Skip to content

v1.0.0
Compare
Choose a tag to compare
@hyder hyder released this 27 Sep 04:58
v1.0.0
3eef571

Changes

  • Code changes to support Terraform 0.12 (Minimum version 0.12.8)
  • Helm upgraded to 2.14.3
  • Upgraded calico to 3.9
  • Bastion uses Oracle Linux only
  • Updates to variables (renaming, removing)
  • Documentation and topology
  • instance_principal disabled by default

Improvements

Bastion

  • Added ability to restrict access to bastion host to a CIDR block
  • Bash aliases for kubectl (k) and helm (h)
  • Generated script (tesseract.sh) to ssh to the bastion
  • Optional addition and initialization of incubator and jetstack repos on the bastion
  • Default bastion shape to the smaller (and cheaper) VM.Standard.E2.1

Networking

  • Simplified network topology for both multi and single AD regions
  • Separate and simplified security lists for public and private workers
  • Worker and load balancer subnets now use regional subnets
  • Added private subnets for internal load balancers
  • Improved subnet defaults:
    • Avoid potential overlapping subnets when creating or scaling large clusters to maximum cluster size
    • Bastion: maximum of 5
    • Load Balancers: maximum of 29 per subnet
    • Worker subnets: maximum of 16380 IPv4 addresses per subnet
  • Service Gateway routing is now automatically added when service gateway is enabled. Worker nodes can now use the service gateway to access Object Storage, Streaming and other OCI Services without manual configuration of routing and security lists

Load Balancer

  • Ability to choose load balancer types (public or internal)

Note

In order to use private load balancers, the necessary oci load balancer annotations must be used.

Node pools and worker nodes

  • Added ability to specify cutom image id or choose OS version for worker nodes
  • More flexible way of defining node pools, shapes and sizes
  • Added ability to support mixed Kubernetes workloads by choosing different shapes for each node pool
  • Better resilience for worker nodes by using Fault Domains
  • Topologies 2 and 3 removed in favour of single topology using the new node pool configuration

New Features

  • Integration with OCI KMS for encrypting Kubernetes secrets
  • Optional metric_server installation for HPA
Assets 2
Loading