Releases: oracle-terraform-modules/terraform-oci-oke
Releases · oracle-terraform-modules/terraform-oci-oke
v2.0.0-beta.1
- Added admin host for operations instead of using the bastion server #91
- Installed Python3, oci-cli #91
- Switched from kubeconfig v1 to v2, generated by oci-cli instead of uploading #98
- Switched all operations from bastion to admin host #91 in order to support #98
- Use compartment id instead of compartment name for policies #86
- Updated available list of Kubernetes versions in Terraform options #90
- Updated Oracle Linux version to 7.7 #89
v1.0.0
Changes
- Code changes to support Terraform 0.12 (Minimum version 0.12.8)
- Helm upgraded to 2.14.3
- Upgraded calico to 3.9
- Bastion uses Oracle Linux only
- Updates to variables (renaming, removing)
- Documentation and topology
- instance_principal disabled by default
Improvements
Bastion
- Added ability to restrict access to bastion host to a CIDR block
- Bash aliases for kubectl (k) and helm (h)
- Generated script (tesseract.sh) to ssh to the bastion
- Optional addition and initialization of incubator and jetstack repos on the bastion
- Default bastion shape to the smaller (and cheaper) VM.Standard.E2.1
Networking
- Simplified network topology for both multi and single AD regions
- Separate and simplified security lists for public and private workers
- Worker and load balancer subnets now use regional subnets
- Added private subnets for internal load balancers
- Improved subnet defaults:
- Avoid potential overlapping subnets when creating or scaling large clusters to maximum cluster size
- Bastion: maximum of 5
- Load Balancers: maximum of 29 per subnet
- Worker subnets: maximum of 16380 IPv4 addresses per subnet
- Service Gateway routing is now automatically added when service gateway is enabled. Worker nodes can now use the service gateway to access Object Storage, Streaming and other OCI Services without manual configuration of routing and security lists
Load Balancer
- Ability to choose load balancer types (public or internal)
Note
In order to use private load balancers, the necessary oci load balancer annotations must be used.
Node pools and worker nodes
- Added ability to specify cutom image id or choose OS version for worker nodes
- More flexible way of defining node pools, shapes and sizes
- Added ability to support mixed Kubernetes workloads by choosing different shapes for each node pool
- Better resilience for worker nodes by using Fault Domains
- Topologies 2 and 3 removed in favour of single topology using the new node pool configuration
New Features
- Integration with OCI KMS for encrypting Kubernetes secrets
- Optional metric_server installation for HPA
v1.0.0-beta.4
Improvement
- Added integration with OCI KMS for encrypting K8s secrets
- Added outputs for instance_principal dynamic group, enabled update_dynamic_group.sh
- Updated documentation for KMS
- New module for KMS usage policies
v1.0.0-beta.3
Improvements
- Networking
- Worker and load balancer subnets now use regional subnets
- Simplified network topology for both multi and single AD regions
Changes
- Set minimum version of Terraform to 0.12.8
- Changes in variable file - removed redundant variables e.g. nodepool_topology, quantity_per_subnet, preferred lb_subnets
- Updated documentation
- terraform.tfvars.example
v1.0.0-beta.2
Improvements
- Bastion
- Changed default bastion shape to the smaller (and cheaper) VM.Standard.E2.1
- Worker nodes
- Added ability to support mixed Kubernetes workloads by choosing different shapes for each node pool
Changes
- Set minimum version of Terraform to 0.12.5
- Temporarily disabled calico installation option
v1.0.0-beta.1
Improvements
- Bastion
- Added ability to restrict access to bastion host to a CIDR block
- Bash aliases for kubectl (k) and helm (h)
- Generated script (tesseract.sh) to ssh to the bastion
- Optional addition and initialization of incubator and jetstack repos on the bastion
- Networking
- Separate and simplified security lists for public and private workers
- Added private subnets for internal load balancers
- Improved subnet defaults:
- Avoid potential overlapping subnets when creating or scaling large clusters to maximum cluster size
- Bastion: maximum of 5
- Load Balancers: maximum of 29 per subnet
- Worker subnets: maximum of 16380 IPv4 addresses per subnet
- Ability to choose load balancer types (public or internal)
- Improved load balancer selection algorithm. There’s no need to toggle the load balancer code for single AD regions anymore
- Added ability to specify preferred AD pair for load balancers in 3*AD regions
- Minimum of 3 worker nodes per subnet to ensure adequate number of fault domains in single AD regions
- Service Gateway routing is now automatically added when service gateway is enabled. Worker nodes can now use the service gateway to access Object Storage, Streaming and other OCI Services without manual configuration of routing and security lists
- Worker nodes
- Added ability to specify image OCID or choose OS version for worker nodes
- Improved documentation
Changes
- Completed upgrade of Terraform code to 0.12
- Documentation uses asciidoc
- instance_principal is now disabled by default on the bastion
- helm upgraded to version 2.14.3