) | `number` | `null` | no |
-| [autoscaler\_version](#input\_autoscaler\_version) | Version of the Autoscaler Addon Template (default: 1.27.53) | `string` | `"1.27.53"` | no |
+| [autoscaler\_version](#input\_autoscaler\_version) | Version of the Autoscaler Addon Template (default: 1.28.22) | `string` | `"1.28.22"` | no |
| [cluster\_authenticating\_proxy\_ca](#input\_cluster\_authenticating\_proxy\_ca) | X509 CA certificate configured in authenticating\_proxy mode. The maximum size of the certificate is 1 MB. | `string` | `null` | no |
| [cluster\_authenticating\_proxy\_cert](#input\_cluster\_authenticating\_proxy\_cert) | Client certificate issued by the X509 CA certificate configured in authenticating\_proxy mode. | `string` | `null` | no |
| [cluster\_authenticating\_proxy\_private\_key](#input\_cluster\_authenticating\_proxy\_private\_key) | Private key of the client certificate issued by the X509 CA certificate configured in authenticating\_proxy mode. | `string` | `null` | no |
@@ -198,21 +198,24 @@ No modules.
| [cluster\_container\_cidr](#input\_cluster\_container\_cidr) | Kubernetes pod network CIDR range (default: 172.16.0.0/16) | `string` | `"172.16.0.0/16"` | no |
| [cluster\_container\_network\_type](#input\_cluster\_container\_network\_type) | Container network type: vpc-router or overlay\_l2 for VirtualMachine Clusters; underlay\_ipvlan for BareMetal Clusters | `string` | `""` | no |
| [cluster\_enable\_scaling](#input\_cluster\_enable\_scaling) | Enable autoscaling of the cluster (default: false) | `bool` | `false` | no |
+| [cluster\_enable\_volume\_encryption](#input\_cluster\_enable\_volume\_encryption) | (Optional) System and data disks encryption of master nodes. Changing this parameter will create a new cluster resource. Defaults to 'true' | `bool` | `true` | no |
| [cluster\_high\_availability](#input\_cluster\_high\_availability) | Create the cluster in highly available mode (default: false) | `bool` | `false` | no |
| [cluster\_install\_icagent](#input\_cluster\_install\_icagent) | Install icagent for logging and metrics via AOM (default: false) | `bool` | `false` | no |
| [cluster\_public\_access](#input\_cluster\_public\_access) | Bind a public IP to the CLuster to make it public available (default: true) | `bool` | `true` | no |
| [cluster\_service\_cidr](#input\_cluster\_service\_cidr) | Kubernetes service network CIDR range (default: 10.247.0.0/16) | `string` | `"10.247.0.0/16"` | no |
| [cluster\_size](#input\_cluster\_size) | Size of the cluster: small, medium, large (default: small) | `string` | `"small"` | no |
| [cluster\_type](#input\_cluster\_type) | Cluster type: VirtualMachine or BareMetal (default: VirtualMachine) | `string` | `"VirtualMachine"` | no |
-| [cluster\_version](#input\_cluster\_version) | CCE cluster version. | `string` | `"v1.27"` | no |
-| [metrics\_server\_version](#input\_metrics\_server\_version) | Version of the Metrics Server Addon Template (default: 1.3.37) | `string` | `"1.3.37"` | no |
+| [cluster\_version](#input\_cluster\_version) | CCE cluster version. | `string` | `"v1.28"` | no |
+| [metrics\_server\_version](#input\_metrics\_server\_version) | Version of the Metrics Server Addon Template (default: 1.3.39) | `string` | `"1.3.39"` | no |
| [node\_container\_runtime](#input\_node\_container\_runtime) | The container runtime to use. Must be set to either containerd or docker. (default: containerd) | `string` | `"containerd"` | no |
+| [node\_k8s\_tags](#input\_node\_k8s\_tags) | (Optional, Map) Tags of a Kubernetes node, key/value pair format. | `map(string)` | `{}` | no |
| [node\_os](#input\_node\_os) | Operating system of worker nodes: EulerOS 2.5 or CentOS 7.7 (default: EulerOS 2.9) | `string` | `"EulerOS 2.9"` | no |
| [node\_postinstall](#input\_node\_postinstall) | Post install script for the cluster ECS node pool. | `string` | `""` | no |
| [node\_storage\_encryption\_enabled](#input\_node\_storage\_encryption\_enabled) | Enable OTC KMS volume encryption for the node pool volumes. (default: false) | `bool` | `false` | no |
| [node\_storage\_encryption\_kms\_key\_name](#input\_node\_storage\_encryption\_kms\_key\_name) | If KMS volume encryption is enabled, specify a name of an existing kms key. Setting this disables the creation of a new kms key. (default: null) | `string` | `null` | no |
| [node\_storage\_size](#input\_node\_storage\_size) | Size of the node system disk in GB (default: 100) | `number` | `100` | no |
| [node\_storage\_type](#input\_node\_storage\_type) | Type of node storage SATA, SAS or SSD (default: SATA) | `string` | `"SATA"` | no |
+| [node\_taints](#input\_node\_taints) | Node taints for the node pool | list(object({
effect = string
key = string
value = string
})) | `[]` | no |
| [tags](#input\_tags) | Common tag set for CCE resources | `map(any)` | `{}` | no |
## Outputs
diff --git a/modules/cce/cluster.tf b/modules/cce/cluster.tf
index bd5ed1b..f0eb1c4 100644
--- a/modules/cce/cluster.tf
+++ b/modules/cce/cluster.tf
@@ -50,19 +50,20 @@ locals {
}
resource "opentelekomcloud_cce_cluster_v3" "cluster" {
- name = var.name
- cluster_type = var.cluster_type
- flavor_id = local.flavor_id
- vpc_id = var.cluster_vpc_id
- subnet_id = var.cluster_subnet_id
- container_network_type = local.cluster_container_network_type
- container_network_cidr = var.cluster_container_cidr
- kubernetes_svc_ip_range = var.cluster_service_cidr
- description = "Kubernetes Cluster ${var.name}."
- eip = var.cluster_public_access ? opentelekomcloud_vpc_eip_v1.cce_eip[0].publicip[0].ip_address : null
- cluster_version = var.cluster_version
- authentication_mode = var.cluster_authentication_mode
- annotations = var.cluster_install_icagent ? { "cluster.install.addons.external/install" = jsonencode([{ addonTemplateName = "icagent" }]) } : null
+ name = var.name
+ cluster_type = var.cluster_type
+ flavor_id = local.flavor_id
+ vpc_id = var.cluster_vpc_id
+ subnet_id = var.cluster_subnet_id
+ container_network_type = local.cluster_container_network_type
+ container_network_cidr = var.cluster_container_cidr
+ kubernetes_svc_ip_range = var.cluster_service_cidr
+ description = "Kubernetes Cluster ${var.name}."
+ eip = var.cluster_public_access ? opentelekomcloud_vpc_eip_v1.cce_eip[0].publicip[0].ip_address : null
+ cluster_version = var.cluster_version
+ authentication_mode = var.cluster_authentication_mode
+ annotations = var.cluster_install_icagent ? { "cluster.install.addons.external/install" = jsonencode([{ addonTemplateName = "icagent" }]) } : null
+ enable_volume_encryption = var.cluster_enable_volume_encryption
dynamic "authenticating_proxy" {
for_each = var.cluster_authentication_mode != "authenticating_proxy" ? toset([]) : toset(["authenticating_proxy"])
content {
@@ -98,6 +99,17 @@ resource "opentelekomcloud_cce_node_pool_v3" "cluster_node_pool" {
docker_base_size = 20
postinstall = var.node_postinstall
+ k8s_tags = var.node_k8s_tags
+
+ dynamic "taints" {
+ for_each = var.node_taints
+ content {
+ effect = taints.value.effect
+ key = taints.value.key
+ value = taints.value.value
+ }
+ }
+
root_volume {
size = 50
volumetype = "SSD"
diff --git a/modules/cce/variables.tf b/modules/cce/variables.tf
index 407aba5..c31e940 100644
--- a/modules/cce/variables.tf
+++ b/modules/cce/variables.tf
@@ -23,7 +23,7 @@ variable "cluster_subnet_id" {
variable "cluster_version" {
type = string
description = "CCE cluster version."
- default = "v1.27"
+ default = "v1.28"
}
variable "cluster_size" {
@@ -65,6 +65,12 @@ resource "errorcheck_is_valid" "container_network_type" {
}
}
+variable "cluster_enable_volume_encryption" {
+ description = "(Optional) System and data disks encryption of master nodes. Changing this parameter will create a new cluster resource. Defaults to 'true'"
+ default = true
+ type = bool
+}
+
variable "cluster_container_cidr" {
type = string
description = "Kubernetes pod network CIDR range (default: 172.16.0.0/16)"
@@ -196,6 +202,22 @@ variable "node_postinstall" {
default = ""
}
+variable "node_taints" {
+ type = list(object({
+ effect = string
+ key = string
+ value = string
+ }))
+ description = "Node taints for the node pool"
+ default = []
+}
+
+variable "node_k8s_tags" {
+ default = {}
+ description = "(Optional, Map) Tags of a Kubernetes node, key/value pair format."
+ type = map(string)
+}
+
variable "autoscaler_node_max" {
type = number
description = "Maximum limit of servers to create (default: 10)"
@@ -215,14 +237,14 @@ locals {
variable "autoscaler_version" {
type = string
- description = "Version of the Autoscaler Addon Template (default: 1.27.53)"
- default = "1.27.53"
+ description = "Version of the Autoscaler Addon Template (default: 1.28.22)"
+ default = "1.28.22"
}
variable "metrics_server_version" {
type = string
- description = "Version of the Metrics Server Addon Template (default: 1.3.37)"
- default = "1.3.37"
+ description = "Version of the Metrics Server Addon Template (default: 1.3.39)"
+ default = "1.3.39"
}
variable "cluster_authentication_mode" {
diff --git a/modules/cce_gpu_node_pool/README.md b/modules/cce_gpu_node_pool/README.md
index 405ba4b..b1c322a 100644
--- a/modules/cce_gpu_node_pool/README.md
+++ b/modules/cce_gpu_node_pool/README.md
@@ -92,6 +92,7 @@ No modules.
| [gpu\_beta\_version](#input\_gpu\_beta\_version) | Version of the GPU Beta Addon Template (default: 2.0.46) | `string` | `"2.0.46"` | no |
| [gpu\_driver\_url](#input\_gpu\_driver\_url) | Nvidia Driver download URL. Please refer to https://www.nvidia.com/Download/Find.aspx and ensure your driver is matching the GPU in your node flavor. | `string` | `""` | no |
| [node\_container\_runtime](#input\_node\_container\_runtime) | The container runtime to use. Must be set to either containerd or docker. (default: containerd) | `string` | `"containerd"` | no |
+| [node\_k8s\_tags](#input\_node\_k8s\_tags) | (Optional, Map) Tags of a Kubernetes node, key/value pair format. | `map(string)` | `{}` | no |
| [node\_os](#input\_node\_os) | Operating system of worker nodes. | `string` | `"EulerOS 2.9"` | no |
| [node\_postinstall](#input\_node\_postinstall) | Post install script for the node pool. | `string` | `""` | no |
| [node\_scaling\_enabled](#input\_node\_scaling\_enabled) | Enable the scaling for the node pool. Please note that CCE cluster must have autoscaling addon installed. (default: 10) | `bool` | `true` | no |
diff --git a/modules/cce_gpu_node_pool/main.tf b/modules/cce_gpu_node_pool/main.tf
index 8e9168a..c7eca77 100644
--- a/modules/cce_gpu_node_pool/main.tf
+++ b/modules/cce_gpu_node_pool/main.tf
@@ -52,6 +52,8 @@ resource "opentelekomcloud_cce_node_pool_v3" "cluster_node_pool" {
docker_base_size = 20
postinstall = var.node_postinstall
+ k8s_tags = var.node_k8s_tags
+
dynamic "taints" {
for_each = var.node_taints
content {
diff --git a/modules/cce_gpu_node_pool/variables.tf b/modules/cce_gpu_node_pool/variables.tf
index c658fe9..1a4aad0 100644
--- a/modules/cce_gpu_node_pool/variables.tf
+++ b/modules/cce_gpu_node_pool/variables.tf
@@ -21,6 +21,12 @@ variable "node_availability_zones" {
description = "Availability zones for the node pools. Providing multiple availability zones creates one node pool in each zone."
}
+variable "node_k8s_tags" {
+ default = {}
+ description = "(Optional, Map) Tags of a Kubernetes node, key/value pair format."
+ type = map(string)
+}
+
locals {
valid_availability_zones = {
eu-de = toset([
diff --git a/modules/jumphost/README.md b/modules/jumphost/README.md
index a8945dd..fe19856 100644
--- a/modules/jumphost/README.md
+++ b/modules/jumphost/README.md
@@ -1,6 +1,6 @@
## Jumphost Module
-A module designed to create SSH jumphosts via OTC ECS for private networks.
+A module designed to create SSH jumphosts via OTC ECS for private networks.
Usage example:
```hcl
@@ -12,12 +12,10 @@ module "vpc" {
"subnet-demo" = "default_cidr"
}
}
-
data "opentelekomcloud_images_image_v2" "ubuntu" {
name = "Standard_Ubuntu_20.04_latest"
visibility = "public"
}
-
module "jumphost" {
source = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/jumphost"
vpc_id = module.vpc.vpc.id
@@ -33,12 +31,11 @@ module "jumphost" {
> - Agency Type = `Account`
> - Delegated Account = `op_svc_evs`
> - Permissions = `KMS Administrator` within the project
-
-Notes:
+ Notes:
- Please see [example_cloud_init](../../example_cloud_init) for example cloud_init configuration
- More examples of cloud-init can be found in [Cloud config examples](https://cloudinit.readthedocs.io/en/latest/topics/examples.html)
- For complete documentation of cloud init, please see [cloud-init Documentation](https://cloudinit.readthedocs.io/en/latest/index.html)
-- The jumphost module is designed to ignore changes in the node_image_id parameter.
+- The jumphost module is designed to ignore changes in the node_image_id parameter.
- The jumphost node's boot drive is also designed to be preserved even if the instance is destroyed for data resiliency.
- If an image update or clean boot drive is intended,
please use taint or destroy:
@@ -106,7 +103,8 @@ No modules.
| [cloud\_init](#input\_cloud\_init) | Custom Cloud-init configuration. Cloud-init cloud config format is expected. Only *.yml and *.yaml files will be read. | `string` | `""` | no |
| [node\_bandwidth\_size](#input\_node\_bandwidth\_size) | Jumphost node external IP bandwidth size in Mbps. (default: 10) | `number` | `10` | no |
| [node\_flavor](#input\_node\_flavor) | Jumphost node specifications in otc flavor format. (default: s3.medium.2 (3rd generation 1 Core 2GB RAM)) | `string` | `"s3.medium.2"` | no |
-| [node\_image\_id](#input\_node\_image\_id) | Jumphost node image name. Image must exist within the same project as the jumphost node. (default: 9f92079d-9d1b-4832-90c1-a3b4a1c00b9b (Standard\_Ubuntu\_20.04\_latest)) | `string` | `"9f92079d-9d1b-4832-90c1-a3b4a1c00b9b"` | no |
+| [node\_image\_id](#input\_node\_image\_id) | Jumphost node image name. Image must exist within the same project as the jumphost node. (default: bd571d76-c73c-405c-8532-8f7c3b38e5a5 (Standard\_Ubuntu\_22.04\_latest)) | `string` | `"bd571d76-c73c-405c-8532-8f7c3b38e5a5"` | no |
+| [node\_power\_state](#input\_node\_power\_state) | Jumphost node power state. Only active (powered on) and shutoff (shutdown) are supported. (default: active) | `string` | `"active"` | no |
| [node\_storage\_encryption\_enabled](#input\_node\_storage\_encryption\_enabled) | Jumphost node system disk storage KMS encryption toggle. | `bool` | `false` | no |
| [node\_storage\_encryption\_key\_name](#input\_node\_storage\_encryption\_key\_name) | If jumphost system disk KMS encryption is enabled, use this KMS key name instead of creating a new one. | `string` | `null` | no |
| [node\_storage\_size](#input\_node\_storage\_size) | Jumphost node system disk storage size in GB. (default: 20) | `number` | `20` | no |
@@ -123,4 +121,4 @@ No modules.
| [jumphost\_address](#output\_jumphost\_address) | n/a |
| [jumphost\_private\_address](#output\_jumphost\_private\_address) | n/a |
| [jumphost\_sg\_id](#output\_jumphost\_sg\_id) | n/a |
-
+
\ No newline at end of file
diff --git a/modules/jumphost/node.tf b/modules/jumphost/node.tf
index bef0578..854dc07 100644
--- a/modules/jumphost/node.tf
+++ b/modules/jumphost/node.tf
@@ -44,6 +44,7 @@ resource "opentelekomcloud_compute_instance_v2" "jumphost_node" {
image_id = var.node_image_id
auto_recovery = true
flavor_id = var.node_flavor
+ power_state = var.node_power_state
network {
uuid = var.subnet_id
diff --git a/modules/jumphost/variables.tf b/modules/jumphost/variables.tf
index 0748ae0..20d2515 100644
--- a/modules/jumphost/variables.tf
+++ b/modules/jumphost/variables.tf
@@ -21,8 +21,13 @@ variable "node_flavor" {
}
variable "node_image_id" {
- description = "Jumphost node image name. Image must exist within the same project as the jumphost node. (default: 9f92079d-9d1b-4832-90c1-a3b4a1c00b9b (Standard_Ubuntu_20.04_latest))"
- default = "9f92079d-9d1b-4832-90c1-a3b4a1c00b9b"
+ description = "Jumphost node image name. Image must exist within the same project as the jumphost node. (default: bd571d76-c73c-405c-8532-8f7c3b38e5a5 (Standard_Ubuntu_22.04_latest))"
+ default = "bd571d76-c73c-405c-8532-8f7c3b38e5a5"
+}
+
+variable "node_power_state" {
+ description = "Jumphost node power state. Only active (powered on) and shutoff (shutdown) are supported. (default: active)"
+ default = "active"
}
variable "node_storage_type" {
diff --git a/modules/vpc/README.md b/modules/vpc/README.md
index 4dff784..90c7c6f 100644
--- a/modules/vpc/README.md
+++ b/modules/vpc/README.md
@@ -41,7 +41,6 @@ No modules.
|------|------|
| [opentelekomcloud_vpc_subnet_v1.subnets](https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest/docs/resources/vpc_subnet_v1) | resource |
| [opentelekomcloud_vpc_v1.vpc](https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest/docs/resources/vpc_v1) | resource |
-| [opentelekomcloud_identity_project_v3.current](https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/latest/docs/data-sources/identity_project_v3) | data source |
## Inputs
@@ -50,7 +49,6 @@ No modules.
| [name](#input\_name) | Name of the VPC. | `string` | n/a | yes |
| [cidr\_block](#input\_cidr\_block) | IP range of the VPC | `string` | `"10.0.0.0/16"` | no |
| [dns\_config](#input\_dns\_config) | Common Domain Name Server list for all subnets | `list(string)` | [
"100.125.4.25",
"100.125.129.199"
]
| no |
-| [enable\_shared\_snat](#input\_enable\_shared\_snat) | Enable the shared SNAT capability on VPCs in eu-de region. (default: true) | `bool` | `true` | no |
| [subnets](#input\_subnets) | Subnet names and their cidr ranges. | `map(string)` | {
"database-subnet": "",
"jumphost-subnet": "",
"kubernetes-subnet": ""
} | no |
| [tags](#input\_tags) | Common tag set for project resources | `map(string)` | `{}` | no |
diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf
index 64bcaa8..d08c273 100644
--- a/modules/vpc/variables.tf
+++ b/modules/vpc/variables.tf
@@ -42,10 +42,3 @@ variable "dns_config" {
"100.125.129.199",
]
}
-
-variable "enable_shared_snat" {
- type = bool
- description = "Enable the shared SNAT capability on VPCs in eu-de region. (default: true)"
- default = true
-}
-
diff --git a/modules/vpc/vpc.tf b/modules/vpc/vpc.tf
index e948265..a348c36 100644
--- a/modules/vpc/vpc.tf
+++ b/modules/vpc/vpc.tf
@@ -1,10 +1,7 @@
-data "opentelekomcloud_identity_project_v3" "current" {}
-
resource "opentelekomcloud_vpc_v1" "vpc" {
- name = var.name
- cidr = var.cidr_block
- shared = data.opentelekomcloud_identity_project_v3.current.region == "eu-de" ? var.enable_shared_snat : false
- tags = var.tags
+ name = var.name
+ cidr = var.cidr_block
+ tags = var.tags
}
resource "opentelekomcloud_vpc_subnet_v1" "subnets" {