Update documentation and project factory version

Victor Getz · Victor Getz · commit 2b9157ca23ed · 2023-05-04T14:29:16.000+02:00
diff --git a/README.md b/README.md
@@ -43,7 +43,12 @@ Here is what we want to achieve:
     * Click "Create User" in the top right corner
     * <img src="documentation/otc-create-user-1.png" style="width: 50%; height: 25%"/>
     * Save the password somewhere secure and use this user for the workshop
-7. Adjust the .envrc file. The .envrc is needed to set environment variables which are used by terraform or by the otc-auth cli tool
+7. Since we will encrypt all data and disks by default add the "KMS Administrator" role to your project
+    * Go to Identity and Access Management
+    * Go to Agencies
+    * Adjust EVSAccessKMS Agency like this
+      * ![kms-agency.png](documentation%2Fkms-agency.png)
+8. Adjust the .envrc file. The .envrc is needed to set environment variables which are used by terraform or by the otc-auth cli tool
    * Set your context name under line number 2 (TF_VAR_context)
    * If you are not working under the region eu-de then please change line number 3 (TF_VAR_region)
    * replace all "REPLACE_ME" Placeholder with the correct values
diff --git a/documentation/kms-agency.png b/documentation/kms-agency.png
diff --git a/otc-cloud/dev/main.tf b/otc-cloud/dev/main.tf
@@ -2,10 +2,10 @@ data "opentelekomcloud_identity_project_v3" "current" {}
 
 module "vpc" {
   source             = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/vpc"
-  version            = "5.2.1"
+  version            = "5.3.0"
   name               = "${var.context}-${var.stage}-vpc"
   cidr_block         = var.vpc_cidr
-  enable_shared_snat = true
+  enable_shared_snat = false
   subnets            = {
     "kubernetes-subnet" = cidrsubnet(var.vpc_cidr, 1, 0)
   }
@@ -14,37 +14,32 @@ module "vpc" {
 
 module "snat" {
   source      = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/snat"
-  version     = "5.2.1"
+  version     = "5.3.0"
   name_prefix = "${var.context}-${var.stage}"
   subnet_id   = module.vpc.subnets["kubernetes-subnet"].id
   vpc_id      = module.vpc.vpc.id
   tags        = local.tags
 }
 
 module "cce" {
-  source  = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/cce"
-  version = "5.2.1"
+  source      = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/cce"
+  version     = "5.3.0"
 
   name                           = "${var.context}-${var.stage}"
   cluster_vpc_id                 = module.vpc.vpc.id
   cluster_subnet_id              = module.vpc.subnets["kubernetes-subnet"].id
-  cluster_version                = "v1.25"
   cluster_high_availability      = var.cluster_config.high_availability
   cluster_enable_scaling         = var.cluster_config.enable_scaling
   cluster_container_network_type = var.cluster_config.container_network_type
   cluster_container_cidr         = var.cluster_config.container_cidr
   cluster_service_cidr           = var.cluster_config.service_cidr
   cluster_public_access          = true
-  authentication_mode            = "rbac"
-  metrics_server_version         = "1.3.2"
-  autoscaler_version             = "1.25.7"
-  node_container_runtime         = "containerd"
 
-  node_availability_zones = var.availability_zones
-  node_count              = var.cluster_config.nodes_count
-  node_flavor             = var.cluster_config.node_flavor
-  node_storage_type       = var.cluster_config.node_storage_type
-  node_storage_size       = var.cluster_config.node_storage_size
+  node_availability_zones         = var.availability_zones
+  node_count                      = var.cluster_config.nodes_count
+  node_flavor                     = var.cluster_config.node_flavor
+  node_storage_type               = var.cluster_config.node_storage_type
+  node_storage_size               = var.cluster_config.node_storage_size
   node_storage_encryption_enabled = true
 
   autoscaler_node_min = var.cluster_config.nodes_count
@@ -55,7 +50,7 @@ module "cce" {
 
 module "loadbalancer" {
   source       = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/loadbalancer"
-  version      = "5.2.1"
+  version      = "5.3.0"
   context_name = var.context
   subnet_id    = module.vpc.subnets["kubernetes-subnet"].subnet_id
   stage_name   = var.stage
@@ -64,7 +59,7 @@ module "loadbalancer" {
 
 module "private_dns" {
   source    = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/private_dns"
-  version   = "5.2.1"
+  version   = "5.3.0"
   domain    = "vpc.private"
   a_records = {
     kubernetes = [split(":", trimprefix(module.cce.cluster_private_ip, "https://"))[0]]
@@ -74,7 +69,7 @@ module "private_dns" {
 
 module "public_dns" {
   source    = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/public_dns"
-  version   = "5.2.1"
+  version   = "5.3.0"
   domain    = var.domain_name
   email     = var.email
   a_records = {
@@ -98,7 +93,7 @@ resource "opentelekomcloud_kms_key_v1" "storage_class_kms_key" {
 module "encyrpted_secrets_bucket" {
   providers         = { opentelekomcloud = opentelekomcloud.top_level_project }
   source            = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/obs_secrets_writer"
-  version           = "5.2.1"
+  version           = "5.3.0"
   bucket_name       = replace(lower("${data.opentelekomcloud_identity_project_v3.current.name}-${var.context}-${var.stage}-stage-secrets"), "_", "-")
   bucket_object_key = "terraform-secrets"
   secrets           = {
