v2.3.1

Bump sigs.k8s.io/aws-iam-authenticator from 0.5.3 to 0.5.9 in /test/src @dependabot (#156)

Bumps sigs.k8s.io/aws-iam-authenticator from 0.5.3 to 0.5.9.

Release notes

Sourced from sigs.k8s.io/aws-iam-authenticator's releases.

v0.5.9

Changelog

• 1209cfe2 Bump version in Makefile
• 029d1dcf Add query parameter validation for multiple parameters

v0.5.7

What's Changed

• Remove duplicate InitMetrics by @​jngo2 in kubernetes-sigs/aws-iam-authenticator#448
  • fixes a crash when executing authenticator in server mode

New Contributors

• @​jngo2 made their first contribution in kubernetes-sigs/aws-iam-authenticator#448

Full Changelog: kubernetes-sigs/aws-iam-authenticator@v0.5.6...v0.5.7

v0.5.6

Changelog

• Bump AWS SDK to v1.43.28 (#445, @​nckturner)
• Use the apiversion from KUBERNETES_EXEC_INFO (#439, @​jyotimahapatra)
• Bump promptui module to v0.9.0 (#437, @​abhay-krishna)

Docker Images

Note: You must log in with the registry ID and your role must have the necessary ECR privileges:

$(aws ecr get-login --no-include-email --region us-west-2 --registry-ids 602401143452)

• docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.6
• docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.6-arm64
• docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.5.6-amd64

v0.5.5

Changelog

• Use full package name for goreleaser version (#433, @​nckturner)
• add sts error metric (#430, @​jyotimahapatra)
• emit metric for EC2 describeInstance calls (#428, @​jyotimahapatra)
• Rename configmap_watch_failures to configmap_watch_failures_total (#432, @​nckturner)
• Simplify goreleaser Dockerfiles (#431, @​jyotimahapatra)
• Don't pass metrics around (#423, @​nckturner)

Docker Images

Note: You must log in with the registry ID and your role must have the necessary ECR privileges:

$(aws ecr get-login --no-include-email --region us-west-2 --registry-ids 602401143452)

... (truncated)

Commits

• 1209cfe Bump version in Makefile
• 029d1dc Add query parameter validation for multiple parameters
• 0a72c12 Merge pull request #455 from jyotimahapatra/rev2
• 596a043 revert use of upstream yaml parsing
• 2a9ee95 Merge pull request #448 from jngo2/master
• fc4e6cb Remove unused imports
• f0fe605 Remove duplicate InitMetrics
• 99f04d6 Merge pull request #447 from nckturner/release-0.5.6
• 9dcb6d1 Faster multiarch docker builds
• a9cc81b Bump timeout for image build job
• Additional commits viewable in compare view

🐛 Bug Fixes

Disallow TLS provider v4 due to provider issue 244 @Nuru (#158)

what

• Disallow hashicorp/tls provider version >= 4.0.0

why

When using hashicorp/tls provider v4.0.0 and setting oidc_provider_enabled = true on a new EKS cluster deployment, terraform plan will fail with thumbprint_list = [join("", data.tls_certificate.cluster.*.certficates.0.sha1_fingerprint)] and The given key does not identify an element in this collection value: the collection has no elements.

references

• hashicorp/terraform-provider-tls#244

v2.3.0

Add IPv6 support @Nuru (#154)

what && why

• Add IPv6 support. Closes #142
• Update Kubernetes exec auth API to client.authentication.k8s.io/v1beta1. Resolves #131
• [framework] Update renovate.json to auto-close #129

Clarify cluster authentication options @Nuru (#153)

what

• Clarify cluster authentication options

why

• Better explanation of confusing issue

v2.2.0 KMS key for logs, timeout on wait for cluster

PR #150

• Allow user to specify KMS Key to use to encrypt Cloudwatch logs, closes #152
• Add timeout to default wait_for_cluster_command, supersedes #145, closes #146
• Additional checks for valid EKS endpoint, fixes #143, fixes #144
• Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.
• Update migration docs to refer to v1 and v2 as we switch to production SemVer

v2.1.0 Output cloudwatch log group name

This release is identical to v0.46.0 and is just a renumbering using production semantic version rules.

Output cloudwatch log group name @woz5999 (#149)

what

• Output cloudwatch log group name

why

• This is helpful for passing in the log group name to other resources, e.g. datadog log forwarder

v0.46.0 Output cloudwatch log group name

This release has been renumbered as version 2.1.0

Output cloudwatch log group name @woz5999 (#149)

what

• Output cloudwatch log group name

why

• This is helpful for passing in the log group name to other resources, e.g. datadog log forwarder

v2.0.0 use new security-group module

This release is identical to version 0.45.0 and is just a renumbering to provide production-level semantic versioning. No migration is needed from v0.45.0 or later.

Version 2.0 includes updates to use our new security group module, which is a breaking change. See the V1 to V2 migration documentation for details on how to safely migrate.

v0.45.0

Update Security Group @aknysh (#141)

what

• Update Security Group

why

• This module creates an EKS cluster, which automatically creates an EKS-managed Security Group in which all managed nodes are placed automatically by EKS, and unmanaged nodes could be placed
  by the user, to ensure the nodes and control plane can communicate.

• Before version 0.45.0, this module, by default, created an additional Security Group. Prior to version 0.19.0 of this module, that additional Security Group was the only one exposed by
  this module (because EKS at the time did not create the managed Security Group for the cluster), and it was intended that all worker nodes (managed and unmanaged) be placed in this
  additional Security Group. With version 0.19.0, this module exposed the managed Security Group created by the EKS cluster, in which all managed node groups are placed by default. We now
  recommend placing non-managed node groups in the EKS-created Security Group as well by using the allowed_security_group_ids variable, and not create an additional Security Group.

references

• https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

related

• Closes #140
• Closes #139
• Closes #80

v0.44.1

🚀 Enhancements

Update to use the Security Group module @aknysh (#138)

what

• Update to use the Security Group module
• Add migration doc
• Update README and GitHub workflows

why

• Standardize on using https://github.com/cloudposse/terraform-aws-security-group in all modules
• Keep up to date
• Cleanup

v1.0.0 Initial release with production Semantic Versioning

This 1.0.0 release is identical to v0.44.0 and is simply a conversion to production Semantic Versioning. If you are already using a later pre-1.0 version, do not migrate to this version, migrate directly to v2.0.0 or later/

This is the first (oldest code) release with production Semantic Versioning, part of Cloud Posse's general policy to convert to production versioning as we make updates to relatively mature modules, especially those where we see breaking changes coming in the near future. This module already has a Version 2.0 with breaking changes.

v0.44.0

🚀 Enhancements

Add `service_ipv4_cidr` option (#137)

what

• Hide KUBECONFIG when not in use
• Combine service role IAM policies into single managed policy
• Add service_ipv4_cidr option

why

• When not intending to use KUBECONFIG, values from it were being used anyway, causing problems, particularly for "exec auth".
• Fixes #135 (introduced in #132). Supersedes and closes #136.
• Closes #130

🐛 Bug Fixes

Fix bug introduced in 0.43.3. Hide KUBECONFIG when not in use @Nuru (#137)

what

• Hide KUBECONFIG when not in use
• Combine service role IAM policies into single managed policy
• Add service_ipv4_cidr option

why

• When not intending to use KUBECONFIG, values from it were being used anyway, causing problems, particularly for "exec auth".
• Fixes #135 (introduced in #132). Supersedes and closes #136.
• Closes #130