v3.0.1

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

What's Changed

• Upgrade golangci-lint to v1.61.0 by @flostadler in #1459
• Fix ManagedNodeGroup with custom launch template and AMI type by @flostadler in #1464
• Enable upgrade tests by @flostadler in #1467

Full Changelog: v3.0.0...v3.0.1

v3.0.0

This is the 3.0.0 major release (see #1425).

This release delivers significant improvements in flexibility, security and introduces new features to enhance your Kubernetes experience on AWS.
AWS recently announced the deprecation of two features used by default in Pulumi EKS: the aws-auth ConfigMap and the AL2 operating system. Pulumi EKS v3 addresses these deprecations, enhances the maintainability of the provider, and aligns it with EKS best practices.

Key Highlights of EKS V3

1. Support for Amazon Linux 2023 (AL2023) and Bottlerocket Operating Systems: Enhanced operating system options for node groups, allowing you to choose the OS that best fits your workloads and compliance needs. This addresses the upcoming deprecation of Amazon Linux 2 (AL2).

2. Access Entries for IAM Integration: Enables replacement of the deprecated aws-auth ConfigMap with Access Entries for managing Kubernetes authentication.

3. EKS Managed Addons: Simplified management of vpc-cni, coredns, and kube-proxy as EKS managed addons.

4. EKS Security Groups for Pods and Network Policies: Enhanced network security and control within EKS clusters.

New Features and Improvements

Support for Amazon Linux 2023 and Bottlerocket

We have expanded the operating system options for node groups in EKS v3 to address the upcoming deprecation of Amazon Linux 2 (AL2). You can now choose between Amazon Linux 2 (deprecated), Amazon Linux 2023 and Bottlerocket for your EKS nodes. This flexibility allows you to select the OS that best fits your workloads, security requirements, and compliance needs, while ensuring you are using a supported and actively maintained operating system. We've introduced a new operatingSystem property for node groups to facilitate this choice.

Access Entries for IAM Integration

AWS has introduced Access Entries as a new method for granting IAM principals access to Kubernetes resources. This approach relies solely on AWS resources for managing Kubernetes auth, replacing the deprecated aws-auth ConfigMap. You can now leverage Access Entries by setting the authenticationMode to API in your cluster configuration.

EKS Managed Addons

The EKS cluster components vpc-cni, coredns, and kube-proxy are now configured as EKS managed addons. This change simplifies management, especially for clusters with private API endpoints, and ensures that these critical components stay up to date automatically. Additionally it removes the dependency on kubectl, allowing pulumi-native management of clusters.

Cluster Autoscaler Integration

Pulumi EKS v3 introduces better support for the Kubernetes Cluster Autoscaler. A new ignoreScalingChanges parameter for node groups allows Pulumi to ignore external scaling changes, facilitating seamless integration with dynamic scaling solutions.

EKS Security Groups for Pods and Network Policies

We've added support for EKS security groups for pods (example) and EKS Network Policies (example), providing more granular control over pod-to-pod and pod-to-external network communication within your EKS clusters.

Migration Guide

To help you transition smoothly, we've prepared a migration guide with these key steps:

1. Update node groups to use AL2023 or explicitly configure AL2 if needed.
2. Replace the deprecated NodeGroup component with NodeGroupV2.
3. Update your code to handle new output types for certain properties.
4. Review and update your use of default security groups, which can now be disabled.

Please refer to our EKS v3 Migration Documentation for a detailed guide.

Full Changelog: v2.8.1...v3.0.0

v3.0.0-beta.2

What's Changed

• Add enum changes to migration guide by @flostadler in #1427
• Add more information about VPC CNI Addon to migration guide by @flostadler in #1428
• Add example for EKS feature: Network Policies by @flostadler in #1432
• Add example for AWS feature: Security Groups for Pods by @flostadler in #1429
• Fix ManagedNodeGroup taints being wrongly set in userdata by @flostadler in #1441
• Add scalar types for most commonly used resource outputs by @flostadler in #1445
• Allow passing scalar security group properties to node groups by @flostadler in #1446

Full Changelog: v3.0.0-beta.1...v3.0.0-beta.2

v3.0.0-beta.1

What's Changed

• Change arguments of NodeGroup & NodeGroupV2 to accept inputs by @flostadler in #1415
• Fix: Do not over-specify SDK versions by @flostadler in #1414
• Add parameter for skipping default security groups by @flostadler in #1416
• Do not create instance role when skipDefaultNodeGroup is enabled by @flostadler in #1411

Full Changelog: v3.0.0-alpha.8...v3.0.0-beta.1

v3.0.0-alpha.8

What's Changed

• Add migration guide for EKS v3 by @flostadler in #1400
• Upgrade javagen to v0.16.1 by @flostadler in #1408
• Fix output of default node group referring to autoscalingGroupName by @flostadler in #1410

Full Changelog: v3.0.0-alpha.7...v3.0.0-alpha.8

v3.0.0-alpha.3

What's Changed

• Update default operating system to AL2023 by @flostadler in #1382
• Add pre-release workflow by @flostadler in #1389
• Skip upgrade tests until the first v3 alpha is released by @flostadler in #1388
• Update default instance type to t3.medium by @flostadler in #1386

Full Changelog: v3.0.0-alpha.1...v3.0.0-alpha.3

v3.0.0-alpha.1

What's Changed

• Update acceptance test CI workflows by @flostadler in #1312
• Udate cron and master github workflows by @flostadler in #1321
• Correct parameters for go-test-split-action by @flostadler in #1322
• Fix ManagedNodeGroups with custom launch templates always using x86_64 AMI by @flostadler in #1324
• Add formatting check to CI by @flostadler in #1327
• eks.NodeGroupV2 will now autoname the autoscaling group by @t0yv0 in #1338
• Ignore .envrc by @t0yv0 in #1343
• Deprecate aws-auth ConfigMap by @flostadler in #1342
• Use EKS Addon to manage kube-proxy and coredns by @corymhall in #1357
• Move VPC CNI to EKS addon by @flostadler in #1358
• Only create coredns addon in clusters with default node groups by @corymhall in #1371
• Align addon configuration by @flostadler in #1370
• Mark AL2 ami types deprecated by @flostadler in #1374
• Deprecate NodeGroup component by @flostadler in #1373
• Add the ability to ignore changes to desired size of node groups by @flostadler in #1380
• Ship generated node sdk by @corymhall in #1326
• Make ManagedNodeGroups track the cluster version by @flostadler in #1379

New Contributors

• @corymhall made their first contribution in #1357

Full Changelog: v2.7.9...v3.0.0-alpha.1

v2.8.1

What's Changed

• Fix go tests only being executed for PRs by @flostadler in #1364
• Add missing PULUMI_GO_DEP_ROOT env variable to GitHub workflows by @flostadler in #1368

Full Changelog: v2.8.0...v2.8.1

v2.7.9

What's Changed

• chore: IgnoreDestroyErrors is set for all tests in CI by @t0yv0 in #1296
• Combined GitHub Action dependency upgrades by @flostadler in #1308
• Managed Node Group launch template disk size fix by @JustASquid in #1305
• Combined dependency upgrades by @flostadler in #1307

Full Changelog: v2.7.8...v2.7.9

v2.7.8

What's Changed

• Add ignore changes for bootstrapClusterCreatorAdminPermissions of EKS clusters by @flostadler in #1292

Full Changelog: v2.7.7...v2.7.8