workloads. Clusters can be managed by cloud providers or self-managed.
Workloads use the same [Kubernetes API](https://kubernetes.io/docs/reference/) to create and manage API resources in the
supported Pulumi languages through packages directly generated from the [OpenAPI specification](https://github.com/kubernetes/kubernetes/tree/master/api/openapi-spec).
<!--more-->
## Overview
In our march towards v2.0, we've been working on improvements and added new
features for Kubernetes thanks to the valuable feedback we've received from our
community of users and customers.
Let's review some of the major highlights.
## Managing Workloads
Users provision and manage Kubernetes workloads in various ways: YAML
manifests, Helm charts, operators, and direct API access. Pulumi can help to
unify this resource management using a programming language of your choice.
var cluster = new Eks.Cluster("eks-cluster", new Eks.ClusterArgs
{
RoleArn = eksRole.Arn,
VpcConfig = new ClusterVpcConfigArgs
{
PublicAccessCidrs = {"0.0.0.0/0"},
SecurityGroupIds = {clusterSg.Id},
SubnetIds = subnetIds,
},
});
// Create the NodeGroup.
var nodeGroup = new Eks.NodeGroup("node-group", new Eks.NodeGroupArgs
{
ClusterName = cluster.Name,
NodeGroupName = "demo-eks-nodegroup",
NodeRoleArn = nodeGroupRole.Arn,
SubnetIds = subnetIds,
ScalingConfig = new NodeGroupScalingConfigArgs{DesiredSize = 2},
});
```
* Kubernetes version support now includes the latest [v1.18 release](https://kubernetes.io/docs/setup/release/notes/), which builds on Pulumi's [support](https://github.com/pulumi/pulumi-kubernetes#kubernetes-api-version-support) for clusters >= v1.9.0
* Warnings are displayed for Kubernetes resources using deprecated apiVersions.
* [Updated the client-go](https://kubernetes.io/docs/setup/release/notes/#client-go) dependency in the provider to take advantage of the latest upstream fixes and changes.
* General house cleaning and fixes
* Helm v3 CRD's are included as expected when the `include-crds` flag is used.
* Fixed CRD resource patch updates by changing their default merge behavior.
## Managing Clusters
Kubernetes clusters come in different shapes and sizes, and with various operational
requirements to run. We’ve expanded our support for managed Kubernetes clusters
* Support for [additional security groups](https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#NodeGroup-extraNodeSecurityGroups) for node groups to attach to user-specified rules
* Support for [envelope encrypted secrets](https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#ClusterOptions-encryptionConfigKeyArn) so that Kubernetes Secrets are encrypted in etcd
* Support for [alternative authentication](https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#ClusterOptions-providerCredentialOpts) approaches on the cluster and infrastructure created, such as using AWS named profiles
* Create [kubeconfig files](https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#Cluster-getKubeconfig) that are scoped to IAM users or roles -- this is used to limit access to the cluster.
* Use the EKS package on clients operating in [HTTP proxy](https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#ClusterOptions-proxy) environments, such as corporate proxies.
* [Default to the latest AMIs](https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#ClusterNodeGroupOptions-amiId) for node groups, using the latest release from the AWS SSM parameter store.
## Wrap-Up
As our community continues to grow, we’re committed to improving our Kubernetes
experience even further. You can help to shape this experience directly by
providing feedback on [GitHub](https://github.com/pulumi/pulumi-kubernetes/). We love to hear from our users!
Learn more about how [Pulumi works with Kubernetes](https://www.pulumi.com/registry/packages/kubernetes/), and [Get Started](https://www.pulumi.com/docs/clouds/kubernetes/get-started/) if you're
Kubernetes [tutorials](https://www.pulumi.com/docs/tutorials/kubernetes/) to dive deeper, and join the [Community Slack](https://slack.pulumi.com/) to engage
