Merge upstream Release v0.194.0 ,Con 22743 add aggressive scale down (#671)

* Fix typo in publish-release.yaml

* Prepare for next development iteration

* Upgrade with explicit version if release version is up-to-date

* Test Bottlerocket node upgrade and verify version

* Add release notes for v0.175.0 (eksctl-io#7669)

* Add release notes for v0.175.0

* remove empty acknowledgements section

---------

Co-authored-by: yuxiang-zhang <[email protected]>
Co-authored-by: Tibi <[email protected]>

* Prepare for next development iteration (eksctl-io#7671)

* Bump dependencies (eksctl-io#7668)

* bump dependencies

* update mocks

* fix lint

* bump helm

* Aim for namespace uniqueness across parallel specs (eksctl-io#7680)

ensure namespace uniqueness across parallel specs

* Include MixedInstancesPolicy LaunchTemplate for validation

* Allow GPU instance types for Windows nodes (eksctl-io#7681)

* allow GPU instance type for Windows nodes

* update unit test for case gpus:0

* Display full draft release notes in PR description (eksctl-io#7686)

Update release-drafter.yaml

* Bump mkdocs version (eksctl-io#7696)

bump mkdocs version

* Add support for AMIs based on AmazonLinux2023 (eksctl-io#7684)

* add support for AL2023 for EKS-managed and self-managed nodes

* ensure AL2023 only supports containerd

* add GPU related validations + small nits

* add support for upgrades

* add support for EFA

* improve validations

* fix lint and unit tests

* update docs

* add validation error for maxpods limitation

* add integration tests for al2023

* improve validation message

* [EKSCTL create cluster command] Authorise self-managed nodes via `aws-auth configmap` when EKS access entries are disabled (eksctl-io#7698)

* Disable access entry creation for self-managed nodes on clusters with CONFIG_MAP only

* fix logic for updating aws-auth configmap

* Enforce `authenticationMode:CONFIG_MAP` on Outposts (eksctl-io#7699)

Make authenticationMode:CONFIG_MAP default on Outposts

* Add release notes for v0.176.0 (eksctl-io#7672)

Co-authored-by: TiberiuGC <[email protected]>

* Prepare for next development iteration

* Bump dependencies

Closes eksctl-io#7694 eksctl-io#7693 eksctl-io#7692 eksctl-io#7691 eksctl-io#7690 eksctl-io#7689 eksctl-io#7688 eksctl-io#7687 eksctl-io#7679 eksctl-io#7678 eksctl-io#7676 eksctl-io#7673 eksctl-io#7581 eksctl-io#7579 eksctl-io#7577 eksctl-io#7576

* Update build image tag

* Bump dependencies

* Fix arn build logic to support different aws partitions

* Fix reusing instanceRoleARN for nodegroups authorized with access entries

This changelist changes the design of creating access entries for self-managed nodegroups that use a pre-existing instanceRoleARN by creating the access entry resource outside of the CloudFormation stack by making a separate call to the AWS API. When deleting such a nodegroup, it's the user's responsibility to also delete the corresponding access entry when no more nodegroups are associated with it. This is because eksctl cannot tell if an access entry resource is still in use by non-eksctl created self-managed nodegroups.

Self-managed nodegroups not using a pre-existing instanceRoleARN will continue to have the access entry resource in the CloudFormation stack, making delete nodegroup an atomic operation for most use cases.

Fixes eksctl-io#7502

* Add note about deleting nodegroups

* Add integration tests

* Fix cluster deletion in tests

* Allow nodegroup creation after a cluster subnet is deleted (eksctl-io#7714)

* Preserve eksctl commands correctness when user deletes subnets

* update error when subnet availability validation fails

* address PR comments

* Handle K8s service account lifecycle on `eksctl create/delete podidentityassociation` commands (eksctl-io#7706)

* Handle K8s service account lifecycle on eksctl create/delete podidentityassociations commands

* correct typo

Co-authored-by: Chetan Patwal <[email protected]>

---------

Co-authored-by: Chetan Patwal <[email protected]>

* Add support for Ubuntu Pro 22.04 based EKS images (eksctl-io#7711)

* feat: Add support for Ubuntu Pro 22.04 based EKS images

* update schema.json

* test: Add nodegroup with Ubuntu Pro 22.04

* fix integration test

---------

Co-authored-by: Tibi <[email protected]>

* Disable IMDSv1 in unowned integration tests

* include pre-releases as full releases when drafting release notes

* Add utils command to migrate `iamidentitymappings` to EKS access entries (eksctl-io#7710)

* Added migrate-to-access-entry cmd structure

* Fix Target Authentication  mode validation

* Added logic to get accessEntries and cmEntries from cluster

* Added logic to make unique list of configmap accessEntries, and stack creation logic

* Added UpdateAuthentication mode and aeEntries filter logic

* Add approve flag check

* Added functionality to remove awsauth after switch to API only

* Adds logic to fetch FullARN of path stripped IAMIdentityMappings

* Updates some info log text

* Adds test case and refactors code

* Removes comments

* Adds taskTree and address PR comments

* Refactors code and Adds exception handling for NoSuchEntityException

* Resolves go.mod and go.sum conflicts

* Doc update for migrate-to-access-entry feature

* Fixed minimum iam policies doc to add permission for iam:GetUser

* Updated access-entries doc at migrate-to-access-entry section

* Fixes failing Migrate To Access Entry Test & go.mod, go.sum

* Amends migrate to access entry documentation

* improve logs and simplify code logic

* add unit tests

* ensure target-auth-mode has a valid value

---------

Co-authored-by: Pankaj Walke <[email protected]>
Co-authored-by: Venkat Penmetsa <[email protected]>
Co-authored-by: Venkat Penmetsa <[email protected]>
Co-authored-by: Tibi <[email protected]>

* Revert "[Release drafter] Treat RCs as full releases when drafting notes" (eksctl-io#7725)

* Fix creating pod identities

Replaces usage of a per-loop variable with a per-iteration variable.

* Fix deleting pod identities

* Fix deleting clusters with a non-active status

* Add release notes for v0.177.0

* update release notes for 0.177.0

* Prepare for next development iteration

* Update aws-node from 1.12.6 to 1.18.1 (eksctl-io#7756)

* Update aws-node from 1.12.6 to 1.18.1

1.18.1 is recommended for EKS clusters, where its documented that "For
all Kubernetes releases, we recommend installing the latest VPC CNI
release." as read at https://github.com/aws/amazon-vpc-cni-k8s?tab=readme-ov-file#recommended-version.

The latest available addon for various k8s minor versions are listed at
https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html#updating-vpc-cni-add-on,
and it currently sais 1.18.1 for k8s 1.23 to 1.29.

* Update tests for aws-node 1.18.1

* Reduce complexity of aws-node test

* Fix kubeletExtraConfig support for AL2023

* Add release notes for 0.178

* Prepare for next development iteration

* Support EKS 1.30

* Add release notes for v0.179.0

* Prepare for next development iteration

* Add option to create service account for pod identities which defaults to `false` (eksctl-io#7784)

* only create service account if explicitly instructed to do so

* only delete SAs if they were created by eksctl

* fix lint

* Update json schema (eksctl-io#7788)

upload schema

* [Pod Identity Associations] Don't allow `--create-service-account` flag when `--config-file` is set (eksctl-io#7789)

don't allow --create-service-account flag when --config-file is set

* Add release notes for v0.180.0 (eksctl-io#7782)

* Prepare for next development iteration (eksctl-io#7791)

* add new addon fields required for pod identity support

* ammend create addon command to create roles for pod identity associations

* ammend delete addon command to delete roles for pod identity associations

* small tweaks

* Support updating podIdentityAssociations for addons

* Show addon.podIdentityAssociations in `get addon`

* Disallow updating podidentityassociations owned by addons

* Show pod identities in `get addons`, use a pointer for addon.podIdentityAssociations

* Update mocks

* Fix deleting the specified addon instead of all addons

* Disallow deletion of addon pod identities in `delete podidentityassociation`

* Show ownerARN in `get podidentityassociations`

* Fix `create cluster` when iam.podIdentityAssociations is unset

* Delete IAM resources when addon.podIdentityAssociations is []

* take into account that not all EKS addons will support pod IDs at launch

* add validations

* Migrate EKS addons to pod identity using the Addons API

* add unit tests and update generated files

* Migrate: ignore pod identity associations that already exist

Fixes eksctl-io#7753

* add docs && tweak validation

* Delete old IRSA stack in `update addon`

* Add integration test for addon.podIdentityAssociations

* add integration tests for creating and deleting addons && bugfixes around validations and error checking

* update describe addon config command to return pod identity config

* add auto-create-pod-identity-associations CLI flag

* update unit tests

* update list of minimum IAM permissions

* tech debt - unskip tests from PI suite

* fix addons integration test

* Allow updating addons with recommended IAM policies, disallow setting tags and wellKnownPolicies

* Add more validation

* Rename fields to addonsConfig.autoApplyPodIdentityAssociations and addon.useDefaultPodIdentityAssociations

* Update AWS SDK

* use service level endpoint resolver instead of global endpoint resolver which was deprecated

* Update link to docs

* Disallow IRSA config if addon has existing pod identity associations

* Add release notes for v0.181.0

* Prepare for next development iteration

* Fix formatting for notes in documentation

* apply same formatting fix for addons.md file

* G6 support

* Subnets availability validation should use AZs resolved by `EC2::DescribeSubnets` call (eksctl-io#7816)

Subnets availability validation should use AZs resolved by EC2::DescribeSubnets call

* Update pkg/addons/assets/efa-device-plugin.yaml

Co-authored-by: Chetan Patwal <[email protected]>

* Update pkg/addons/assets/efa-device-plugin.yaml

Co-authored-by: Chetan Patwal <[email protected]>

* Fix upgrading AL2 ARM64 nodegroups

* fix typo for iam policy

* update aws-node to latest version

* coredns script should exclude preview versions

* Add release notes for v0.182.0

* Prepare for next development iteration

* Make EKS 1.30 the default

* Fix tests

* Add release notes for v0.183.0

* Prepare for next development iteration

* Stop using P2 instances which will be retired (eksctl-io#7826)

stop using P2 instances which will be retired

* Schedule pods on a nodegroup on which no concurrent actions are executed (eksctl-io#7834)

* Schedule pods on a nodegroup on which no concurrent actions are executed

* patch test assertions

* use string in logging instead of wrapping error

* Fix SDK paginator mocks

The latest version of `aws-sdk-go-v2/service/eks` breaks unit tests. This [changelist](aws/aws-sdk-go-v2#2682) added SDK-specific feature tracking where all paginated operations now pass an additional argument (`addIsPaginatorUserAgent`) to add `UserAgentFeaturePaginator` to the user agent. The mocks, however, do not expect this variadic argument to be passed, resulting in failing assertions.

Fixes eksctl-io#7845

* Allow cluster creation without default networking addons

* Install default addons as EKS managed addons

* Add integration tests and unit tests

* Do not patch VPC CNI ServiceAccount to use IRSA if disableDefaultAddons is set

* Honour the wait field when creating addons

* Do not restart VPC CNI DaemonSet pods

* Fix running kube-proxy on AL2023 nodes

* Fix addon integration tests

* Add documentation

* Fix integration tests

* Reorder addons task

* Fix tests

* Fix CRUD test

* Add release notes for v0.184.0

* Prepare for next development iteration

* fixed iam permissions for karpenter

Signed-off-by: Sienna Satterwhite <[email protected]>

* fix run as root efa device plugin bug

The plugins were globally changed to have runAsNonRoot
set to true. This breaks the efa plugin, which
currently requires it. This PR was tested and confirmed
to fix the bug in several cases.

Signed-off-by: vsoch <[email protected]>

* add support for hpc7g arm images

Signed-off-by: sochat1 <[email protected]>

* update efa-device-plugin.yaml to one that workkks

Signed-off-by: sochat1 <[email protected]>

* add additional hpc7g instance types

Signed-off-by: vsoch <[email protected]>

* Add auto-ssm ami resolution for ubuntu

Issue eksctl-io#3224

* Avoid creating subnets in disallowed Availability Zone IDs

* Add release notes for v0.185.0

* Prepare for next development iteration

* Refactor: move bare cluster validation to NewCreateClusterLoader

* Retry throttling errors, disable retry rate-limiting

* Allow limiting the number of nodegroups created in parallel

* Add release notes for v0.186.0

* Prepare for next development iteration

* Restrict `VPC.SecurityGroup` egress rules validations to self-managed nodes (eksctl-io#7883)

Restrict VPC.SecurityGroup egress rules validations to self-managed nodes

* Add release notes for v0.187.0 (eksctl-io#7885)

Co-authored-by: Tibi <[email protected]>

* Prepare for next development iteration (eksctl-io#7890)

* Add GH workflow for automatically updating nvidia device plugin static manifest (eksctl-io#7898)

* Add GH workflow for automatically updating nvidia device plugin static manifest

* update PR body

* fix unit tests

* updates userdocs

* Add support for Kuala Lumpur region (ap-southeast-5) (eksctl-io#7910)

* Update nvidia-device-plugin to v0.16.0 (eksctl-io#7900)

update nvidia-device-plugin to v0.16.0

Co-authored-by: TiberiuGC <[email protected]>

* Bump github.com/docker/docker from 24.0.9+incompatible to 26.1.4+incompatible (eksctl-io#7909)

Bump github.com/docker/docker

Co-authored-by: Tibi <[email protected]>

* Add release notes for v0.188.0 (eksctl-io#7889)

add release notes for v0.188.0

Co-authored-by: Tibi <[email protected]>

* Prepare for next development iteration (eksctl-io#7917)

* Fix SSM unit tests

* fix: resolve segfault in validateBareCluster

Signed-off-by: Mike Frisch <[email protected]>

* Skip creating OIDC manager for Outposts clusters

* Add release notes for v0.189.0

* Prepare for next development iteration

* Bump github.com/docker/docker

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.4+incompatible to 26.1.5+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v26.1.4...v26.1.5)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump jinja2 from 3.1.3 to 3.1.4 in /userdocs

Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.3...3.1.4)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Add release notes for v0.190.0

* Prepare for next development iteration

* Prepare for next development iteration

* Add support for EKS 1.31 (eksctl-io#7973)

add support for eks 1.31

* Add release notes for v0.191.0 (eksctl-io#7965)

Co-authored-by: tiberiugc <[email protected]>

* Prepare for next development iteration

* cleanup efa installer archive before install

Currently, the UserData section that runs during cloud init
happens before any root volumes are expanded with growpart.
Although the best solution would be to ensure the filesystem
resize happens before these scripts are run, a quick means
to fix the current issue is simply to cleanup the efa
installer tar.gz, which is very large. I have tested this
with hpc7g for a size 2 and size 8 cluster (previously both
not working) and can confirm the devices are functioning after.

Signed-off-by: vsoch <[email protected]>

* efa-installer: remove archive in 2023 files

Problem: the node consistently runs out of disk space when
adding efa, resulting in an unusable cluster with scattered
nodes where the installer failed.
Solution: the installer archive itself is huge, and we can
simply remove it and avoid this error.

Signed-off-by: vsoch <[email protected]>

* Disallow `overrideBootstrapCommand` and `preBootstrapCommands` for MNG AL2023 (eksctl-io#7990)

disallow overrideBootstrapCommand and preBootstrapCommands for MNG AL2023

* Add support for EKS accelerated AMIs based on AL2023 (eksctl-io#7996)

add support for EKS accelerated AMIs based on AL2023

* Add release notes for v0.192.0 (eksctl-io#7974)

Co-authored-by: TiberiuGC <[email protected]>

* Prepare for next development iteration (eksctl-io#7997)

* Add support for M8g instance types

Signed-off-by: cpu1 <[email protected]>

* Correct version drift in cluster-upgrade.md

Correct the description of version drift during upgrade to match
the current kubernetes documentation. Node version should not be
newer than the cluster version.

* Add release notes for v0.193.0

* Prepare for next development iteration

* Fix missing ELB listener attribute actions required for AWS Load Balancer Controller v2.9.0

* Support EKS zonal shift config

Signed-off-by: cpu1 <[email protected]>

* Fix tests

Signed-off-by: cpu1 <[email protected]>

* Add release notes for v0.194.0

* after clean compile

* fix merge .. cloudformation error while creating ocean nodegroup

* actual work to add field in ocean cluster config

* restore .goreleaser.yml to root

---------

Signed-off-by: Sienna Satterwhite <[email protected]>
Signed-off-by: vsoch <[email protected]>
Signed-off-by: sochat1 <[email protected]>
Signed-off-by: Mike Frisch <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: cpu1 <[email protected]>
Co-authored-by: Yu Xiang Z <[email protected]>
Co-authored-by: eksctl-bot <[email protected]>
Co-authored-by: Yu Xiang Zhang <[email protected]>
Co-authored-by: yuxiang-zhang <[email protected]>
Co-authored-by: Tibi <[email protected]>
Co-authored-by: Weifeng Wang <[email protected]>
Co-authored-by: Chetan Patwal <[email protected]>
Co-authored-by: cpu1 <[email protected]>
Co-authored-by: TimAndy <[email protected]>
Co-authored-by: cPu1 <[email protected]>
Co-authored-by: Alberto Contreras <[email protected]>
Co-authored-by: punkwalker <[email protected]>
Co-authored-by: Pankaj Walke <[email protected]>
Co-authored-by: Venkat Penmetsa <[email protected]>
Co-authored-by: Venkat Penmetsa <[email protected]>
Co-authored-by: Erik Sundell <[email protected]>
Co-authored-by: cPu1 <[email protected]>
Co-authored-by: tiberiugc <[email protected]>
Co-authored-by: AI2Table <[email protected]>
Co-authored-by: Practicus AI <[email protected]>
Co-authored-by: Wei Zang <[email protected]>
Co-authored-by: Andres More <[email protected]>
Co-authored-by: Sienna Satterwhite <[email protected]>
Co-authored-by: vsoch <[email protected]>
Co-authored-by: sochat1 <[email protected]>
Co-authored-by: Alberto Contreras <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mike Frisch <[email protected]>
Co-authored-by: Martin Harriman <[email protected]>
Co-authored-by: Jonathan Foster <[email protected]>

Author: 23 people

.github/workflows/update-generated.yaml

@@ -2,7 +2,10 @@ name: Update generated files
 on:
   workflow_dispatch: {}
   schedule:
-    - cron: "0 5 * * Thu"
+  - cron: "0 5 * * Thu"
+
+permissions:
+  id-token: write
 
 permissions:
   id-token: write
@@ -15,47 +18,53 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        resource: ["coredns", "aws-node"]    
+        resource: ["coredns", "aws-node", "nvidia-device-plugin"]
     name: Update ${{ matrix.resource }} and open PR
     runs-on: ubuntu-latest
     container: public.ecr.aws/eksctl/eksctl-build:833f4464e865a6398788bf6cbc5447967b8974b7
     env:
       GOPRIVATE: ""
     steps:
-      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
-        with:
-          token: ${{ secrets.EKSCTLBOT_TOKEN }}
-          fetch-depth: 0
-      - name: Configure AWS credentials for coredns update
-        if: ${{ matrix.resource == 'coredns' }}
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-        with:
-          aws-region: us-west-2
-          role-duration-seconds: 900
-          role-session-name: eksctl-update-coredns-assets
-          role-to-assume: ${{ secrets.UPDATE_COREDNS_ROLE_ARN }}
-      - name: Setup identity as eksctl-bot
-        uses: ./.github/actions/setup-identity
-        with:
-          token: "${{ secrets.EKSCTLBOT_TOKEN }}"
-      - name: Cache go-build and mod
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
-        with:
-          path: |
-            ~/.cache/go-build/
-            ~/go/pkg/mod/
-          key: go-${{ hashFiles('go.sum') }}
-          restore-keys: |
-            go-
-      - name: Update ${{ matrix.resource }}
-        run: make update-${{ matrix.resource }}
-      - name: Upsert pull request
-        uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e #v6.0.2
-        with:
-          token: ${{ secrets.EKSCTLBOT_TOKEN }}
-          commit-message: update ${{ matrix.resource }}
-          committer: eksctl-bot <[email protected]>
-          title: 'Update ${{ matrix.resource }}'
-          branch: update-${{ matrix.resource }}
-          labels: area/tech-debt
+    - name: Checkout
+      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
+      with:
+        token: ${{ secrets.EKSCTLBOT_TOKEN }}
+        fetch-depth: 0
+    - name: Configure AWS credentials for coredns update
+      if: ${{ matrix.resource == 'coredns' }}
+      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      with:
+        aws-region: us-west-2
+        role-duration-seconds: 900
+        role-session-name: eksctl-update-coredns-assets
+        role-to-assume: ${{ secrets.UPDATE_COREDNS_ROLE_ARN }}
+    - name: Setup identity as eksctl-bot
+      uses: ./.github/actions/setup-identity
+      with:
+        token: "${{ secrets.EKSCTLBOT_TOKEN }}"
+    - name: Cache go-build and mod
+      uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
+      with:
+        path: |
+          ~/.cache/go-build/
+          ~/go/pkg/mod/
+        key: go-${{ hashFiles('go.sum') }}
+        restore-keys: |
+          go-
+    - name: Update ${{ matrix.resource }}
+      run: make update-${{ matrix.resource }}
+    - name: Upsert pull request
+      uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e #v6.0.2
+      with:
+        token: ${{ secrets.EKSCTLBOT_TOKEN }}
+        commit-message: update ${{ matrix.resource }}${{ env.LATEST_RELEASE_TAG }}
+        committer: eksctl-bot <[email protected]>
+        title: 'Update ${{ matrix.resource }}${{ env.LATEST_RELEASE_TAG }}'
+        branch: update-${{ matrix.resource }}
+        labels: area/tech-debt
+        body: |
+          Auto-generated by [eksctl Update Generated Files GitHub workflow][1]
+
+          [1]: https://github.com/eksctl-io/eksctl/blob/main/.github/workflows/update-generated.yaml
+
+          Please manually test before approving and merging.

Makefile

@@ -160,6 +160,9 @@ generate-all: generate-always $(conditionally_generated_files) ## Re-generate al
 check-all-generated-files-up-to-date: generate-all ## Run the generate all command and verify there is no new diff
 	git diff --quiet -- $(conditionally_generated_files) || (git --no-pager diff $(conditionally_generated_files); echo "HINT: to fix this, run 'git commit $(conditionally_generated_files) --message \"Update generated files\"'"; exit 1)
 
+.PHONY: update-nvidia-device-plugin
+update-nvidia-device-plugin: ## fetch the latest static manifest
+	pkg/addons/assets/scripts/update_nvidia_device_plugin.sh
 
 .PHONY: update-aws-node
 update-aws-node: ## Re-download the aws-node manifests from AWS
@@ -169,9 +172,6 @@ update-aws-node: ## Re-download the aws-node manifests from AWS
 update-coredns: ## get latest coredns builds for each available eks version
 	@go run pkg/addons/default/scripts/update_coredns_assets.go
 
-.PHONY:
-update-coredns: ## get latest coredns builds for each available eks version
-	@go run pkg/addons/default/scripts/update_coredns_assets.go
 
 deep_copy_helper_input = $(shell $(call godeps_cmd,./pkg/apis/...) | sed 's|$(generated_code_deep_copy_helper)||' )
 $(generated_code_deep_copy_helper): $(deep_copy_helper_input) ## Generate Kubernetes API helpers

docs/release_notes/0.184.0.md

@@ -0,0 +1,20 @@
+# Release v0.184.0
+
+## 🚀 Features
+
+- Cluster creation flexibility for default networking addons (#7866)
+
+## 🎯 Improvements
+
+- use string in logging instead of wrapping error (#7838)
+- Stop using P2 instances which will be retired (#7826)
+
+## 🧰 Maintenance
+
+- Fix SDK paginator mocks (#7850)
+- Schedule pods on a nodegroup on which no concurrent actions are executed (#7834)
+
+## Acknowledgments
+
+The eksctl maintainers would like to sincerely thank @moreandres.
+

docs/release_notes/0.185.0.md

@@ -0,0 +1,14 @@
+# Release v0.185.0
+
+## 🎯 Improvements
+
+- Avoid creating subnets in disallowed Availability Zone IDs (#7870)
+- Add auto-ssm ami resolution for ubuntu (#7851)
+- Add/hpc7g node arm support (#6743)
+- fix runAsNonRoot (true) efa device plugin bug (#6302)
+- fixed iam permissions bug for karpenter (#7778)
+
+## Acknowledgments
+
+The eksctl maintainers would like to sincerely thank @aciba90, @siennathesane and @vsoch.
+

docs/release_notes/0.186.0.md

@@ -0,0 +1,10 @@
+# Release v0.186.0
+
+## 🚀 Features
+
+- Allow limiting the number of nodegroups created in parallel (#7884)
+
+## 🎯 Improvements
+
+- Retry throttling errors, disable retry rate-limiting (#7878)
+

docs/release_notes/0.187.0.md

@@ -0,0 +1,5 @@
+# Release v0.187.0
+
+## 🐛 Bug Fixes
+
+- Restrict `VPC.SecurityGroup` egress rules validations to self-managed nodes (#7883)

docs/release_notes/0.188.0.md

@@ -0,0 +1,14 @@
+# Release v0.188.0
+
+## 🚀 Features
+
+- Add support for Kuala Lumpur region (ap-southeast-5) (#7910)
+
+## 🎯 Improvements
+
+- Add GH workflow for automatically updating nvidia device plugin static manifest (#7898)
+
+## 🧰 Maintenance
+
+- Update nvidia-device-plugin to v0.16.0 (#7900)
+

docs/release_notes/0.189.0.md

@@ -0,0 +1,12 @@
+# Release v0.189.0
+
+## 🐛 Bug Fixes
+
+- Skip creating OIDC manager for Outposts clusters (#7934)
+- Fixes segfault when VPC CNI is disabled (#7927)
+- Fix SSM unit tests (#7935)
+
+## Acknowledgments
+
+The eksctl maintainers would like to sincerely thank @EmmEff.
+

docs/release_notes/0.190.0.md

@@ -0,0 +1,6 @@
+# Release v0.190.0
+
+## 🧰 Maintenance
+
+- Bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible (#7936)
+- Bump jinja2 from 3.1.3 to 3.1.4 in /userdocs (#7748)

docs/release_notes/0.191.0.md

@@ -0,0 +1,5 @@
+# Release v0.191.0
+
+## 🚀 Features
+
+- Add support for EKS 1.31 (#7973)

docs/release_notes/0.192.0.md

@@ -0,0 +1,18 @@
+# Release v0.192.0
+
+## 🚀 Features
+
+- Add support for EKS accelerated AMIs based on AL2023 (#7996)
+
+## 🎯 Improvements
+
+- cleanup efa installer archive before install (#6870)
+
+## 🐛 Bug Fixes
+
+- Disallow `overrideBootstrapCommand` and `preBootstrapCommands` for MNG AL2023 (#7990)
+
+## Acknowledgments
+
+The eksctl maintainers would like to sincerely thank @vsoch.
+

docs/release_notes/0.193.0.md

@@ -0,0 +1,14 @@
+# Release v0.193.0
+
+## 🚀 Features
+
+- Add support for M8g instance types (#8001)
+
+## 📝 Documentation
+
+- Documentation: correct version drift limits in cluster-upgrade.md (#7994)
+
+## Acknowledgments
+
+The eksctl maintainers would like to sincerely thank @larvacea.
+

docs/release_notes/0.194.0.md

@@ -0,0 +1,14 @@
+# Release v0.194.0
+
+## 🚀 Features
+
+- Support EKS zonal shift config (#8005)
+
+## 🎯 Improvements
+
+- Fix missing ELB listener attribute actions required for AWS Load Balancer Controller v2.9.0 (#7988)
+
+## Acknowledgments
+
+The eksctl maintainers would like to sincerely thank @jonathanfoster.
+

examples/41-zonal-shift.yaml

@@ -0,0 +1,11 @@
+# An example ClusterConfig that uses EKS Zonal Shift.
+
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+
+metadata:
+  name: highly-available-cluster
+  region: us-west-2
+
+zonalShiftConfig:
+  enabled: true

go.mod

@@ -5,28 +5,30 @@ module github.com/weaveworks/eksctl
 
 go 1.21
 
+toolchain go1.21.5
+
 require (
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/aws/amazon-ec2-instance-selector/v2 v2.4.2-0.20230601180523-74e721cb8c1e
 	github.com/aws/aws-sdk-go v1.51.16
-	github.com/aws/aws-sdk-go-v2 v1.27.1
+	github.com/aws/aws-sdk-go-v2 v1.32.2
 	github.com/aws/aws-sdk-go-v2/config v1.27.11
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
 	github.com/aws/aws-sdk-go-v2/service/autoscaling v1.40.5
-	github.com/aws/aws-sdk-go-v2/service/cloudformation v1.50.0
+	github.com/aws/aws-sdk-go-v2/service/cloudformation v1.52.1
 	github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.39.2
 	github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.35.1
 	github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.36.3
-	github.com/aws/aws-sdk-go-v2/service/ec2 v1.156.0
-	github.com/aws/aws-sdk-go-v2/service/eks v1.43.0
+	github.com/aws/aws-sdk-go-v2/service/ec2 v1.166.0
+	github.com/aws/aws-sdk-go-v2/service/eks v1.51.0
 	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.24.4
 	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.30.5
 	github.com/aws/aws-sdk-go-v2/service/iam v1.32.0
 	github.com/aws/aws-sdk-go-v2/service/kms v1.27.5
 	github.com/aws/aws-sdk-go-v2/service/outposts v1.38.0
 	github.com/aws/aws-sdk-go-v2/service/ssm v1.49.5
 	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6
-	github.com/aws/smithy-go v1.20.2
+	github.com/aws/smithy-go v1.22.0
 	github.com/awslabs/amazon-eks-ami/nodeadm v0.0.0-20240508073157-fbfa1bc129f5
 	github.com/benjamintf1/unmarshalledmatchers v1.0.0
 	github.com/blang/semver v3.5.1+incompatible
@@ -60,14 +62,14 @@ require (
 	github.com/spf13/afero v1.11.0
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spotinst/spotinst-sdk-go v1.171.0
+	github.com/spotinst/spotinst-sdk-go v1.372.0
 	github.com/stretchr/testify v1.9.0
 	github.com/tidwall/gjson v1.17.1
 	github.com/tidwall/sjson v1.2.5
 	github.com/tj/assert v0.0.3
 	github.com/vburenin/ifacemaker v1.2.1
 	github.com/vektra/mockery/v2 v2.38.0
-	github.com/weaveworks/goformation/v4 v4.10.2-0.20231113122203-bf1ae633f95c
+	github.com/weaveworks/goformation/v4 v4.10.2-0.20241022124128-4be25b69f5e0
 	github.com/weaveworks/schemer v0.0.0-20230525114451-47139fe25848
 	github.com/xgfone/netaddr v0.5.1
 	golang.org/x/crypto v0.22.0
@@ -126,11 +128,11 @@ require (
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.8 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect
 	github.com/aws/aws-sdk-go-v2/service/pricing v1.17.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
@@ -165,13 +167,13 @@ require (
 	github.com/daixiang0/gci v0.12.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/denis-tingaikin/go-header v0.5.0 // indirect
-	github.com/docker/cli v24.0.6+incompatible // indirect
-	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/docker/docker v24.0.9+incompatible // indirect
+	github.com/distribution/reference v0.5.0 // indirect
+	github.com/docker/cli v25.0.1+incompatible // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/docker v26.1.5+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/ettle/strcase v0.2.0 // indirect
@@ -298,7 +300,6 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/moricho/tparallel v0.3.1 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/muesli/ansi v0.0.0-20211018074035-2e021307bc4b // indirect
 	github.com/muesli/cancelreader v0.2.2 // indirect
 	github.com/muesli/reflow v0.3.0 // indirect
@@ -312,7 +313,7 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc6 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/pelletier/go-toml/v2 v2.2.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
@@ -422,7 +423,7 @@ require (
 	k8s.io/kubectl v0.29.0 // indirect
 	mvdan.cc/gofumpt v0.6.0 // indirect
 	mvdan.cc/unparam v0.0.0-20240104100049-c549a3470d14 // indirect
-	oras.land/oras-go v1.2.4 // indirect
+	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/controller-runtime v0.17.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect