` version to use for the EKS cluster (i.e.: `1.27`) | `string` | `null` | no |
| [control\_plane\_subnet\_ids](#input\_control\_plane\_subnet\_ids) | A list of subnet IDs where the EKS cluster control plane (ENIs) will be provisioned. Used for expanding the pool of subnets used by nodes/node groups without replacing the EKS control plane | `list(string)` | `[]` | no |
| [create](#input\_create) | Controls if EKS resources should be created (affects nearly all resources) | `bool` | `true` | no |
| [create\_aws\_auth\_configmap](#input\_create\_aws\_auth\_configmap) | Determines whether to create the aws-auth configmap. NOTE - this is only intended for scenarios where the configmap does not exist (i.e. - when using only self-managed node groups). Most users should use `manage_aws_auth_configmap` | `bool` | `false` | no |
diff --git a/docs/compute_resources.md b/docs/compute_resources.md
index 5e1d59f03c..29fa2efb0f 100644
--- a/docs/compute_resources.md
+++ b/docs/compute_resources.md
@@ -115,9 +115,9 @@ Refer to the [Self Managed Node Group documentation](https://docs.aws.amazon.com
1. The `self-managed-node-group` uses the latest AWS EKS Optimized AMI (Linux) for the given Kubernetes version by default:
```hcl
- cluster_version = "1.24"
+ cluster_version = "1.27"
- # This self managed node group will use the latest AWS EKS Optimized AMI for Kubernetes 1.24
+ # This self managed node group will use the latest AWS EKS Optimized AMI for Kubernetes 1.27
self_managed_node_groups = {
default = {}
}
@@ -126,7 +126,7 @@ Refer to the [Self Managed Node Group documentation](https://docs.aws.amazon.com
2. To use Bottlerocket, specify the `platform` as `bottlerocket` and supply a Bottlerocket OS AMI:
```hcl
- cluster_version = "1.24"
+ cluster_version = "1.27"
self_managed_node_groups = {
bottlerocket = {
diff --git a/docs/irsa_integration.md b/docs/irsa_integration.md
index cde709fd2c..cc6a549500 100644
--- a/docs/irsa_integration.md
+++ b/docs/irsa_integration.md
@@ -8,7 +8,7 @@ module "eks" {
source = "terraform-aws-modules/eks/aws"
cluster_name = "example"
- cluster_version = "1.24"
+ cluster_version = "1.27"
cluster_addons = {
vpc-cni = {
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 39b0eb3272..c03547b5e2 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -54,9 +54,9 @@ Note that this example may create resources which cost money. Run `terraform des
| [eks](#module\_eks) | ../.. | n/a |
| [eks\_managed\_node\_group](#module\_eks\_managed\_node\_group) | ../../modules/eks-managed-node-group | n/a |
| [fargate\_profile](#module\_fargate\_profile) | ../../modules/fargate-profile | n/a |
-| [kms](#module\_kms) | terraform-aws-modules/kms/aws | 1.1.0 |
+| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.5 |
| [self\_managed\_node\_group](#module\_self\_managed\_node\_group) | ../../modules/self-managed-node-group | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |
## Resources
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 2917c5bc37..e946906821 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -397,7 +397,7 @@ module "disabled_self_managed_node_group" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 3.0"
+ version = "~> 4.0"
name = local.name
cidr = local.vpc_cidr
@@ -407,13 +407,8 @@ module "vpc" {
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]
- enable_nat_gateway = true
- single_nat_gateway = true
- enable_dns_hostnames = true
-
- enable_flow_log = true
- create_flow_log_cloudwatch_iam_role = true
- create_flow_log_cloudwatch_log_group = true
+ enable_nat_gateway = true
+ single_nat_gateway = true
public_subnet_tags = {
"kubernetes.io/role/elb" = 1
@@ -463,7 +458,7 @@ resource "aws_iam_policy" "additional" {
module "kms" {
source = "terraform-aws-modules/kms/aws"
- version = "1.1.0"
+ version = "~> 1.5"
aliases = ["eks/${local.name}"]
description = "${local.name} cluster encryption key"
diff --git a/examples/eks_managed_node_group/README.md b/examples/eks_managed_node_group/README.md
index ca0594b06e..090273396c 100644
--- a/examples/eks_managed_node_group/README.md
+++ b/examples/eks_managed_node_group/README.md
@@ -46,7 +46,7 @@ Note that this example may create resources which cost money. Run `terraform des
| [ebs\_kms\_key](#module\_ebs\_kms\_key) | terraform-aws-modules/kms/aws | ~> 1.5 |
| [eks](#module\_eks) | ../.. | n/a |
| [key\_pair](#module\_key\_pair) | terraform-aws-modules/key-pair/aws | ~> 2.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |
| [vpc\_cni\_irsa](#module\_vpc\_cni\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.0 |
## Resources
diff --git a/examples/eks_managed_node_group/main.tf b/examples/eks_managed_node_group/main.tf
index beaba19de2..1fb1b8b723 100644
--- a/examples/eks_managed_node_group/main.tf
+++ b/examples/eks_managed_node_group/main.tf
@@ -19,7 +19,7 @@ data "aws_availability_zones" "available" {}
locals {
name = "ex-${replace(basename(path.cwd), "_", "-")}"
- cluster_version = "1.24"
+ cluster_version = "1.27"
region = "eu-west-1"
vpc_cidr = "10.0.0.0/16"
@@ -300,7 +300,7 @@ module "eks" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 3.0"
+ version = "~> 4.0"
name = local.name
cidr = local.vpc_cidr
@@ -310,21 +310,17 @@ module "vpc" {
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]
- enable_ipv6 = true
- assign_ipv6_address_on_creation = true
- create_egress_only_igw = true
-
- public_subnet_ipv6_prefixes = [0, 1, 2]
- private_subnet_ipv6_prefixes = [3, 4, 5]
- intra_subnet_ipv6_prefixes = [6, 7, 8]
-
- enable_nat_gateway = true
- single_nat_gateway = true
- enable_dns_hostnames = true
-
- enable_flow_log = true
- create_flow_log_cloudwatch_iam_role = true
- create_flow_log_cloudwatch_log_group = true
+ enable_nat_gateway = true
+ single_nat_gateway = true
+ enable_ipv6 = true
+ create_egress_only_igw = true
+
+ public_subnet_ipv6_prefixes = [0, 1, 2]
+ public_subnet_assign_ipv6_address_on_creation = true
+ private_subnet_ipv6_prefixes = [3, 4, 5]
+ private_subnet_assign_ipv6_address_on_creation = true
+ intra_subnet_ipv6_prefixes = [6, 7, 8]
+ intra_subnet_assign_ipv6_address_on_creation = true
public_subnet_tags = {
"kubernetes.io/role/elb" = 1
diff --git a/examples/fargate_profile/README.md b/examples/fargate_profile/README.md
index 1b48556ce1..6ca254df27 100644
--- a/examples/fargate_profile/README.md
+++ b/examples/fargate_profile/README.md
@@ -35,7 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Source | Version |
|------|--------|---------|
| [eks](#module\_eks) | ../.. | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |
## Resources
diff --git a/examples/fargate_profile/main.tf b/examples/fargate_profile/main.tf
index 1e928558c9..b67335c94e 100644
--- a/examples/fargate_profile/main.tf
+++ b/examples/fargate_profile/main.tf
@@ -6,7 +6,7 @@ data "aws_availability_zones" "available" {}
locals {
name = "ex-${replace(basename(path.cwd), "_", "-")}"
- cluster_version = "1.24"
+ cluster_version = "1.27"
region = "eu-west-1"
vpc_cidr = "10.0.0.0/16"
@@ -106,7 +106,7 @@ module "eks" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 3.0"
+ version = "~> 4.0"
name = local.name
cidr = local.vpc_cidr
@@ -116,13 +116,8 @@ module "vpc" {
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]
- enable_nat_gateway = true
- single_nat_gateway = true
- enable_dns_hostnames = true
-
- enable_flow_log = true
- create_flow_log_cloudwatch_iam_role = true
- create_flow_log_cloudwatch_log_group = true
+ enable_nat_gateway = true
+ single_nat_gateway = true
public_subnet_tags = {
"kubernetes.io/role/elb" = 1
diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md
index 3335cfc4b3..d336b10b9d 100644
--- a/examples/karpenter/README.md
+++ b/examples/karpenter/README.md
@@ -73,7 +73,7 @@ Note that this example may create resources which cost money. Run `terraform des
|------|--------|---------|
| [eks](#module\_eks) | ../.. | n/a |
| [karpenter](#module\_karpenter) | ../../modules/karpenter | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |
## Resources
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index ac2ef4870e..a9c0e8832b 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -54,7 +54,7 @@ data "aws_ecrpublic_authorization_token" "token" {
locals {
name = "ex-${replace(basename(path.cwd), "_", "-")}"
- cluster_version = "1.24"
+ cluster_version = "1.27"
region = "eu-west-1"
vpc_cidr = "10.0.0.0/16"
@@ -286,7 +286,7 @@ resource "kubectl_manifest" "karpenter_example_deployment" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 3.0"
+ version = "~> 4.0"
name = local.name
cidr = local.vpc_cidr
@@ -296,13 +296,8 @@ module "vpc" {
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]
- enable_nat_gateway = true
- single_nat_gateway = true
- enable_dns_hostnames = true
-
- enable_flow_log = true
- create_flow_log_cloudwatch_iam_role = true
- create_flow_log_cloudwatch_log_group = true
+ enable_nat_gateway = true
+ single_nat_gateway = true
public_subnet_tags = {
"kubernetes.io/role/elb" = 1
diff --git a/examples/outposts/main.tf b/examples/outposts/main.tf
index 5dc4797e0f..fc50b53c89 100644
--- a/examples/outposts/main.tf
+++ b/examples/outposts/main.tf
@@ -16,7 +16,7 @@ provider "kubernetes" {
locals {
name = "ex-${basename(path.cwd)}"
- cluster_version = "1.21" # Required by EKS on Outposts
+ cluster_version = "1.27" # Required by EKS on Outposts
outpost_arn = element(tolist(data.aws_outposts_outposts.this.arns), 0)
instance_type = element(tolist(data.aws_outposts_outpost_instance_types.this.instance_types), 0)
diff --git a/examples/outposts/prerequisites/main.tf b/examples/outposts/prerequisites/main.tf
index e49d7bdbb5..014418121d 100644
--- a/examples/outposts/prerequisites/main.tf
+++ b/examples/outposts/prerequisites/main.tf
@@ -56,7 +56,7 @@ module "ssm_bastion_ec2" {
rm terraform_${local.terraform_version}_linux_amd64.zip 2> /dev/null
# Install kubectl
- curl -LO https://dl.k8s.io/release/v1.21.0/bin/linux/amd64/kubectl
+ curl -LO https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl
install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
# Remove default awscli which is v1 - we want latest v2
@@ -66,9 +66,8 @@ module "ssm_bastion_ec2" {
./aws/install
# Clone repo
- git clone https://github.com/bryantbiggs/terraform-aws-eks.git \
- && cd /home/ssm-user/terraform-aws-eks \
- && git checkout refactor/v19
+ git clone https://github.com/terraform-aws-modules/terraform-aws-eks.git \
+ && cd /home/ssm-user/terraform-aws-eks
chown -R ssm-user:ssm-user /home/ssm-user/
EOT
diff --git a/examples/self_managed_node_group/README.md b/examples/self_managed_node_group/README.md
index d6944ac76d..c5ddbc325c 100644
--- a/examples/self_managed_node_group/README.md
+++ b/examples/self_managed_node_group/README.md
@@ -42,7 +42,7 @@ Note that this example may create resources which cost money. Run `terraform des
| [ebs\_kms\_key](#module\_ebs\_kms\_key) | terraform-aws-modules/kms/aws | ~> 1.5 |
| [eks](#module\_eks) | ../.. | n/a |
| [key\_pair](#module\_key\_pair) | terraform-aws-modules/key-pair/aws | ~> 2.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 4.0 |
## Resources
diff --git a/examples/self_managed_node_group/main.tf b/examples/self_managed_node_group/main.tf
index 7f1993d05a..87be519086 100644
--- a/examples/self_managed_node_group/main.tf
+++ b/examples/self_managed_node_group/main.tf
@@ -19,7 +19,7 @@ data "aws_availability_zones" "available" {}
locals {
name = "ex-${replace(basename(path.cwd), "_", "-")}"
- cluster_version = "1.24"
+ cluster_version = "1.27"
region = "eu-west-1"
vpc_cidr = "10.0.0.0/16"
@@ -256,7 +256,7 @@ module "eks" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 3.0"
+ version = "~> 4.0"
name = local.name
cidr = local.vpc_cidr
@@ -266,13 +266,8 @@ module "vpc" {
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]
- enable_nat_gateway = true
- single_nat_gateway = true
- enable_dns_hostnames = true
-
- enable_flow_log = true
- create_flow_log_cloudwatch_iam_role = true
- create_flow_log_cloudwatch_log_group = true
+ enable_nat_gateway = true
+ single_nat_gateway = true
public_subnet_tags = {
"kubernetes.io/role/elb" = 1
diff --git a/modules/eks-managed-node-group/README.md b/modules/eks-managed-node-group/README.md
index 4bf3434663..bf3a35976a 100644
--- a/modules/eks-managed-node-group/README.md
+++ b/modules/eks-managed-node-group/README.md
@@ -10,7 +10,7 @@ module "eks_managed_node_group" {
name = "separate-eks-mng"
cluster_name = "my-cluster"
- cluster_version = "1.24"
+ cluster_version = "1.27"
subnet_ids = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"]
diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md
index e1c1abd92a..8e9b6dce99 100644
--- a/modules/karpenter/README.md
+++ b/modules/karpenter/README.md
@@ -168,7 +168,7 @@ No modules.
| [irsa\_ssm\_parameter\_arns](#input\_irsa\_ssm\_parameter\_arns) | List of SSM Parameter ARNs that contain AMI IDs launched by Karpenter | `list(string)` | [
"arn:aws:ssm:*:*:parameter/aws/service/*"
]
| no |
| [irsa\_subnet\_account\_id](#input\_irsa\_subnet\_account\_id) | Account ID of where the subnets Karpenter will utilize resides. Used when subnets are shared from another account | `string` | `""` | no |
| [irsa\_tag\_key](#input\_irsa\_tag\_key) | Tag key (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner | `string` | `"karpenter.sh/discovery"` | no |
-| [irsa\_tag\_values](#input\_irsa\_tag\_values) | Tag values (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner. Defaults to cluster name when not set. | `list(string)` | `null` | no |
+| [irsa\_tag\_values](#input\_irsa\_tag\_values) | Tag values (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner. Defaults to cluster name when not set. | `list(string)` | `[]` | no |
| [irsa\_tags](#input\_irsa\_tags) | A map of additional tags to add the the IAM role for service accounts | `map(any)` | `{}` | no |
| [irsa\_use\_name\_prefix](#input\_irsa\_use\_name\_prefix) | Determines whether the IAM role for service accounts name (`irsa_name`) is used as a prefix | `bool` | `true` | no |
| [policies](#input\_policies) | Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format | `map(string)` | `{}` | no |
diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf
index 2c809ed621..53ee84f818 100644
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -64,7 +64,7 @@ resource "aws_iam_role" "irsa" {
}
locals {
- irsa_tag_values = coalescelist([var.cluster_name], var.irsa_tag_values)
+ irsa_tag_values = coalescelist(var.irsa_tag_values, [var.cluster_name])
}
data "aws_iam_policy_document" "irsa" {
diff --git a/modules/karpenter/variables.tf b/modules/karpenter/variables.tf
index 47c42bace9..95a5a1df93 100644
--- a/modules/karpenter/variables.tf
+++ b/modules/karpenter/variables.tf
@@ -89,7 +89,7 @@ variable "irsa_tag_key" {
variable "irsa_tag_values" {
description = "Tag values (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner. Defaults to cluster name when not set."
type = list(string)
- default = null
+ default = []
}
variable "irsa_ssm_parameter_arns" {
diff --git a/modules/self-managed-node-group/README.md b/modules/self-managed-node-group/README.md
index a9eff4772e..8964144994 100644
--- a/modules/self-managed-node-group/README.md
+++ b/modules/self-managed-node-group/README.md
@@ -10,7 +10,7 @@ module "self_managed_node_group" {
name = "separate-self-mng"
cluster_name = "my-cluster"
- cluster_version = "1.24"
+ cluster_version = "1.27"
cluster_endpoint = "https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com"
cluster_auth_base64 = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ=="
diff --git a/variables.tf b/variables.tf
index b8577737d8..988b97970c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -27,7 +27,7 @@ variable "cluster_name" {
}
variable "cluster_version" {
- description = "Kubernetes `.` version to use for the EKS cluster (i.e.: `1.24`)"
+ description = "Kubernetes `.` version to use for the EKS cluster (i.e.: `1.27`)"
type = string
default = null
}