modules update to 0.9.3

terraform-provider-oci/oke-quickstartz/modules/bastion/bastion.tf

@@ -0,0 +1,48 @@
+
+
+resource "oci_bastion_bastion" "mybastion" {
+    #Required
+    bastion_type = "standard"
+    compartment_id = var.compartment_ocid
+    target_subnet_id = var.k8s_endpoint_subnet_id
+    name = var.bastion_name
+    client_cidr_block_allow_list = [var.bastion_cidr_block_allow_list]
+/*
+    #Optional
+    client_cidr_block_allow_list = var.bastion_cidr_block_allow_list
+    #defined_tags = {"foo-namespace.bar-key"= "value"}
+    freeform_tags = {"bar-key"= "value"}
+    max_session_ttl_in_seconds = "10800"
+    phone_book_entry = var.bastion_phone_book_entry
+   # static_jump_host_ip_addresses = var.bastion_static_jump_host_ip_addresses
+*/
+}
+
+
+##################################
+#    Bastion Session
+##################################
+resource "oci_bastion_session" "mybastion_session" {
+    #Required
+    bastion_id = oci_bastion_bastion.mybastion.id
+    key_details {
+        #Required
+        public_key_content = file(var.ssh_public_key)
+    }
+    target_resource_details {
+        #Required
+        session_type = var.bastion_session_type
+
+        #Optional
+        target_resource_port = "22" #var.bastion_session_port
+        target_resource_private_ip_address = "192.168.78.10"  # oci_database_db_system.MYDBSYS.private_ip
+        # target_resource_id = oci_bastion_target_resource.test_target_resource.id      -->MANAGED_SSH
+        # target_resource_operating_system_user_name = oci_identity_user.test_user.name -->MANAGED_SSH
+    }
+
+    #Optional
+    display_name = var.bastion_session_name  #Session-Mybastion
+    key_type = "PUB"
+    session_ttl_in_seconds = var.session_session_ttl_in_seconds #"10800"
+
+}

terraform-provider-oci/oke-quickstartz/modules/bastion/variables.tf

@@ -0,0 +1,44 @@
+variable "compartment_ocid" {}
+# Network Details
+variable "vcn_id" { description = "VCN OCID to deploy OKE Cluster" }
+variable "k8s_endpoint_subnet_id" { description = "Kubernetes Endpoint Subnet OCID to deploy OKE Cluster" }
+variable "cluster_workers_visibility" {
+  default     = "Private"
+  description = "The Kubernetes worker nodes that are created will be hosted in public or private subnet(s)"
+}
+variable "cluster_endpoint_visibility" {
+  default     = "Public"
+  description = "The Kubernetes cluster that is created will be hosted on a public subnet with a public IP address auto-assigned or on a private subnet. If Private, additional configuration will be necessary to run kubectl commands"
+}
+
+# Bastion details 
+variable "bastion_cidr_block_allow_list" {
+    default= "0.0.0.0/0"
+}
+
+variable "bastion_name" {
+    default = "oke-Bastion"
+}
+
+variable "session_session_ttl_in_seconds" {
+    default = "10800"
+
+}
+
+variable "session_target_resource_details_session_type" {
+ default = ""
+ }
+
+variable "bastion_session_type" {
+default = "PORT_FORWARDING"
+
+}
+variable "bastion_session_name" {
+    default = "oke-bastion-session1"
+
+}
+
+variable "public_ssh_key" {
+  default     = ""
+  description = "In order to access your private nodes with a public SSH key you will need to set up a bastion host (a.k.a. jump box). If using public nodes, bastion is not needed. Left blank to not import keys."
+}

terraform-provider-oci/oke-quickstartz/modules/cluster-tools/Readme.md

@@ -0,0 +1,70 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | ~> 2 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3 |
+| <a name="requirement_tls"></a> [tls](#requirement\_tls) | ~> 4 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | ~> 2 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_cert-manager"></a> [cert-manager](#module\_cert-manager) | ./modules/cert-manager | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.grafana](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.ingress_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.metrics_server](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_ingress_v1.grafana](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource |
+| [kubernetes_namespace.cluster_tools](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_secret.grafana](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/secret) | data source |
+| [kubernetes_service.ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cert_manager_enabled"></a> [cert\_manager\_enabled](#input\_cert\_manager\_enabled) | Enable x509 Certificate Management | `bool` | `true` | no |
+| <a name="input_cluster_tools_namespace"></a> [cluster\_tools\_namespace](#input\_cluster\_tools\_namespace) | Namespace | `string` | `"cluster-tools"` | no |
+| <a name="input_grafana_enabled"></a> [grafana\_enabled](#input\_grafana\_enabled) | Enable Grafana Dashboards. Includes example dashboards and Prometheus, OCI Logging and OCI Metrics datasources | `bool` | `true` | no |
+| <a name="input_ingress_cluster_issuer"></a> [ingress\_cluster\_issuer](#input\_ingress\_cluster\_issuer) | Certificate issuer type. Currently supports the free Let's Encrypt and Self-Signed. Only *letsencrypt-prod* generates valid certificates | `string` | `"letsencrypt-prod"` | no |
+| <a name="input_ingress_email_issuer"></a> [ingress\_email\_issuer](#input\_ingress\_email\_issuer) | You must replace this email address with your own. The certificate provider will use this to contact you about expiring certificates, and issues related to your account. | `string` | `"[email protected]"` | no |
+| <a name="input_ingress_hosts"></a> [ingress\_hosts](#input\_ingress\_hosts) | Enter a valid full qualified domain name (FQDN). You will need to map the domain name to the EXTERNAL-IP address on your DNS provider (DNS Registry type - A). If you have multiple domain names, include separated by comma. e.g.: mushop.example.com,catshop.com | `string` | `""` | no |
+| <a name="input_ingress_hosts_include_nip_io"></a> [ingress\_hosts\_include\_nip\_io](#input\_ingress\_hosts\_include\_nip\_io) | Include app\_name.HEXXX.nip.io on the ingress hosts. e.g.: mushop.HEXXX.nip.io | `bool` | `true` | no |
+| <a name="input_ingress_load_balancer_shape"></a> [ingress\_load\_balancer\_shape](#input\_ingress\_load\_balancer\_shape) | Shape that will be included on the Ingress annotation for the OCI Load Balancer creation | `string` | `"flexible"` | no |
+| <a name="input_ingress_load_balancer_shape_flex_max"></a> [ingress\_load\_balancer\_shape\_flex\_max](#input\_ingress\_load\_balancer\_shape\_flex\_max) | Enter the maximum size of the flexible shape (Should be bigger than minimum size). The maximum service limit is set by your tenancy limits. | `string` | `"100"` | no |
+| <a name="input_ingress_load_balancer_shape_flex_min"></a> [ingress\_load\_balancer\_shape\_flex\_min](#input\_ingress\_load\_balancer\_shape\_flex\_min) | Enter the minimum size of the flexible shape. | `string` | `"10"` | no |
+| <a name="input_ingress_nginx_enabled"></a> [ingress\_nginx\_enabled](#input\_ingress\_nginx\_enabled) | Enable Ingress Nginx for Kubernetes Services (This option provision a Load Balancer) | `bool` | `true` | no |
+| <a name="input_ingress_tls"></a> [ingress\_tls](#input\_ingress\_tls) | If enabled, will generate SSL certificates to enable HTTPS for the ingress using the Certificate Issuer | `bool` | `false` | no |
+| <a name="input_metrics_server_enabled"></a> [metrics\_server\_enabled](#input\_metrics\_server\_enabled) | Enable Metrics Server for Metrics, HPA, VPA and Cluster Autoscaler | `bool` | `true` | no |
+| <a name="input_nip_io_domain"></a> [nip\_io\_domain](#input\_nip\_io\_domain) | Dynamic wildcard DNS for the application hostname. Should support hex notation. e.g.: nip.io | `string` | `"nip.io"` | no |
+| <a name="input_oci_tag_values"></a> [oci\_tag\_values](#input\_oci\_tag\_values) | Tags to be added to the resources | `any` | n/a | yes |
+| <a name="input_prometheus_enabled"></a> [prometheus\_enabled](#input\_prometheus\_enabled) | Enable Prometheus | `bool` | `true` | no |
+| <a name="input_region"></a> [region](#input\_region) | variable "compartment\_ocid" {} | `any` | n/a | yes |
+| <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid) | OCI Provider | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_grafana_admin_password"></a> [grafana\_admin\_password](#output\_grafana\_admin\_password) | n/a |
+| <a name="output_ingress_controller_load_balancer_hostname"></a> [ingress\_controller\_load\_balancer\_hostname](#output\_ingress\_controller\_load\_balancer\_hostname) | output "ingress\_controller\_load\_balancer\_ip\_hex" { value = local.ingress\_controller\_load\_balancer\_ip\_hex } |
+| <a name="output_ingress_controller_load_balancer_ip"></a> [ingress\_controller\_load\_balancer\_ip](#output\_ingress\_controller\_load\_balancer\_ip) | Outputs |
+| <a name="output_url_protocol"></a> [url\_protocol](#output\_url\_protocol) | n/a |
+<!-- END_TF_DOCS -->

terraform-provider-oci/oke-quickstartz/modules/cluster-tools/cluster-tools.tf

@@ -15,15 +15,15 @@ locals {
   # Helm repos
   helm_repository = {
     ingress_nginx          = "https://kubernetes.github.io/ingress-nginx"
-    ingress_nginx_version  = "4.6.1"
+    ingress_nginx_version  = "4.11.2" #"4.6.1"
     jetstack               = "https://charts.jetstack.io" # cert-manager
-    jetstack_version       = "1.12.0"                     # cert-manager
+    jetstack_version       = "1.15.3" #"1.12.0"           # cert-manager
     grafana                = "https://grafana.github.io/helm-charts"
-    grafana_version        = "6.56.5"
+    grafana_version        = "8.4.8" #"6.56.5"
     prometheus             = "https://prometheus-community.github.io/helm-charts"
-    prometheus_version     = "22.6.2"
+    prometheus_version     = "25.26.0" #"22.6.2"
     metrics_server         = "https://kubernetes-sigs.github.io/metrics-server"
-    metrics_server_version = "3.10.0"
+    metrics_server_version = "3.12.1" #"3.10.0"
   }
   use_cluster_tools_namespace = anytrue([var.grafana_enabled, var.ingress_nginx_enabled, var.cert_manager_enabled, var.prometheus_enabled]) ? true : false
 }

terraform-provider-oci/oke-quickstartz/modules/cluster-tools/grafana.tf

@@ -25,10 +25,10 @@ resource "helm_release" "grafana" {
     type  = "string"
   }
 
-  set {
-    name  = "grafana\\.ini.server.serve_from_sub_path"
-    value = "true"
-  }
+  # set {
+  #   name  = "grafana\\.ini.server.serve_from_sub_path"
+  #   value = "true"
+  # }
 
   values = [
     <<EOF

terraform-provider-oci/oke-quickstartz/modules/cluster-tools/modules/cert-manager/variables.tf

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2022-24 Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
 # 
 
@@ -10,7 +10,7 @@ variable "chart_repository" {
   default = "https://charts.jetstack.io"
 }
 variable "chart_version" {
-  default = "1.9.1"
+  default = "1.15.3" # default = "1.9.1"
 }
 variable "ingress_email_issuer" {
   default     = "[email protected]"

terraform-provider-oci/oke-quickstartz/modules/cluster-tools/modules/cert-manager/versions.tf

@@ -0,0 +1,24 @@
+# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+terraform {
+  required_version = ">= 1.5" #">= 1.2" 
+  required_providers {
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.15"   # version = "~> 2"
+      # https://registry.terraform.io/providers/hashicorp/helm/
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4"
+      # https://registry.terraform.io/providers/hashicorp/tls/
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.5"
+      # https://registry.terraform.io/providers/hashicorp/local/
+    }
+  }
+}

terraform-provider-oci/oke-quickstartz/modules/cluster-tools/providers.tf

@@ -3,7 +3,7 @@
 # 
 
 terraform {
-  required_version = ">= 1.1"
+  required_version =">= 1.5" # ">= 1.1"
   required_providers {
     kubernetes = {
       source  = "hashicorp/kubernetes"

terraform-provider-oci/oke-quickstartz/modules/oci-networking/README.md

@@ -1,3 +1,29 @@
 # OCI Networking module
 
 > __Warning__: Moved to [oracle-quickstart/terraform-oci-networking](https://github.com/oracle-quickstart/terraform-oci-networking). Sub modules with specific OCI Networking resource also available. example: [Virtual Cloud Network](https://github.com/oracle-quickstart/terraform-oci-networking/tree/main/modules/vcn).
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+No modules.
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

terraform-provider-oci/oke-quickstartz/modules/oci-networking/gateway/providers.tf

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     oci = {
       source  = "oracle/oci"
-      version = "~> 4"
+      version = ">= 4"
       # https://registry.terraform.io/providers/oracle/oci/
     }
     local = {

terraform-provider-oci/oke-quickstartz/modules/oci-networking/route_table/providers.tf

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     oci = {
       source  = "oracle/oci"
-      version = "~> 4"
+      version = ">= 4"
       # https://registry.terraform.io/providers/oracle/oci/
     }
     local = {

terraform-provider-oci/oke-quickstartz/modules/oci-networking/security_list/providers.tf

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     oci = {
       source  = "oracle/oci"
-      version = "~> 4"
+      version = ">= 4"
       # https://registry.terraform.io/providers/oracle/oci/
     }
     local = {

terraform-provider-oci/oke-quickstartz/modules/oci-networking/subnet/providers.tf

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     oci = {
       source  = "oracle/oci"
-      version = "~> 4"
+      version = ">= 4"
       # https://registry.terraform.io/providers/oracle/oci/
     }
     local = {

terraform-provider-oci/oke-quickstartz/modules/oci-networking/vcn/providers.tf

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     oci = {
       source  = "oracle/oci"
-      version = "~> 4"
+      version = ">= 4"
       # https://registry.terraform.io/providers/oracle/oci/
     }
     local = {

terraform-provider-oci/oke-quickstartz/modules/oci-policies/Readme.md

@@ -0,0 +1,49 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | ~> 2 |
+| <a name="requirement_oci"></a> [oci](#requirement\_oci) | ~> 4, < 5 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_oci.home_region"></a> [oci.home\_region](#provider\_oci.home\_region) | ~> 4, < 5 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [oci_identity_dynamic_group.for_policies](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_dynamic_group) | resource |
+| [oci_identity_policy.policies](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_policy) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_compartment_ocid"></a> [compartment\_ocid](#input\_compartment\_ocid) | Compartment OCID where the policies will be created. If not specified, the policies will be created on the Tenancy OCID | `string` | `""` | no |
+| <a name="input_create_dynamic_group"></a> [create\_dynamic\_group](#input\_create\_dynamic\_group) | Creates dynamic group to use with policies. Note: You need to have proper rights on the Tenancy. If you only have rights in a compartment, uncheck and ask you administrator to create the Dynamic Group for you | `bool` | `false` | no |
+| <a name="input_create_policy"></a> [create\_policy](#input\_create\_policy) | Creates policy. e.g.: Compartment Policies to support Cluster Autoscaler, OCI Logging datasource on Grafana; Tenancy Policies to support OCI Metrics datasource on Grafana | `bool` | `false` | no |
+| <a name="input_dynamic_group_main_condition"></a> [dynamic\_group\_main\_condition](#input\_dynamic\_group\_main\_condition) | Main condition for the dynamic group. e.g.: ALL, ANY | `string` | `"ANY"` | no |
+| <a name="input_dynamic_group_matching_rules"></a> [dynamic\_group\_matching\_rules](#input\_dynamic\_group\_matching\_rules) | List of matching rules for the dynamic group. e.g.: ["ALL {instance.compartment.id = 'ocid1.compartment.oc1..aaaaaaaaxxxxxxxxxxxxxxxx'}", "ALL {instance.id = 'ocid1.instance.oc1.phx.xxxxxxxx'}"] | `list(string)` | `[]` | no |
+| <a name="input_dynamic_group_name"></a> [dynamic\_group\_name](#input\_dynamic\_group\_name) | Name of the dynamic group. e.g.: OKE Cluster Dynamic Group => <app\_name>-oke-cluster-dynamic-group-<deploy\_id> | `string` | `"Dynamic Group"` | no |
+| <a name="input_oci_tag_values"></a> [oci\_tag\_values](#input\_oci\_tag\_values) | Tags to be added to the resources | `any` | n/a | yes |
+| <a name="input_policy_name"></a> [policy\_name](#input\_policy\_name) | Name of the policy. e.g.: Compartment Policies => <app\_name>-compartment-policies-<deploy\_id> | `string` | `"Policies"` | no |
+| <a name="input_policy_statements"></a> [policy\_statements](#input\_policy\_statements) | List of statements for the compartment policy. e.g.: ["Allow dynamic-group <DynamicGroupName> to manage instances in compartment <compartment>", "Allow dynamic-group <DynamicGroupName> to use instances in compartment <compartment> where ALL {instance.compartment.id = 'ocid1.compartment.oc1..aaaaaaaaxxxxxxxxxxxxxxxx', instance.id = 'ocid1.instance.oc1.phx.xxxxxxxx'}"] | `list(string)` | `[]` | no |
+| <a name="input_tenancy_ocid"></a> [tenancy\_ocid](#input\_tenancy\_ocid) | OCI Provider | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_compartment_policy_id"></a> [compartment\_policy\_id](#output\_compartment\_policy\_id) | n/a |
+| <a name="output_dynamic_group_id"></a> [dynamic\_group\_id](#output\_dynamic\_group\_id) | n/a |
+| <a name="output_dynamic_group_name"></a> [dynamic\_group\_name](#output\_dynamic\_group\_name) | n/a |
+<!-- END_TF_DOCS -->