diff --git a/inventory/sample/group_vars/all/oci.yml b/inventory/sample/group_vars/all/oci.yml index fd83080dd..d4f1a64aa 100644 --- a/inventory/sample/group_vars/all/oci.yml +++ b/inventory/sample/group_vars/all/oci.yml @@ -8,8 +8,18 @@ #oci_vnc_id: #oci_subnet1_id: #oci_subnet2_id: -## Overide these default behaviors if you wish +## Overide these default/optional behaviors if you wish #oci_security_list_management: All +# If you would like the controller to manage specific lists per subnet. This is a mapping of subnet ocids to security list ocids. Below are examples. +#oci_security_lists: + #ocid1.subnet.oc1.phx.aaaaaaaasa53hlkzk6nzksqfccegk2qnkxmphkblst3riclzs4rhwg7rg57q: ocid1.securitylist.oc1.iad.aaaaaaaaqti5jsfvyw6ejahh7r4okb2xbtuiuguswhs746mtahn72r7adt7q + #ocid1.subnet.oc1.phx.aaaaaaaahuxrgvs65iwdz7ekwgg3l5gyah7ww5klkwjcso74u3e4i64hvtvq: ocid1.securitylist.oc1.iad.aaaaaaaaqti5jsfvyw6ejahh7r4okb2xbtuiuguswhs746mtahn72r7adt7q # If oci_use_instance_principals is true, you do not need to set the region, tenancy, user, key, passphrase, or fingerprint #oci_use_instance_principals: false -#oci_cloud_controller_version: 0.5.0 +#oci_cloud_controller_version: 0.6.0 +# If you would like to control OCI query rate limits for the controller +#oci_rate_limit: + #rate_limit_qps_read: + #rate_limit_qps_write: + #rate_limit_bucket_read: + #rate_limit_bucket_write: diff --git a/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml b/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml index ccfb70077..f128f741c 100644 --- a/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml +++ b/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml @@ -2,4 +2,4 @@ oci_security_list_management: All oci_use_instance_principals: false -oci_cloud_controller_version: 0.5.0 +oci_cloud_controller_version: 0.6.0 diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml index 37e5962d3..4907218cd 100644 --- a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml +++ b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml @@ -28,6 +28,7 @@ kube: kubectl: "{{ bin_dir }}/kubectl" filename: "/tmp/cloud-provider.yml" + state: latest when: inventory_hostname == groups['kube-master'][0] tags: oci @@ -47,5 +48,6 @@ kube: kubectl: "{{ bin_dir }}/kubectl" filename: "/tmp/oci-cloud-controller-manager.yml" + state: latest when: inventory_hostname == groups['kube-master'][0] tags: oci diff --git a/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 b/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 index 38c7ba86c..9726d3c5e 100644 --- a/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 +++ b/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 @@ -54,3 +54,28 @@ loadBalancer: # inbound traffic to load balancers. securityListManagementMode: {{ oci_security_list_management }} +{% if oci_security_lists is defined and oci_security_lists|length > 0 %} + # Optional specification of which security lists to modify per subnet. This does not apply if security list management is off. + securityLists: +{% for subnet_ocid, list_ocid in oci_security_lists.iteritems() %} + {{ subnet_ocid }}: {{ list_ocid }} +{% endfor %} +{% endif %} + +{% if oci_rate_limit is defined and oci_rate_limit|length > 0 %} +# Optional rate limit controls for accessing OCI API +rateLimiter: +{% if oci_rate_limit.rate_limit_qps_read %} + rateLimitQPSRead: {{ oci_rate_limit.rate_limit_qps_read }} +{% endif %} +{% if oci_rate_limit.rate_limit_qps_write %} + rateLimitQPSWrite: {{ oci_rate_limit.rate_limit_qps_write }} +{% endif %} +{% if oci_rate_limit.rate_limit_bucket_read %} + rateLimitBucketRead: {{ oci_rate_limit.rate_limit_bucket_read }} +{% endif %} +{% if oci_rate_limit.rate_limit_bucket_write %} + rateLimitBucketWrite: {{ oci_rate_limit.rate_limit_bucket_write }} +{% endif %} +{% endif %} +