Skip to content

Commit a2b04ca

Browse files
committed
chore: update README.md
1 parent 1657664 commit a2b04ca

1 file changed

Lines changed: 23 additions & 9 deletions

File tree

README.md

Lines changed: 23 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -321,12 +321,6 @@ Module usage with two unmanaged worker groups:
321321
> many issues you may read about that had affected prior versions. See the version 2 README and release notes
322322
> for more information on the challenges and workarounds that were required prior to v3.
323323
324-
> [!IMPORTANT]
325-
> In Cloud Posse's examples, we avoid pinning modules to specific versions to prevent discrepancies between the documentation
326-
> and the latest released versions. However, for your own projects, we strongly advise pinning each module to the exact version
327-
> you're using. This practice ensures the stability of your infrastructure. Additionally, we recommend implementing a systematic
328-
> approach for updating versions to avoid unexpected changes.
329-
330324
## EKS Auto Mode
331325

332326
This module supports [EKS Auto Mode](https://docs.aws.amazon.com/eks/latest/userguide/automode.html) (GA December 2024),
@@ -393,6 +387,14 @@ With Auto Mode, Kubernetes version upgrades are simplified:
393387
2. Managed Karpenter detects version drift and automatically replaces nodes
394388
3. Auto Mode-managed add-ons are automatically upgraded to compatible versions
395389

390+
> [!IMPORTANT]
391+
> In Cloud Posse's examples, we avoid pinning modules to specific versions to prevent discrepancies between the documentation
392+
> and the latest released versions. However, for your own projects, we strongly advise pinning each module to the exact version
393+
> you're using. This practice ensures the stability of your infrastructure. Additionally, we recommend implementing a systematic
394+
> approach for updating versions to avoid unexpected changes.
395+
396+
397+
396398

397399

398400

@@ -404,20 +406,21 @@ With Auto Mode, Kubernetes version upgrades are simplified:
404406
| Name | Version |
405407
|------|---------|
406408
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
407-
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.75.1 |
409+
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.25.0 |
408410
| <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 3.1.0, != 4.0.0 |
409411

410412
## Providers
411413

412414
| Name | Version |
413415
|------|---------|
414-
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.75.1 |
416+
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.25.0 |
415417
| <a name="provider_tls"></a> [tls](#provider\_tls) | >= 3.1.0, != 4.0.0 |
416418

417419
## Modules
418420

419421
| Name | Source | Version |
420422
|------|--------|---------|
423+
| <a name="module_capability_label"></a> [capability\_label](#module\_capability\_label) | cloudposse/label/null | 0.25.0 |
421424
| <a name="module_label"></a> [label](#module\_label) | cloudposse/label/null | 0.25.0 |
422425
| <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
423426

@@ -433,19 +436,23 @@ With Auto Mode, Kubernetes version upgrades are simplified:
433436
| [aws_eks_access_policy_association.list](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_access_policy_association) | resource |
434437
| [aws_eks_access_policy_association.map](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_access_policy_association) | resource |
435438
| [aws_eks_addon.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
439+
| [aws_eks_capability.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_capability) | resource |
436440
| [aws_eks_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster) | resource |
437441
| [aws_iam_openid_connect_provider.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |
438442
| [aws_iam_policy.cluster_elb_service_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
443+
| [aws_iam_role.capability](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
439444
| [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
440445
| [aws_iam_role_policy_attachment.amazon_eks_cluster_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
441446
| [aws_iam_role_policy_attachment.amazon_eks_service_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
447+
| [aws_iam_role_policy_attachment.auto_mode](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
442448
| [aws_iam_role_policy_attachment.cluster_elb_service_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
443449
| [aws_kms_alias.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
444450
| [aws_kms_key.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
445451
| [aws_vpc_security_group_ingress_rule.custom_ingress_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
446452
| [aws_vpc_security_group_ingress_rule.managed_ingress_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
447453
| [aws_vpc_security_group_ingress_rule.managed_ingress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
448454
| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
455+
| [aws_iam_policy_document.capability_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
449456
| [aws_iam_policy_document.cluster_elb_service_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
450457
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
451458
| [tls_certificate.cluster](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate) | data source |
@@ -466,7 +473,11 @@ With Auto Mode, Kubernetes version upgrades are simplified:
466473
| <a name="input_allowed_security_group_ids"></a> [allowed\_security\_group\_ids](#input\_allowed\_security\_group\_ids) | A list of IDs of Security Groups to allow access to the cluster. | `list(string)` | `[]` | no |
467474
| <a name="input_associated_security_group_ids"></a> [associated\_security\_group\_ids](#input\_associated\_security\_group\_ids) | A list of IDs of Security Groups to associate the cluster with.<br/>These security groups will not be modified. | `list(string)` | `[]` | no |
468475
| <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br/>in the order they appear in the list. New attributes are appended to the<br/>end of the list. The elements of the list are joined by the `delimiter`<br/>and treated as a single ID element. | `list(string)` | `[]` | no |
469-
| <a name="input_bootstrap_self_managed_addons_enabled"></a> [bootstrap\_self\_managed\_addons\_enabled](#input\_bootstrap\_self\_managed\_addons\_enabled) | Manages bootstrap of default networking addons after cluster has been created | `bool` | `null` | no |
476+
| <a name="input_auto_mode_compute_config"></a> [auto\_mode\_compute\_config](#input\_auto\_mode\_compute\_config) | EKS Auto Mode compute configuration. When enabled, AWS manages node<br/>provisioning via managed Karpenter. | <pre>object({<br/> enabled = optional(bool, false)<br/> node_pools = optional(set(string), ["general-purpose", "system"])<br/> node_role_arn = optional(string, null)<br/> })</pre> | `{}` | no |
477+
| <a name="input_auto_mode_elastic_load_balancing"></a> [auto\_mode\_elastic\_load\_balancing](#input\_auto\_mode\_elastic\_load\_balancing) | EKS Auto Mode elastic load balancing configuration. When enabled,<br/>AWS manages ALB/NLB creation for Services and Ingress resources. | <pre>object({<br/> enabled = optional(bool, false)<br/> })</pre> | `{}` | no |
478+
| <a name="input_auto_mode_storage_config"></a> [auto\_mode\_storage\_config](#input\_auto\_mode\_storage\_config) | EKS Auto Mode storage configuration. When block\_storage is enabled,<br/>AWS manages EBS volumes via the ebs.csi.eks.amazonaws.com provisioner. | <pre>object({<br/> block_storage = optional(object({<br/> enabled = optional(bool, false)<br/> }), {})<br/> })</pre> | `{}` | no |
479+
| <a name="input_bootstrap_self_managed_addons_enabled"></a> [bootstrap\_self\_managed\_addons\_enabled](#input\_bootstrap\_self\_managed\_addons\_enabled) | Manages bootstrap of default networking addons after cluster has been created. Must be false when Auto Mode is enabled. Changing this forces cluster recreation. | `bool` | `null` | no |
480+
| <a name="input_capabilities"></a> [capabilities](#input\_capabilities) | Map of EKS Capabilities to enable on the cluster. Each key is the capability<br/>name (must be unique within the cluster). Supported types: ACK, ARGOCD, KRO.<br/><br/>When `create_iam_role` is true (default) and `role_arn` is null, an IAM<br/>role with a trust policy for `capabilities.eks.amazonaws.com` is<br/>automatically created. Set `create_iam_role = false` and provide `role_arn`<br/>when the calling module creates its own IAM roles (avoids plan-time unknowns).<br/><br/>The `configuration` block is only applicable to ARGOCD capabilities.<br/>ACK and KRO do not currently support configuration. | <pre>map(object({<br/> enabled = optional(bool, true)<br/> type = string # ACK, ARGOCD, KRO<br/> create_iam_role = optional(bool, true)<br/> role_arn = optional(string, null)<br/> delete_propagation_policy = optional(string, "RETAIN")<br/> configuration = optional(object({<br/> argo_cd = optional(object({<br/> namespace = optional(string, "argocd")<br/> aws_idc = optional(object({<br/> idc_instance_arn = string<br/> idc_region = optional(string, null)<br/> }), null)<br/> network_access = optional(object({<br/> vpce_ids = optional(list(string), [])<br/> }), null)<br/> rbac_role_mapping = optional(list(object({<br/> role = string # ADMIN, EDITOR, VIEWER<br/> identity = list(object({<br/> id = string<br/> type = string # SSO_USER, SSO_GROUP<br/> }))<br/> })), [])<br/> }), null)<br/> }), null)<br/> create_timeout = optional(string, null)<br/> update_timeout = optional(string, null)<br/> delete_timeout = optional(string, null)<br/> }))</pre> | `{}` | no |
470481
| <a name="input_cloudwatch_log_group_class"></a> [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |
471482
| <a name="input_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If provided, the KMS Key ID to use to encrypt AWS CloudWatch logs | `string` | `null` | no |
472483
| <a name="input_cluster_attributes"></a> [cluster\_attributes](#input\_cluster\_attributes) | Override label module default cluster attributes | `list(string)` | <pre>[<br/> "cluster"<br/>]</pre> | no |
@@ -517,6 +528,9 @@ With Auto Mode, Kubernetes version upgrades are simplified:
517528

518529
| Name | Description |
519530
|------|-------------|
531+
| <a name="output_auto_mode_enabled"></a> [auto\_mode\_enabled](#output\_auto\_mode\_enabled) | Whether EKS Auto Mode is enabled (all three capabilities: compute, storage, networking) |
532+
| <a name="output_capabilities"></a> [capabilities](#output\_capabilities) | Map of enabled EKS Capabilities with their ARNs and types |
533+
| <a name="output_capability_role_arns"></a> [capability\_role\_arns](#output\_capability\_role\_arns) | Map of auto-created capability IAM role ARNs |
520534
| <a name="output_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#output\_cloudwatch\_log\_group\_kms\_key\_id) | KMS Key ID to encrypt AWS CloudWatch logs |
521535
| <a name="output_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | The name of the log group created in cloudwatch where cluster logs are forwarded to if enabled |
522536
| <a name="output_cluster_encryption_config_enabled"></a> [cluster\_encryption\_config\_enabled](#output\_cluster\_encryption\_config\_enabled) | If true, Cluster Encryption Configuration is enabled |

0 commit comments

Comments
 (0)