v6.0.0: Helm v3, IRSA, PSP and more
This is a major release, it took some time to have something clean. Lot's of changes.
Documentation
Documentation is on it's way here. If someone wants to help with that I'm opened ;)
Upstream module and dependencies
Kubectl provider
terraform-provider-kubectl is now used to handle custom manifests which work way better than local-exec.
Helm v3
- All the addons now support Helm v3 and have been tested with
terraform-provider-helmv1 - More consistent defaults that will make it easier to add or remove feature
Monitoring
- When
prometheus-operatoris enabled, metrics andserviceMonitoron every other enabled addons that supports it will be enabled. - In addition of the defaults grafana dashboards,
nginx-ingress,cluster-autoscalerandkongdashboard are now shipped with Grafana out of the box
IAM permission
- Addons that required specific IAM permission can now use IRSA which is the default and recommended way .
- KIAM is still available but is not the default.
Pod Security Policy
- default eks privileged PSP is removed, see
- more sensible defaults psp are added (default and privileged)
kube-systemcan use privileged psp by default- added the possibility to make specific namespaces "privileged"
- All addons have specific PSP enabled
Network Policy
- Support Calico
- Addons are deployed into their own namespaces
- Each addons has a default curated network policy
Priority Classes
- make use of priority classes to ensure addons are schedule
- make use of priority classes to ensure addons daemonset have higher priority that default addons that can be scheduled anywhere
Deprecated addons
- istio has been removed because Helm chart is going to be deprecated and istio-operator has been added instead.
- rancher has been removed.