredbeard in #1496
New Contributors
- @jdavredbeard made their first contribution in #1496
Full Changelog: v3.2.0...v3.3.0
v3.2.0
Does the PR have any schema changes?
Looking good! No breaking changes found.
No new resources/functions.
What's Changed
- Add region to kubeconfig by @flostadler in #1498
Full Changelog: v3.1.0...v3.2.0
v3.1.0
Does the PR have any schema changes?
Looking good! No breaking changes found.
No new resources/functions.
What's Changed
- Rename custom workflows to prevent conflicts with ci-mgmt by @blampe in #1483
- Upgrade pulumi/pulumi to 3.138.0 by @flostadler in #1486
- Use --profile instead of AWS_PROFILE for kubeconfig by @blampe in #1484
- Use provider dependencies in schema by @flostadler in #1487
- Move integration tests to
./tests
by @blampe in #1490 - Upgrade @pulumi/kubernetes to 4.18.3 by @flostadler in #1491
Full Changelog: v3.0.2...v3.1.0
v3.0.2
Does the PR have any schema changes?
Looking good! No breaking changes found.
No new resources/functions.
What's Changed
- Expose Cluster Access Entries with the correct type by @flostadler in #1481
Full Changelog: v3.0.1...v3.0.2
v3.0.1
Does the PR have any schema changes?
Looking good! No breaking changes found.
No new resources/functions.
What's Changed
- Upgrade golangci-lint to v1.61.0 by @flostadler in #1459
- Fix ManagedNodeGroup with custom launch template and AMI type by @flostadler in #1464
- Enable upgrade tests by @flostadler in #1467
Full Changelog: v3.0.0...v3.0.1
v3.0.0
This is the 3.0.0 major release (see #1425).
This release delivers significant improvements in flexibility, security and introduces new features to enhance your Kubernetes experience on AWS.
AWS recently announced the deprecation of two features used by default in Pulumi EKS: the aws-auth ConfigMap and the AL2 operating system. Pulumi EKS v3 addresses these deprecations, enhances the maintainability of the provider, and aligns it with EKS best practices.
Key Highlights of EKS V3
-
Support for Amazon Linux 2023 (AL2023) and Bottlerocket Operating Systems: Enhanced operating system options for node groups, allowing you to choose the OS that best fits your workloads and compliance needs. This addresses the upcoming deprecation of Amazon Linux 2 (AL2).
-
Access Entries for IAM Integration: Enables replacement of the deprecated aws-auth ConfigMap with Access Entries for managing Kubernetes authentication.
-
EKS Managed Addons: Simplified management of
vpc-cni
,coredns
, andkube-proxy
as EKS managed addons. -
EKS Security Groups for Pods and Network Policies: Enhanced network security and control within EKS clusters.
New Features and Improvements
Support for Amazon Linux 2023 and Bottlerocket
We have expanded the operating system options for node groups in EKS v3 to address the upcoming deprecation of Amazon Linux 2 (AL2). You can now choose between Amazon Linux 2 (deprecated), Amazon Linux 2023 and Bottlerocket for your EKS nodes. This flexibility allows you to select the OS that best fits your workloads, security requirements, and compliance needs, while ensuring you are using a supported and actively maintained operating system. We've introduced a new operatingSystem
property for node groups to facilitate this choice.
Access Entries for IAM Integration
AWS has introduced Access Entries as a new method for granting IAM principals access to Kubernetes resources. This approach relies solely on AWS resources for managing Kubernetes auth, replacing the deprecated aws-auth
ConfigMap. You can now leverage Access Entries by setting the authenticationMode
to API
in your cluster configuration.
EKS Managed Addons
The EKS cluster components vpc-cni
, coredns
, and kube-proxy
are now configured as EKS managed addons. This change simplifies management, especially for clusters with private API endpoints, and ensures that these critical components stay up to date automatically. Additionally it removes the dependency on kubectl
, allowing pulumi-native management of clusters.
Cluster Autoscaler Integration
Pulumi EKS v3 introduces better support for the Kubernetes Cluster Autoscaler. A new ignoreScalingChanges
parameter for node groups allows Pulumi to ignore external scaling changes, facilitating seamless integration with dynamic scaling solutions.
EKS Security Groups for Pods and Network Policies
We've added support for EKS security groups for pods (example) and EKS Network Policies (example), providing more granular control over pod-to-pod and pod-to-external network communication within your EKS clusters.
Migration Guide
To help you transition smoothly, we've prepared a migration guide with these key steps:
- Update node groups to use AL2023 or explicitly configure AL2 if needed.
- Replace the deprecated
NodeGroup
component withNodeGroupV2
. - Update your code to handle new output types for certain properties.
- Review and update your use of default security groups, which can now be disabled.
Please refer to our EKS v3 Migration Documentation for a detailed guide.
Full Changelog: v2.8.1...v3.0.0
v3.0.0-beta.2
What's Changed
- Add enum changes to migration guide by @flostadler in #1427
- Add more information about VPC CNI Addon to migration guide by @flostadler in #1428
- Add example for EKS feature: Network Policies by @flostadler in #1432
- Add example for AWS feature: Security Groups for Pods by @flostadler in #1429
- Fix ManagedNodeGroup taints being wrongly set in userdata by @flostadler in #1441
- Add scalar types for most commonly used resource outputs by @flostadler in #1445
- Allow passing scalar security group properties to node groups by @flostadler in #1446
Full Changelog: v3.0.0-beta.1...v3.0.0-beta.2