All notable changes to this project are documented in this file.
The format is based on Keep a Changelog.
-
Upgraded base module to 1.3.3 to temporarily disable OSMS as fix for #225
-
Unable to install kube in operator (#197)
-
node_pool_image_id value should be "none" in case no custom image is used. In previous versions, this was in upper case (#207)
-
Missing security rule when workers are in public mode (#183)
-
Updated docs for terraform options and for resetting nodepool_drain (#190)
-
Upgraded base module to 1.3.0 (#191)
-
Removed nat_gateway_enabled variable. Determination of whether the NAT gateway is needed is now done automatically (#192)
-
Removed "LATEST" from acceptable values for kubernetes_version so that upgrade can be performed (#193)
-
Internal load balancer subnet uses wrong routing table (#194)
-
Added option to enable admission controllers and PodSecurityPolicy (#150)
-
Added ability to upgrade OKE cluster and worker nodes using out-of-place method (#178)
-
Changed node pools specification from list to map so the specific node pool is deleted when removed from the variable (#179)
-
Made minimum worker node pool to 1 to allow experimentation on free tier ( #180 )
-
Made label_prefix optional (#181)
-
Added trigger for check_worker_node_active (#182)
-
Removed disable_auto_retries in quick start guide (#185)
-
Upgraded base module to 1.2.2 (#165)
-
Renamed all admin to operators
-
Standardized features with _enabled
-
Improved tagging
-
Use OCI Secret in Vault to retrieve Auth Token for creating Kubernetes secret for OCIR. This allows reuse of existing Auth Tokens (#153)
-
Added Montreal as supported region (#160)
-
Fixed issue with admin host ordering of oci-cli installation, instance_principal creation and kubeconfig generation (#143)
-
Upgraded base module to 1.1.3 to be able to detect when admin instance_principal is ready
-
Removed unnecessary token variable version and expiration
-
removed provider.tf so module can be used from hashicorp registry, added instructions for using this repo and hashicorp module (#130)
-
fixed incorrect part about bastion host and tools in topology (#141)
-
upgraded default helm version on admin host to 3.1.1 (#134)
-
fixed broken links in README.md (#132)
-
updated documentation in topology to use netnum instead of previous variable name
-
base module now points to the published base module on hashicorp registry
-
updated descriptions in variables, outputs and formatting to publish to hashicorp registry
-
added readme in markdown to publish to hashicorp registry
-
removed unused kms variables and module
-
updated documentation to indicated required values
-
Install latest version of kubectl into admin host (#119)
-
Added OCIR support for new regions (#122)
-
Changed nodepools image specs from node_image_id to node_source_details (#124)
-
Base module now pointing directly to https://github.com/oracle-terraform-modules/terraform-oci-base v1.1.0
-
Local copy of base module removed
-
Disabled Kubernetes dashboard by default (#117)
-
fixed issue with compartment id when using KMS #112
-
added ServiceAccount for CI/CD #113
-
Use compartment id instead of compartment name for policies #86
-
Updated available list of Kubernetes versions in Terraform options #90
-
Added admin host for operations instead of using the bastion server. This is required because of changing to kubeconfig v2 #91
-
Installed Python3, oci-cli on admin host. oci-cli will require Python3 after January 2020 #91
-
Switched all operations from bastion to admin host #91
-
Switched from kubeconfig v1 to v2, generated by oci-cli instead of uploading #98
-
Helm upgraded to version 3.0.0 #100
-
incubator and jetstack helm repos removed as they can now be searched from helm hub #100
-
tiller disabled and option to enable it is removed #100
-
Fixed bug for empty tuple in data.oci_core_images.oracle_images when use_autonomous=true #103
-
Set minimum version of Terraform to 0.12.16
-
Helm upgraded to version 3.0.0 #100
-
incubator and jetstack helm repos removed as they can now be searched from helm hub #100
-
tiller disabled and option to enable it is removed #100
-
Fixed bug for empty tuple in data.oci_core_images.oracle_images when use_autonomous=true #103
-
Set minimum version of Terraform to 0.12.16
-
Added admin host for operations instead of using the bastion server #91
-
Installed Python3, oci-cli #91
-
Switched from kubeconfig v1 to v2, generated by oci-cli instead of uploading #98
-
Switched all operations from bastion to admin host #91
-
Use compartment id instead of compartment name for policies #86
-
Updated available list of Kubernetes versions in Terraform options #90
-
Added integration with OCI KMS for encrypting K8s secrets
-
Added outputs for instance_principal dynamic group, enabled update_dynamic_group.sh
-
Updated documentation for KMS
-
New module for KMS usage policies
-
Networking
-
Worker and load balancer subnets now use regional subnets
-
Simplified network topology for both multi and single AD regions
-
-
Bastion
-
Changed default bastion shape to the smaller (and cheaper) VM.Standard.E2.1
-
-
Worker nodes
-
Added ability to support mixed Kubernetes workloads by choosing different shapes for each node pool
-
-
In order to use private load balancers, the necessary oci load balancer annotations must be used.
-
Bastion
-
Added ability to restrict access to bastion host to a CIDR block
-
Bash aliases for kubectl (k) and helm (h)
-
Generated script (tesseract.sh) to ssh to the bastion **Optional addition and initialization of incubator and jetstack repos on the bastion
-
-
Networking
-
Separate and simplified security lists for public and private workers
-
Added private subnets for internal load balancers
-
Improved subnet defaults:
-
Avoid potential overlapping subnets when creating or scaling large clusters to maximum cluster size
-
Bastion: maximum of 5
-
Load Balancers: maximum of 29 per subnet
-
Worker subnets: maximum of 16380 IPv4 addresses per subnet
-
-
Ability to choose load balancer types (public or internal)
-
Improved load balancer selection algorithm. There’s no need to toggle the load balancer code for single AD regions anymore
-
Added ability to specify preferred AD pair for load balancers in 3*AD regions
-
Minimum of 3 worker nodes per subnet to ensure adequate number of fault domains in single AD regions
-
Service Gateway routing is now automatically added when service gateway is enabled. Worker nodes can now use the service gateway to access Object Storage, Streaming and other OCI Services without manual configuration of routing and security lists
-
-
Worker nodes
-
Added ability to specify image OCID or choose OS version for worker nodes
-
*Improved documentation
===Changes * Completed upgrade of Terraform code to 0.12 * Documentation uses asciidoc * instance_principal is now disabled by default on the bastion * helm upgraded to version 2.14.3