network-sg: add support for all rule types: ip cidrs, service cidrs and nsg ids.- see the example in the module for how to use the new variable.
- the default value is
CIDR_BLOCKto ensure backward compatibility. - add new variables:
var.network_security_groups.*.*.typevar.network_security_groups.*.*.ipsvar.network_security_groups.*.*.nsg_idsvar.network_security_groups.*.*.service_cidrs
- They are optional based on the type, if type is not set, then
var.network_security_groups.*.*.ipsbecomes mandatory.
kubernetes: Ability to add user defined tags for OKE nodes by using the optional variablenode_pools.*.defined_tags
instances: Ignore changes made tometadata.user_datain any instance, since changing the value will destroy and recreate the instance.
resource "oci_core_instance" "instances" {
...
...
metadata = {
ssh_authorized_keys = each.value.autherized_keys
user_data = lookup(each.value.optionals, "user_data", null)
}
lifecycle {
ignore_changes = [
metadata["user_data"] <------------------------------ note this
]
}
}None
network-sg: change input type to support ports range invar.network_security_groups.*.portsvariable.
None
network-sgmodules input fornetwork_security_groupsis updated. The subkeyportis replaced withportsand it is now a map of two objectsmaxandmin.
network_security_groups = {
"group_1" = {
"rule_1" = {
direction = "INGRESS"
protocol = "tcp"
port = { min : 9090, max : 9090 }
ips = ["192.168.100.12", "192.168.100.12"]
}
}
}- Currently there is no easy migration path for this change, since the terraform resource name is updated. However, destroying and recreating the rules is the best and fastest way to do it, however, it might impact your networks for few minutes. Alternatively, reference the new release in a new module definition, and migration your rules one by one.
identity: add new argumentcapabilitiesinvar.service_accountsvariable.
- Correct
pathargument bysourceargument to specify the module path inidentitymodule usage examples inREADME.md.
identitymodules input forservice_accountsis updated. A new keycapabilitiesis now required undervar.service_accounts.*.- Add
capabilitiesand set its value to{}.
- Add
from:
module "identity" {
...
service_accounts = toset(["terraform-cli"])
...
}to:
module "identity" {
...
service_accounts = {
"terraform-cli" = {
name = "terraform-cli",
capabilities = {}
}
}
...
}instances: add new argumentavailability_config. for VM migration during infrastructure maintenance events
None
instancesmodules input is updated. A new keyavailability_configis now required undervar.instances.*.config.- Add
is_live_migration_preferredand set its value totrue. Example of partial instance object. - Add
recovery_actionand set its value toRESTORE_INSTANCE. Example of partial instance object.
- Add
instances = {
...
...
...
network_sgs_ids = [
"ocixxxxxx.xxxxxx.xxxxx", "ocixxxxxx.xxxxxx.xxxxx",
]
primary_vnic = {
primary_ip = ""
secondary_ips = {}
}
availability_config = { <--------------------------------------------------- note this block
recovery_action = "RESTORE_INSTANCE"
is_live_migration_preferred = false
}
}
...
...
None
Change VNIC's skip_source_dest_check to an optional variable input.
None
instances: addboot_volume_backup_policiesto the input as optional value.instances: addinstances[*].optional.reference_to_backup_policy_key_nameto theinstancevariable input as optional value to enable scheduled backup of boot volume
None
None
instances: addhostname_labelto the output
None
None
dns: add ability to manage dns records in oci dns service
None
None
network: Add route rule to the default public route table when service gateway is enabled (note this is optional to add it to public subnet). Please refer to known issues with service gateway in public subnet before enabling it in public subnet.
None
networkmodules input is updated. A new keyadd_route_rule_in_public_subnetis now required undervar.service_gateway.- Add
add_route_rule_in_public_subnetand set its value tofalse. See module's readme for full example.
- Add
service_gateway = {
enable = true
service_id = "ocid1.service.oc1.xxxxxxx"
route_rule_destination = "all-pox-services-in-oracle-services-network"
add_route_rule_in_public_subnet = false <-------------------------------------- note this line
optionals = {
route_table_id = "oci.xxxxxxxxx"
}
}
None
- Ignore changes made to
options[0].service_lb_subnet_ids, since changing the value can destory the cluster. OKE does not allow updating Service LoadBalncer Subnet anymore, and, it is still there in the API. However, you are not restircted to deploy service load balancer to another subnet using annotations (https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md). - add
prevent_destroyto true, to avoid destorying the cluster due to changes made outside of Terraform.
None
Kubernetes:- Ability to create autoscaling node pool with node
size=0and the size param is ignored by Terraform state.
- Ability to create autoscaling node pool with node
None
None
Mysql:- Add ignore_changes feature to
admin_passwordparam.
- Add ignore_changes feature to
Mysql: fixretention_in_daysvalue in README.md.
None
instances:- Ability to pass
user_dataas param for instance creation.
- Ability to pass
networks:- Ability to attach a route table to (NAT, Internet, Service) gateways.
- Add Local Peering Gateway option.
None
instances: Add an option to boot a new instance from an existing bootVolume (check doc forinstancemodule).
None
instances: fixassign_private_dns_recorddefault value. The release inv2.0.1broke the functionality. This value has to always be true since we always set the hostname label.
None
Please see breaking changes section before upgrading.
instances: add posibility to use flex shape configuration
instancesmodules input is updated. A new keyflex_shape_configis now required undervar.instances.*.config.- Add
flex_shape_configand set its value to{}. Example of partial instance object. See module's readme for full example.
- Add
"instance-a" = {
name = "instance-a"
availability_domain_name = "ocixxxxxx.xxxxxx.xxxxx"
fault_domain_name = "ocixxxxxx.xxxxxx.xxxxx"
compartment_id = "ocixxxxxx.xxxxxx.xxxxx"
volume_size = 500
autherized_keys = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxx\n ssh-rsa xxxxxxxxxxxxxxxxxxxxxx"
state = "RUNNING"
config = {
shape = "ocixxxxxx.xxxxxx.xxxxx"
flex_shape_config = {} <-------------------------------------------------------------------- note this line
...
...
...
...
}
}
instances: fix output of module (useinstance.idinstead ofk.id)instances: fixassign_private_dns_recorddefault value.
Please see breaking changes section before upgrading.
vaultmodule to manage KMS (only for key management service).volumemodule to manage extra volume attachments and backup. #7- (
object-storage) Allow to addlifecycle-rulesto buckets. #13 - (
instance) Ability to add multiple secondary IPs to primary VNIC #14 #15 - (
instance) Ability to add multiple secondary VNICs and multiple private IPs #8 - (
public-ip) Ability to attach public ip to a given private IP #16 - (
network) Ability to- configure
NAT Gateway(enable/disable, block traffic, assign reserved public IP) #19 - configure
Internet Gateway(enable/disable gateway) #19 - Create
Service Gateway. #20
- configure
- (
kubernetes) Ability to useFlex Shape - (
kubernetes) Ability to change node volume size - (
kubernetes) Ability to use NextGen Cluster #23 - (
identity) Ability to map IdP groups to oci groups. #27
-
public_ipmodule input name is changed fromipstountracked_ips.- This is to distinguish public IPs that will be managed by Terraform (private IP assignment are not tracked by Terraform). This is used in service like
NLB. - output of module changed. Previously named
ipsrenamed tountracked_ips
- This is to distinguish public IPs that will be managed by Terraform (private IP assignment are not tracked by Terraform). This is used in service like
-
object-storagemodule input is updated to include configuration forlifecyclemanagements.- Add the following key to every bucket created
lifecycle-rules = {}. To configure rules, refer to module's readme.
- Add the following key to every bucket created
-
networkmodule input is updated as following:allowed_ingress_portsis removed and replaced by the new keytcp_ingress_ports_from_allindefault_security_list_rules.public_subnets.allowed_ingress_portswas applied only to public subnet security list as TCP ingress. Whatever value you had there add it todefault_security_list_rules.public_subnets.tcp_ingress_ports_from_all
tcp_ingress_ports_from_vcnandudp_ingress_ports_from_vcnare added todefault_security_list_rules.private_subnets- NAT Gateway and Internet Gateway resource name has changed. Run the following command manually to update the state names
Internet Gateway Resource
terraform state mv module.NETWORK_MODULE_NAME.oci_core_internet_gateway mv module.module.NETWORK_MODULE_NAME.oci_core_internet_gateway\[0\]Nat Gateway Resource
terraform state mv module.NETWORK_MODULE_NAME.oci_core_nat_gateway mv module.module.NETWORK_MODULE_NAME.oci_core_nat_gateway\[0\]Public Route Table Resource
terraform state mv module.NETWORK_MODULE_NAME.oci_core_default_route_table.public_route_table module.NETWORK_MODULE_NAME.oci_core_default_route_table.public_route_table\[\"igw=true\"\]Private Route Table Resource
terraform state mv module.NETWORK_MODULE_NAME.oci_core_route_table.private_route_table module.NETWORK_MODULE_NAME.oci_core_route_table.private_route_table\[\"natgw=true:svcgw=false\"\] -
instancesmodules output is updated:public_ipandprivate_ipchanged to include vnic info, and primary ip. Alsoprivate_ipis renamed toip_address. The new instance output is like the following: from:
MY_INSTANCE = { private_ip = "xxx.xxx.xxx.xxx" public_ip = "xxx.xxx.xxx.xxx" }to
MY_INSTANCE = { id = ocid.instance.xxxxxxxxxxxxx primary_vnic = { primary_ip = { id = "ocid1.privateip.oc1.xxxxxxxxxxxxxxxx" ip_address = "xxx.xxx.xxx.xxx" public_ip = "xxx.xxx.xxx.xxx" subnet_id = "ocid1.subnet.oc1.xxxxxxxxxxxxxxx" vnic_id = "ocid1.vnic.oc1.xxxxxxxxxxxxxxx" } secondary_ips = {} } secondary_vnics = {} } -
instancesmodules input is updated as following:- input has new attribute
name. It must be added to instance block, set it toname = "INSTANCE_NAME" - input has new attribute
optionals. It must be added to instance block. Set it to{} configobject has new attributeprimary_vnic.- Add the following when upgrading to fix it.
... ... config = { primary_vnic = { <------ this line start primary_ip = "", secondary_ips = {} } <------ this line end } ... ...secondary_vnicsis new attribute to instance object.- Add the following to instance object.
{ ... ... config = { ... ... } secondary_vnics = {} <------ this line ... ... }
- input has new attribute
-
(
kubernetes) The following new variables are added (Only supported for NextGen Clusters. Do not upgrade to V2 if you are using old clusters).k8s_versionis renamed tocluster_k8s_versionendpoint_config: set it to existing configuration (take it from UI)node_pools[].volume_size_in_gbs: Set it to50to keep current configuration as is.node_pools[].k8s_version: Set it to the previous value ofk8s_versionto keep current configuration as is.node_pools[].flex_shape_config: Set it to{}node_pools[].node_metadata: Set it to{}
- (
instances) Allow rename of instance withour recration (breaking change) #6- You need to add
nameattribute to the instance objects you already created.
- You need to add
- (
network) Allow display name of subnet to be updated (breaking change) #6- You need to add
nameattribute to the subnet objects you already created.
- You need to add
- (
kuberentes) Ability to set master node version separately from node pool version. #22