Merge pull request #80 from hyder/v12

variables with id renaming, bastion image changes

Author: hyder

CHANGELOG.adoc

@@ -7,34 +7,88 @@ All notable changes to this project are documented in this file.
 
 The format is based on {uri-changelog}[Keep a Changelog].
 
-== 1.0.0-RC1 (August 27,2019)
+== v1.0.0 (September 27,2019)
+
+=== Changes
+* changed all variables_ocids to ids
+* using Oracle Linux only for bastion now
+* updated docs
+
+== v1.0.0-beta.4 (September 24,2019)
+
+=== Improvements
+
+* Added integration with OCI KMS for encrypting K8s secrets
+* Added outputs for instance_principal dynamic group, enabled update_dynamic_group.sh
+* Updated documentation for KMS
+* New module for KMS usage policies
+
+=== Changes
+* Set minimum version of Terraform to 0.12.8
+* Changes in variable file - removed redundant variables e.g. nodepool_topology, quantity_per_subnet, preferred lb_subnets
+* Updated documentation
+* terraform.tfvars.example
+
+== v1.0.0-beta.3 (September 16,2019)
+
+=== Improvements
+
+* Networking
+** Worker and load balancer subnets now use regional subnets
+** Simplified network topology for both multi and single AD regions
+
+=== Changes
+* Set minimum version of Terraform to 0.12.8
+* Changes in variable file - removed redundant variables e.g. nodepool_topology, quantity_per_subnet, preferred lb_subnets
+* Updated documentation
+* terraform.tfvars.example
+
+== v1.0.0-beta.2 (September 13,2019)
+
+=== Improvements
+
+* Bastion
+** Changed default bastion shape to the smaller (and cheaper) VM.Standard.E2.1
+
+* Worker nodes
+** Added ability to support mixed Kubernetes workloads by choosing different shapes for each node pool
+
+=== Changes
+. Set minimum version of Terraform to 0.12.5
+. Temporarily disabled calico installation option
+
+== v1.0.0-beta.1 (August 27,2019)
 
 === Notes
 * In order to use private load balancers, the necessary oci load balancer annotations must be used.
 
 === Improvements
+* Bastion
+** Added ability to restrict access to bastion host to a CIDR block
+** Bash aliases for kubectl (k) and helm (h)
+** Generated script (tesseract.sh) to ssh to the bastion
+**Optional addition and initialization of incubator and jetstack repos on the bastion
 
-* Added ability to restrict access to bastion host to a CIDR block
-* Bash aliases for kubectl (k) and helm (h)
-* Generated script (tesseract.sh) to ssh to the bastion
-* Optional addition and initialization of incubator and jetstack repos on the bastion
-* Service Gateway routing is now automatically added when service gateway is enabled. Worker nodes can now use the service gateway to access Object Storage, Streaming and other OCI Services without manual configuration of routing and security lists
-* Separate and simplified security lists for public and private workers
-* Added private subnets for internal load balancers
-* Improved subnet defaults:
-** Avoid potential overlapping subnets when creating or scaling large clusters to maximum cluster size
-** Bastion: maximum of 5
-** Load Balancers: maximum of 29 per subnet
-** Worker subnets: maximum of 16380 per subnet, allowing clusters to scale to the maximum that is supported by Kubernetes (5000)
-* Ability to choose load balancer types (public or internal)
-* Improved load balancer selection algorithm. There's no need to toggle the load balancer code for single AD regions anymore
-* Added ability to specify preferred AD pair for load balancers in 3*AD regions
-* Minimum of 3 worker nodes per subnet to ensure adequate number of fault domains in single AD regions
-* Added ability to specify image OCID or choose OS version for worker nodes
-* Improved documentation
+* Networking
+** Separate and simplified security lists for public and private workers
+** Added private subnets for internal load balancers
+** Improved subnet defaults:
+*** Avoid potential overlapping subnets when creating or scaling large clusters to maximum cluster size
+*** Bastion: maximum of 5
+*** Load Balancers: maximum of 29 per subnet
+*** Worker subnets: maximum of 16380 IPv4 addresses per subnet
+** Ability to choose load balancer types (public or internal)
+** Improved load balancer selection algorithm. There’s no need to toggle the load balancer code for single AD regions anymore
+** Added ability to specify preferred AD pair for load balancers in 3*AD regions
+** Minimum of 3 worker nodes per subnet to ensure adequate number of fault domains in single AD regions
+** Service Gateway routing is now automatically added when service gateway is enabled. Worker nodes can now use the service gateway to access Object Storage, Streaming and other OCI Services without manual configuration of routing and security lists
 
-=== Changes
+* Worker nodes
+** Added ability to specify image OCID or choose OS version for worker nodes
+
+*Improved documentation
 
+===Changes
 * Completed upgrade of Terraform code to 0.12
 * Documentation uses asciidoc
 * instance_principal is now disabled by default on the bastion

CONTRIBUTING.adoc

@@ -14,7 +14,7 @@ an issue too.
 == Contributing to the terraform-oci-oke repository
 
 Pull requests can be made under
-{uri-oracle-oca} [The Oracle Contributor Agreement](OCA).
+{uri-oracle-oca}[The Oracle Contributor Agreement](OCA).
 
 For pull requests to be accepted, the bottom of your commit message must have
 the following line using your name and e-mail address as it appears in the

CONTRIBUTORS.adoc

@@ -24,6 +24,7 @@ CONTRIBUTORS
 - @kapmani
 - @briangustafson
 - @sahitgollapudi
+- @priteshkp
 
 Others:
 

docs/configuration.adoc

@@ -79,9 +79,9 @@ Enter the values for the following parameters in the terraform.tfvars file:
 * api_fingerprint
 * api_private_key_path
 * compartment_name
-* compartment_ocid
-* tenancy_ocid
-* user_ocid
+* compartment_id
+* tenancy_id
+* user_id
 
 e.g.
 
@@ -129,7 +129,7 @@ The networking parameters concern the VCN and the subnets network configuration
 
 You can leave most of the default options. However, you may want to change the following 2 parameters:
 
-* vcn_dns_name: this is the internal dns domain for resources created
+* vcn_dns_label: this is the internal dns domain for resources created
 * vcn_name: this is the name of the vcn that will be appended to the label prefix
 
 ****
@@ -224,7 +224,7 @@ The KMS integration parameters control whether {uri-oci-kms}[OCI Key Management
 create_bastion = true
 enable_instance_principal = true
 use_encryption = true
-existing_key_id = <existing_key_ocid>
+existing_key_id = <existing_key_id>
 ----
 
 {uri-terraform-options}#kms-integration[Reference]

docs/instructions.adoc

@@ -156,7 +156,7 @@ enable_instance_principal = "true"
 and verify:
 
 ----
-oci network vcn list --compartment-id <compartment-ocid>
+oci network vcn list --compartment-id <compartment-id>
 ----
 
 ==== Disabling instance_principal on the bastion host

docs/prerequisites.adoc

@@ -111,7 +111,7 @@ The following OCIDs are required:
 . Tenancy OCID
 . User OCID
 
-Follow the documentation for obtaining the tenancy and user ocids on {uri-oci-ocids}[OCI Documentation].
+Follow the documentation for obtaining the tenancy and user ids on {uri-oci-ocids}[OCI Documentation].
 
 To obtain the compartment OCID:
 

docs/quickstart.adoc

@@ -49,10 +49,10 @@ cp terraform.tfvars.example terraform.tfvars
 
 * api_fingerprint
 * api_private_key_path
-* compartment_ocid
+* compartment_id
 * compartment_name
-* tenancy_ocid
-* user_ocid
+* tenancy_id
+* user_id
 
 3. Override other parameters:
 
@@ -61,7 +61,7 @@ cp terraform.tfvars.example terraform.tfvars
 4. Optional parameters to override:
 * ssh_private_key_path
 * ssh_public_key_path
-* vcn_dns_name
+* vcn_dns_label
 * vcn_name
 * create_bastion
 * cluster_name

docs/terraformoptions.adoc

@@ -60,18 +60,18 @@ Configuration Terraform Options:
 |
 |None
 
-|compartment_ocid
-|Compartment ocid where the OKE Cluster will be provisioned. *Required*
+|compartment_id
+|Compartment id where the OKE Cluster will be provisioned. *Required*
 |
 |None
 
-|tenancy_ocid
-|Tenancy ocid of the user. *Required*
+|tenancy_id
+|Tenancy id of the user. *Required*
 |
 |None
 
-|user_ocid
-|User's ocid. *Required*
+|user_id
+|User's id. *Required*
 |
 |None
 
@@ -140,7 +140,7 @@ Configuration Terraform Options:
 |
 |10.0.0.0/16
 
-|vcn_dns_name
+|vcn_dns_label
 |The internal DNS domain for resources created and prepended to "oraclevcn.com" which is the VCN-internal domain name.
 |
 |oke
@@ -237,19 +237,9 @@ subnets = {
 |ANYWHERE
 
 |enable_instance_principal
+|Whether to enable instance_principal on the bastion. Refer to {uri-docs}/instructions.adoc/#enabling-instance_principal-on-the-bastion-host[instance_principal]
 |
 |
-|
-
-|image_operating_system
-|The Operating System image to be used to provision the bastion.
-|Oracle Linux, CentOS, Canonical Ubuntu
-|Oracle Linux
-
-|image_operating_system_version
-|The version of the selected Operating System to be used to provision the bastion host. Matching versions of available operating systems can be found {uri-oci-images}[here].
-|
-|7.7
 
 |availability_domains
 |The Availability Domain where to provision non-OKE resources e.g. bastion host. This is specified in the form of a map.
@@ -266,11 +256,6 @@ availability_domains = {
   "bastion"     = 1
 ----
 
-|bastion_package_update
-|Whether to update the apt database on first boot. Only applicable if the bastion host uses Ubuntu as Linux distribution.
-|true/false
-|true
-
 |bastion_package_upgrade
 |Whether to upgrade the instance on first boot. If you choose Ubuntu for the bastion and you set this to true, also set the package_update to true as well.
 |true/false
@@ -420,12 +405,12 @@ Refer to {uri-topology}[topology] for more thorough examples.
 |None
 
 |tenancy_name
-|The *_name_* of the tenancy to be used when creating the Docker secret.  This is different from tenancy_ocid. *Required* if create_auth_token is set to true.
+|The *_name_* of the tenancy to be used when creating the Docker secret.  This is different from tenancy_id. *Required* if create_auth_token is set to true.
 |
 |None
 
 |username
-|The username that can login to the selected tenancy. This is different from tenancy_ocid. *Required* if create_auth_token is set to true.
+|The username that can login to the selected tenancy. This is different from tenancy_id. *Required* if create_auth_token is set to true.
 
 |
 |None
@@ -513,6 +498,6 @@ Refer to {uri-topology}[topology] for more thorough examples.
 |false
 
 |existing_key_id
-|ocid of existing KMS key
+|id of existing KMS key
 |
 |

locals.tf

@@ -7,9 +7,9 @@ locals {
     api_fingerprint      = var.api_fingerprint
     api_private_key_path = var.api_private_key_path
     compartment_name     = var.compartment_name
-    compartment_ocid     = var.compartment_ocid
-    tenancy_ocid         = var.tenancy_ocid
-    user_ocid            = var.user_ocid
+    compartment_id       = var.compartment_id
+    tenancy_id           = var.tenancy_id
+    user_id              = var.user_id
   }
 
   oci_base_ssh_keys = {
@@ -25,7 +25,7 @@ locals {
 
   oci_base_vcn = {
     vcn_cidr               = var.vcn_cidr
-    vcn_dns_name           = var.vcn_dns_name
+    vcn_dns_label           = var.vcn_dns_label
     vcn_name               = var.vcn_name
     create_nat_gateway     = var.create_nat_gateway
     nat_gateway_name       = var.nat_gateway_name
@@ -40,22 +40,19 @@ locals {
     create_bastion                 = var.create_bastion
     bastion_access                 = var.bastion_access
     enable_instance_principal      = var.enable_instance_principal
-    image_ocid                     = var.image_ocid
-    image_operating_system         = var.image_operating_system
-    image_operating_system_version = var.image_operating_system_version
+    image_id                       = var.image_id
     availability_domains           = var.availability_domains["bastion"]
-    package_update                 = var.bastion_package_update
     package_upgrade                = var.bastion_package_upgrade
   }
 
   ocir = {
     api_fingerprint      = var.api_fingerprint
     api_private_key_path = var.api_private_key_path
-    compartment_ocid     = var.compartment_ocid
+    compartment_id       = var.compartment_id
     create_auth_token    = var.create_auth_token
     home_region          = module.base.home_region
-    tenancy_ocid         = var.tenancy_ocid
-    user_ocid            = var.user_ocid
+    tenancy_id           = var.tenancy_id
+    user_id              = var.user_id
   }
 
   oke_general = {
@@ -81,15 +78,14 @@ locals {
   }
 
   oke_identity = {
-    compartment_ocid = var.compartment_ocid
-    user_ocid        = var.user_ocid
+    compartment_id = var.compartment_id
+    user_id        = var.user_id
   }
 
   oke_bastion = {
     bastion_public_ip         = module.base.bastion_public_ip
     create_bastion            = var.create_bastion
     enable_instance_principal = var.enable_instance_principal
-    image_operating_system    = var.image_operating_system
   }
 
   oke_cluster = {

main.tf

@@ -56,7 +56,7 @@ module "network" {
   source = "./modules/okenetwork"
 
   # identity parameters
-  compartment_ocid = var.compartment_ocid
+  compartment_id = var.compartment_id
 
   # general parameters
   oke_general = local.oke_general