v2.11.0

v2.11.0:

New

• network-sg: add support for all rule types: ip cidrs, service cidrs and nsg ids.
  • see the example in the module for how to use the new variable.
  • the default value is CIDR_BLOCK to ensure backward compatibility.
  • add new variables:
    • var.network_security_groups.*.*.type
    • var.network_security_groups.*.*.ips
    • var.network_security_groups.*.*.nsg_ids
    • var.network_security_groups.*.*.service_cidrs
  • They are optional based on the type, if type is not set, then var.network_security_groups.*.*.ips becomes mandatory.
• kubernetes: Ability to add user defined tags for OKE nodes by using the optional variable node_pools.*.defined_tags

Fix

• instances: Ignore changes made to metadata.user_data in any instance, since changing the value will destroy and recreate the instance.

resource "oci_core_instance" "instances" {
  ...
  ...
  metadata = {
    ssh_authorized_keys = each.value.autherized_keys
    user_data           = lookup(each.value.optionals, "user_data", null)
  }
  lifecycle {
    ignore_changes = [
      metadata["user_data"]   <------------------------------ note this 
    ]
  }
}

Breaking Changes

None

v2.10.0

v2.10.0:

New

• network-sg: change input type to support ports range in var.network_security_groups.*.ports variable.

Fix

None

Breaking Changes

• network-sg modules input for network_security_groups is updated. The subkey port is replaced with ports and it is now a map of two objects max and min.

network_security_groups = {
    "group_1" = {
      "rule_1" = {
        direction = "INGRESS"
        protocol  = "tcp"
        port      = { min : 9090, max : 9090 }
        ips       = ["192.168.100.12", "192.168.100.12"]
      }
    }
}

• Currently there is no easy migration path for this change, since the terraform resource name is updated. However, destroying and recreating the rules is the best and fastest way to do it, however, it might impact your networks for few minutes. Alternatively, reference the new release in a new module definition, and migration your rules one by one.

v2.9.0

v2.9.0:

New

• identity: add new argument capabilities in var.service_accounts variable.

Fix

• Correct path argument by source argument to specify the module path in identity module usage examples in README.md.

Breaking Changes

• identity modules input for service_accounts is updated. A new key capabilities is now required under var.service_accounts.*.
  • Add capabilities and set its value to {}.

from:

module "identity" {
 ...
 service_accounts = toset(["terraform-cli"])
 ...
}

to:

module "identity" {
 ...
 service_accounts = {
   "terraform-cli" = { 
     name = "terraform-cli", 
     capabilities = {}
   }
 }
 ...
}

v2.8.0

v2.8.0:

New

• instances: add new argument availability_config. for VM migration during infrastructure maintenance events

Fix

None

Breaking Changes

• instances modules input is updated. A new key availability_config is now required under var.instances.*.config.
  • Add is_live_migration_preferred and set its value to true. Example of partial instance object.
  • Add recovery_action and set its value to RESTORE_INSTANCE. Example of partial instance object.

 instances = {
   ...
   ...
   ...
      network_sgs_ids = [
          "ocixxxxxx.xxxxxx.xxxxx", "ocixxxxxx.xxxxxx.xxxxx",
        ]
        primary_vnic = {
          primary_ip = ""
          secondary_ips = {}
        }
        availability_config   = {   <--------------------------------------------------- note this block 
          recovery_action             = "RESTORE_INSTANCE"  
          is_live_migration_preferred = false
        }
      }
    ...
    ...

v2.7.1

v2.7.1:

New

None

Fix

Change VNIC's skip_source_dest_check to an optional variable input.

Breaking Changes

None

v2.7.0

v2.7.0:

New

• instances: add boot_volume_backup_policies to the input as optional value.
• instances: add instances[*].optional.reference_to_backup_policy_key_name to the instance variable input as optional value to enable scheduled backup of boot volume

Fix

None

Breaking Changes

None

v2.6.1

v2.6.1:

New

• instances: add hostname_label to the output

Fix

None

Breaking Changes

None

v2.6.0

v2.6.0

New

• dns: add ability to manage dns records in oci dns service

Fix

None

Breaking Changes

None

v2.5.0

v2.5.0:

New

• network: Add route rule to the default public route table when service gateway is enabled (note this is optional to add it to public subnet). Please refer to known issues with service gateway in public subnet before enabling it in public subnet.

Fix

None

Breaking Changes

• network modules input is updated. A new key add_route_rule_in_public_subnet is now required under var.service_gateway.
  • Add add_route_rule_in_public_subnet and set its value to false. See module's readme for full example.

service_gateway = {
  enable = true
  service_id = "ocid1.service.oc1.xxxxxxx"
  route_rule_destination = "all-pox-services-in-oracle-services-network"
  add_route_rule_in_public_subnet = false <-------------------------------------- note this line
  optionals     = {
    route_table_id = "oci.xxxxxxxxx"
  }
}

v2.4.1

v2.4.1:

New

Nonde

Fix

• Ignore changes made to options[0].service_lb_subnet_ids, since changing the value can destory the cluster. OKE does not allow updating Service LoadBalncer Subnet anymore, and, it is still there in the API. However, you are not restircted to deploy service load balancer to another subnet using annotations (https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md).
• add prevent_destroy to true, to avoid destorying the cluster due to changes made outside of Terraform.

Breaking Changes

None