Skip to content

v4.0.0-RC1

Pre-release
Pre-release

Choose a tag to compare

View all tags
@hyder hyder released this 07 Oct 04:51
· 143 commits to 4.x since this release
v4.0.0-RC1
ef83bf6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Breaking changes

  • Set minimum version to Terraform 1.0.0
  • Removed base module and use vcn, bastion and operator modules directly
  • Renamed and standardized all control variables
  • Removed deprecated template provider dependencies
  • Made bastion and operator modules conditional
  • Removed identity parameters in between modules to improve reusability
  • Renamed okenetwork submodule to network
  • Created a new submodule (extensions) and moved all scripts and extra things there
  • Moved dynamic group and policy for kms into oke module
  • Added a 30s delay between policy creation for kms and cluster creation to allow for global propagation
  • Added a home provider in oke module for dynamic group and policy creation
  • Changed from security list to NSGs for better flexibility

Changes

  • Changed default Kubernetes version to v1.20.8 and removed v1.16.8, v1.17.9 from docs.
  • Added support for GPU and ARM shapes (#302)
  • VCN module upgraded to VCN 3.0.0. This allows supporting multiple cidr blocks (#360)
  • Bastion and operator sub-modules upgraded to 3.0.0 (#183)
  • kubeconfig on operator always uses PRIVATE_ENDPOINT (#358)
  • Documented providers in quickstart (#355)
  • Renamed tags to freeform_tags in line with other modules (#364)
  • Added validation on some variables (#370)

New Features

  • Added OCI Bastion Service as option to access operator or control plane
  • Added support for reserved public IP address for NAT gateway (#311)
  • Added LPGs for hub and spoke deployment model (#295)
  • Allow access to operator via OCI Bastion service (#352)
  • Added support for using NSGs for cluster endpoint (#343)
  • Added option to disable worker node access to Internet. Users can only pull images from OCIR (#331)
  • Added ability to specify api and private ssh keys using heredoc format with a variable (#375)

Bug fixes

  • Added home region to update dynamic group script for cases when actual region is different from tenancy home region (#347)
  • Added 1 missing rule for operator to access control plane (#349)

Known issues

  • Enabling WAF has to be done in 2 stages:
    • Create the cluster along with the VCN and other resources without WAF enabled by setting enable_waf=false
    • Subsequently enable WAF by setting enable_waf=true
Assets 2
Loading