v4.0.2

What's Changed

• others: added 3rd party attributions by @hyder in #428
• fix: added 1 additional rule to allow control plane to be accessed by specified list of cidr blocks by @hyder in #431

Full Changelog: v4.0.1...v4.0.2

v4.0.1

4.0.1

Changes

• added home provider argument in remote module usage example (#421)

New Features

• Added Marseille, Singapore and Jerusalem as supported regions (#423)

v4.0.0

4.0.0

Breaking changes

• Set minimum version to Terraform 1.0.0
• Removed base module and use vcn, bastion and operator modules directly
• Renamed and standardized all control variables
• Removed deprecated template provider dependencies
• Made bastion and operator modules conditional
• Removed identity parameters in between modules to improve reusability
• Renamed okenetwork submodule to network
• Created a new submodule (extensions) and moved all scripts and extra things there
• Moved dynamic group and policy for kms into oke module
• Added a 30s delay between policy creation for kms and cluster creation to allow for global propagation
• Added a home provider in oke module for dynamic group and policy creation
• Changed from security list to NSGs for better flexibility and security (#398)

Changes

• Changed default Kubernetes version to v1.20.11 and removed v1.16.8, v1.17.9 from docs.
• Added support for GPU and ARM shapes (#302)
• VCN module upgraded to VCN 3.0.0. This allows supporting multiple cidr blocks (#360)
• Bastion and operator sub-modules upgraded to 3.0.0 (#183)
• kubeconfig on operator always uses PRIVATE_ENDPOINT (#358)
• Documented providers in quickstart (#355)
• Renamed tags to freeform_tags in line with other modules (#364)
• Added validation on some variables (#370)

New Features

• Added OCI Bastion Service as option to access operator or control plane
• Added support for reserved public IP address for NAT gateway (#311)
• Added LPGs for hub and spoke deployment model (#295)
• Allow access to operator via OCI Bastion service (#352)
• Added support for using NSGs for cluster endpoint (#343)
• Added option to disable worker node access to Internet. Users can only pull images from OCIR (#331)
• Added ability to specify api and private ssh keys using heredoc format with a variable (#375)

Bug fixes

• Added home region to update dynamic group script for cases when actual region is different from tenancy home region (#347)
• Added 1 missing rule for operator to access control plane (#349)
• Added security list for OCI Bastion service to access the control plane (#408)
• Updated topology diagrams to show correct traffic flow (#412)
• Changed bastion type to STANDARD to avoid destruction (#409)

Known issues

• Enabling WAF has to be done in 2 stages:
  • Create the cluster along with the VCN and other resources without WAF enabled by setting enable_waf=false
  • Subsequently enable WAF by setting enable_waf=true

v4.0.0-RC1

Breaking changes

• Set minimum version to Terraform 1.0.0
• Removed base module and use vcn, bastion and operator modules directly
• Renamed and standardized all control variables
• Removed deprecated template provider dependencies
• Made bastion and operator modules conditional
• Removed identity parameters in between modules to improve reusability
• Renamed okenetwork submodule to network
• Created a new submodule (extensions) and moved all scripts and extra things there
• Moved dynamic group and policy for kms into oke module
• Added a 30s delay between policy creation for kms and cluster creation to allow for global propagation
• Added a home provider in oke module for dynamic group and policy creation
• Changed from security list to NSGs for better flexibility

Changes

• Changed default Kubernetes version to v1.20.8 and removed v1.16.8, v1.17.9 from docs.
• Added support for GPU and ARM shapes (#302)
• VCN module upgraded to VCN 3.0.0. This allows supporting multiple cidr blocks (#360)
• Bastion and operator sub-modules upgraded to 3.0.0 (#183)
• kubeconfig on operator always uses PRIVATE_ENDPOINT (#358)
• Documented providers in quickstart (#355)
• Renamed tags to freeform_tags in line with other modules (#364)
• Added validation on some variables (#370)

New Features

• Added OCI Bastion Service as option to access operator or control plane
• Added support for reserved public IP address for NAT gateway (#311)
• Added LPGs for hub and spoke deployment model (#295)
• Allow access to operator via OCI Bastion service (#352)
• Added support for using NSGs for cluster endpoint (#343)
• Added option to disable worker node access to Internet. Users can only pull images from OCIR (#331)
• Added ability to specify api and private ssh keys using heredoc format with a variable (#375)

Bug fixes

• Added home region to update dynamic group script for cases when actual region is different from tenancy home region (#347)
• Added 1 missing rule for operator to access control plane (#349)

Known issues

• Enabling WAF has to be done in 2 stages:
  • Create the cluster along with the VCN and other resources without WAF enabled by setting enable_waf=false
  • Subsequently enable WAF by setting enable_waf=true

v4.0.0-BETA.5

Changes

• Upgraded bastion and operator modules to v3.0.0
• Added a home region parameter to simplify home provider initialization

v4.0.0-BETA.4

Changes

• Refactored modules: renamed okenetwork to network, created new submodule (extensions)
• Renamed tags to freeform_tags
• Added validation on some variables
• Updated documentation and some more variables renaming
• Secret creation changes
• Added private ssh key as variable

v4.0.0-BETA.1

Breaking changes

• removed base module and use vcn, bastion and operator modules directly
• renamed and standardized all control variables
• removed deprecated template provider dependencies
• made bastion and operator modules conditional
• added LPGs for hub and spoke deployment model
• set minimum version to Terraform 1.0.0
• removed identity parameters in between modules

v3.3.0

Additions

• Support for using reserved public IP address for NAT Gateway (#311) with new parameter nat_gateway_public_ip_id
• Support for GPU and ARM Shapes (#302 )
• Conditional checks for WAF CIDR block data source

Changes

• Default Kubernetes version changed to v1.20.8

Fixes

• Use correct manifest to install Calico as policy (#306)

v3.2.0

Additions

• Added faster kubectl script. Thanks @joelezell-conga, @rgmccaw, Richard Exley
• Added support for VCN native endpoint for Kubernetes (#270)
  • Added a subnet for control plane
  • Added 2 parameters (cluster_access and cluster_source) to control access to Kubernetes API endpoint
• Added support for initial node labels (#265)
  • Node labels can now be specified in node_pools
• Added support for enforcing use of signed images from registry (#274)
  • Added use_signed_images to enable enforcing use of signed images
  • Added image_signing_keys to specifiy list of signing keys
• Added ability to specify node_pool_os_version with node_pool_os_version (#281)
• Added cluster_id and nodepool_ids as outputs for improved reusability (#296). Thanks @yasn77
• Changed base module version to 2.2.1. This allows:
  • controlling the state of the bastion using bastion_state (RUNNING or STOPPED)
  • choosing between Oracle Linux 7.X or 8 for the operator host by using operator_version (#248). Thanks @bieksaz
  • creating a new DRG with create_drg
  • naming new DRG with drg_display_name
  • attaching an existing DRG
  • adding custom route rules on the NAT and Internet gateway route table to facilitate hybrid, multi-cloud deployment using nat_gateway_route_rules and internet_gateway_route_rules (#279)
  • locking down default security lists with lockdown_default_seclist

Changes

• Updated permissions required in documentation (#292). Thanks @atimgraves
• Made node pool image updatable (#286)
• Changed deprecated map function (#283)
• Reworked the subnet boundaries for bastion and operator hosts (#270)
• Updated and simplified OKE security lists to support VCN native endpoints (#270)
• All port numbers and stateless are now in integer and boolean formats respectively (#270)
• Updated default Kubernetes version to v 1.19.7
• Updated documentation and topology diagrams
• Fixed incorrect namespace issue when creating secret for OCIR (#267)
• Narrow permissions for kubeconfig file (#276). Thanks @mthmulders

Deletions

• Removed hardcoded WAF CIDRs and used data source instead.

v3.2.0-RC2

Changes

• Fix for incorrect namespace when creating secret for OCIR. There's no need to supply tenancy name anymore (#267)
• Narrower permission for kubeconfig file (thanks @mthmulders)
• Fix for no match for node_pool_os_version (#281)
• Bug fix for deprecated map function for okenetwork module output ( #283)
• Allow updating of node pool image (#286)

Additions

• Added support for enforcing use of signed images (#274)
• Added ability to support custom route rules in NAT gateway route table
• Added initial node labels (#265)