Releases: GSA-TTS/datagov-brokerpak-eks
Releases · GSA-TTS/datagov-brokerpak-eks
v2.3.5
Restrict Ingress to Cloud.gov by default (#100) * new: restrict ingress to cloud.gov by default Reference: https://cloud.gov/docs/management/static-egress/#cloudgov-egress-ranges * new: all ingress from itself In order for ingress to apply properly, sometimes source address translation happens before the network policy takes effect, so all internal ingress traffic as well, Reference: https://kubernetes.io/docs/concepts/services-networking/network-policies/#behavior-of-to-and-from-selectors * new: allow tester to interact with cluster This does not explicitly test that traffic is restricted without this configuration, but the configuration would not allow github or anyone's individual IP to connect to the cluster by default * lint: terraform fmt * fix: bug in awscli.. https://github.com/aws/aws-cli/issues/6920 * refactor: use vpc module output to get vpc cidr Better than hardcoding the internal cidr range * lint: remove whitespace :) This was bothering me for a long time haha.. * fix: bad rename module.vpc.vpc_cidr_block --> local.vpc_cidr_range
v2.3.4
Changes: - Tighten terraform dependencies around cluster-functional - Don't create Ingress Controller atomically with helm - Increase ALB Controller Destroy Delay (30s -> 60s) - Update managed node group parameters for changes in eks module ('desired_capacity' changed to 'desired_size')
v2.3.3
Wait to create k8s storage class for PVs until the cluster is functional
v2.3.2
Fix issues with domain/subdomain/lb_name format ACM Certificate HostedZoneDomainName LB Name
v2.3.1
v2.3.0
Upgrade Versions Upgrades: - Upgrade Terraform from 0.13 to 1.1.5 - Upgrade EKS module from 14.0 to 18.6 Updates: - Update AWS LB Controller IAM Policy to 2.3.1 Resulting Changes: - Process EKS addons through the EKS module as opposed to as standalone resources - Manually manage Kubeconfig file since module no longer handles it - No need to manually manage tls_certificate - Add security group rules to manage EKS cluster communication
v2.2.1
FIX: Restore dependency on eks cluster ready; Enable EBS encryption
v2.2.0
Update ALB Controller to provision NLBs (#69) * new: update ALB Controller to provision NLBs reconfigure Ingress to give the ALB 'LoadBalancer' servive type for NLB configuration * Trigger the creation of an NLB through annotations on the ingress-nginx service * NLB is provisioned * Target groups appear healthy * DNS entry is created * Traffic is getting all the way through to the ingress-nginx controller ("400 bad request" from nginx) * fix: attempt to use the subdomain name directly Parsing the LB name out of 'data.kubernetes_service.ingress_service' is hard, so let's see if this passes * fix: try to wait until ingress_service is created * Install the VPC CNI so NLBs work correctly Also removes some extraneous parameters (the defaults are fine), and configures the controller to pass through the real client IP. * fix: ebs addon takes a while sometimes to become ready It's 'degraded' until it has enough replicas in EKS which varies on the number of nodes in the EKS cluster, it then becomes 'active' * cleanup: addd docs for EBS cleanup; fix terraform error * update: aws lb controller from branch to tag * docs: update readme with new features * new: add variable input to install vpc cni * lint: terraform fmt * fix: change install_vpc_cni var from number to bool * fix: terraform bool, brokerpak boolean :/ Co-authored-by: Bret Mogilefsky <bret.mogilefsky@gsa.gov>
v2.1.0
Skip installing the EFS CSI driver; it's already installed
v2.0.0
Upgrade the deployed solr-operator and CRDs to version 0.5.0