iits-consulting · canaykin · Jul 19, 2024 · Jul 15, 2024 · Jul 15, 2024 · Jul 15, 2024
diff --git a/modules/cce/README.md b/modules/cce/README.md
@@ -190,29 +190,32 @@ No modules.
 | <a name="input_node_flavor"></a> [node\_flavor](#input\_node\_flavor) | Node specifications in otc flavor format | `string` | n/a | yes |
 | <a name="input_autoscaler_node_max"></a> [autoscaler\_node\_max](#input\_autoscaler\_node\_max) | Maximum limit of servers to create (default: 10) | `number` | `10` | no |
 | <a name="input_autoscaler_node_min"></a> [autoscaler\_node\_min](#input\_autoscaler\_node\_min) | Lower bound of servers to always keep (default: <node\_count>) | `number` | `null` | no |
-| <a name="input_autoscaler_version"></a> [autoscaler\_version](#input\_autoscaler\_version) | Version of the Autoscaler Addon Template (default: 1.27.53) | `string` | `"1.27.53"` | no |
+| <a name="input_autoscaler_version"></a> [autoscaler\_version](#input\_autoscaler\_version) | Version of the Autoscaler Addon Template (default: 1.28.22) | `string` | `"1.28.22"` | no |
 | <a name="input_cluster_authenticating_proxy_ca"></a> [cluster\_authenticating\_proxy\_ca](#input\_cluster\_authenticating\_proxy\_ca) | X509 CA certificate configured in authenticating\_proxy mode. The maximum size of the certificate is 1 MB. | `string` | `null` | no |
 | <a name="input_cluster_authenticating_proxy_cert"></a> [cluster\_authenticating\_proxy\_cert](#input\_cluster\_authenticating\_proxy\_cert) | Client certificate issued by the X509 CA certificate configured in authenticating\_proxy mode. | `string` | `null` | no |
 | <a name="input_cluster_authenticating_proxy_private_key"></a> [cluster\_authenticating\_proxy\_private\_key](#input\_cluster\_authenticating\_proxy\_private\_key) | Private key of the client certificate issued by the X509 CA certificate configured in authenticating\_proxy mode. | `string` | `null` | no |
 | <a name="input_cluster_authentication_mode"></a> [cluster\_authentication\_mode](#input\_cluster\_authentication\_mode) | Authentication mode of the Cluster. Either rbac or authenticating\_proxy (default: rbac) | `string` | `"rbac"` | no |
 | <a name="input_cluster_container_cidr"></a> [cluster\_container\_cidr](#input\_cluster\_container\_cidr) | Kubernetes pod network CIDR range (default: 172.16.0.0/16) | `string` | `"172.16.0.0/16"` | no |
 | <a name="input_cluster_container_network_type"></a> [cluster\_container\_network\_type](#input\_cluster\_container\_network\_type) | Container network type: vpc-router or overlay\_l2 for VirtualMachine Clusters; underlay\_ipvlan for BareMetal Clusters | `string` | `""` | no |
 | <a name="input_cluster_enable_scaling"></a> [cluster\_enable\_scaling](#input\_cluster\_enable\_scaling) | Enable autoscaling of the cluster (default: false) | `bool` | `false` | no |
+| <a name="input_cluster_enable_volume_encryption"></a> [cluster\_enable\_volume\_encryption](#input\_cluster\_enable\_volume\_encryption) | (Optional) System and data disks encryption of master nodes. Changing this parameter will create a new cluster resource. Defaults to 'true' | `bool` | `true` | no |
 | <a name="input_cluster_high_availability"></a> [cluster\_high\_availability](#input\_cluster\_high\_availability) | Create the cluster in highly available mode (default: false) | `bool` | `false` | no |
 | <a name="input_cluster_install_icagent"></a> [cluster\_install\_icagent](#input\_cluster\_install\_icagent) | Install icagent for logging and metrics via AOM (default: false) | `bool` | `false` | no |
 | <a name="input_cluster_public_access"></a> [cluster\_public\_access](#input\_cluster\_public\_access) | Bind a public IP to the CLuster to make it public available (default: true) | `bool` | `true` | no |
 | <a name="input_cluster_service_cidr"></a> [cluster\_service\_cidr](#input\_cluster\_service\_cidr) | Kubernetes service network CIDR range (default: 10.247.0.0/16) | `string` | `"10.247.0.0/16"` | no |
 | <a name="input_cluster_size"></a> [cluster\_size](#input\_cluster\_size) | Size of the cluster: small, medium, large (default: small) | `string` | `"small"` | no |
 | <a name="input_cluster_type"></a> [cluster\_type](#input\_cluster\_type) | Cluster type: VirtualMachine or BareMetal (default: VirtualMachine) | `string` | `"VirtualMachine"` | no |
-| <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | CCE cluster version. | `string` | `"v1.27"` | no |
-| <a name="input_metrics_server_version"></a> [metrics\_server\_version](#input\_metrics\_server\_version) | Version of the Metrics Server Addon Template (default: 1.3.37) | `string` | `"1.3.37"` | no |
+| <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | CCE cluster version. | `string` | `"v1.28"` | no |
+| <a name="input_metrics_server_version"></a> [metrics\_server\_version](#input\_metrics\_server\_version) | Version of the Metrics Server Addon Template (default: 1.3.39) | `string` | `"1.3.39"` | no |
 | <a name="input_node_container_runtime"></a> [node\_container\_runtime](#input\_node\_container\_runtime) | The container runtime to use. Must be set to either containerd or docker. (default: containerd) | `string` | `"containerd"` | no |
+| <a name="input_node_k8s_tags"></a> [node\_k8s\_tags](#input\_node\_k8s\_tags) | (Optional, Map) Tags of a Kubernetes node, key/value pair format. | `map(string)` | `{}` | no |
 | <a name="input_node_os"></a> [node\_os](#input\_node\_os) | Operating system of worker nodes: EulerOS 2.5 or CentOS 7.7 (default: EulerOS 2.9) | `string` | `"EulerOS 2.9"` | no |
 | <a name="input_node_postinstall"></a> [node\_postinstall](#input\_node\_postinstall) | Post install script for the cluster ECS node pool. | `string` | `""` | no |
 | <a name="input_node_storage_encryption_enabled"></a> [node\_storage\_encryption\_enabled](#input\_node\_storage\_encryption\_enabled) | Enable OTC KMS volume encryption for the node pool volumes. (default: false) | `bool` | `false` | no |
 | <a name="input_node_storage_encryption_kms_key_name"></a> [node\_storage\_encryption\_kms\_key\_name](#input\_node\_storage\_encryption\_kms\_key\_name) | If KMS volume encryption is enabled, specify a name of an existing kms key. Setting this disables the creation of a new kms key. (default: null) | `string` | `null` | no |
 | <a name="input_node_storage_size"></a> [node\_storage\_size](#input\_node\_storage\_size) | Size of the node system disk in GB (default: 100) | `number` | `100` | no |
 | <a name="input_node_storage_type"></a> [node\_storage\_type](#input\_node\_storage\_type) | Type of node storage SATA, SAS or SSD (default: SATA) | `string` | `"SATA"` | no |
+| <a name="input_node_taints"></a> [node\_taints](#input\_node\_taints) | Node taints for the node pool | <pre>list(object({<br>    effect = string<br>    key    = string<br>    value  = string<br>  }))</pre> | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Common tag set for CCE resources | `map(any)` | `{}` | no |
 
 ## Outputs

diff --git a/modules/cce/cluster.tf b/modules/cce/cluster.tf
@@ -50,19 +50,20 @@ locals {
 }
 
 resource "opentelekomcloud_cce_cluster_v3" "cluster" {
-  name                    = var.name
-  cluster_type            = var.cluster_type
-  flavor_id               = local.flavor_id
-  vpc_id                  = var.cluster_vpc_id
-  subnet_id               = var.cluster_subnet_id
-  container_network_type  = local.cluster_container_network_type
-  container_network_cidr  = var.cluster_container_cidr
-  kubernetes_svc_ip_range = var.cluster_service_cidr
-  description             = "Kubernetes Cluster ${var.name}."
-  eip                     = var.cluster_public_access ? opentelekomcloud_vpc_eip_v1.cce_eip[0].publicip[0].ip_address : null
-  cluster_version         = var.cluster_version
-  authentication_mode     = var.cluster_authentication_mode
-  annotations             = var.cluster_install_icagent ? { "cluster.install.addons.external/install" = jsonencode([{ addonTemplateName = "icagent" }]) } : null
+  name                     = var.name
+  cluster_type             = var.cluster_type
+  flavor_id                = local.flavor_id
+  vpc_id                   = var.cluster_vpc_id
+  subnet_id                = var.cluster_subnet_id
+  container_network_type   = local.cluster_container_network_type
+  container_network_cidr   = var.cluster_container_cidr
+  kubernetes_svc_ip_range  = var.cluster_service_cidr
+  description              = "Kubernetes Cluster ${var.name}."
+  eip                      = var.cluster_public_access ? opentelekomcloud_vpc_eip_v1.cce_eip[0].publicip[0].ip_address : null
+  cluster_version          = var.cluster_version
+  authentication_mode      = var.cluster_authentication_mode
+  annotations              = var.cluster_install_icagent ? { "cluster.install.addons.external/install" = jsonencode([{ addonTemplateName = "icagent" }]) } : null
+  enable_volume_encryption = var.cluster_enable_volume_encryption
   dynamic "authenticating_proxy" {
     for_each = var.cluster_authentication_mode != "authenticating_proxy" ? toset([]) : toset(["authenticating_proxy"])
     content {
@@ -98,6 +99,17 @@ resource "opentelekomcloud_cce_node_pool_v3" "cluster_node_pool" {
   docker_base_size         = 20
   postinstall              = var.node_postinstall
 
+  k8s_tags = var.node_k8s_tags
+
+  dynamic "taints" {
+    for_each = var.node_taints
+    content {
+      effect = taints.value.effect
+      key    = taints.value.key
+      value  = taints.value.value
+    }
+  }
+
   root_volume {
     size       = 50
     volumetype = "SSD"

diff --git a/modules/cce/variables.tf b/modules/cce/variables.tf
@@ -23,7 +23,7 @@ variable "cluster_subnet_id" {
 variable "cluster_version" {
   type        = string
   description = "CCE cluster version."
-  default     = "v1.27"
+  default     = "v1.28"
 }
 
 variable "cluster_size" {
@@ -65,6 +65,12 @@ resource "errorcheck_is_valid" "container_network_type" {
   }
 }
 
+variable "cluster_enable_volume_encryption" {
+  description = "(Optional) System and data disks encryption of master nodes. Changing this parameter will create a new cluster resource. Defaults to 'true'"
+  default     = true
+  type        = bool
+}
+
 variable "cluster_container_cidr" {
   type        = string
   description = "Kubernetes pod network CIDR range (default: 172.16.0.0/16)"
@@ -196,6 +202,22 @@ variable "node_postinstall" {
   default     = ""
 }
 
+variable "node_taints" {
+  type = list(object({
+    effect = string
+    key    = string
+    value  = string
+  }))
+  description = "Node taints for the node pool"
+  default     = []
+}
+
+variable "node_k8s_tags" {
+  default     = {}
+  description = "(Optional, Map) Tags of a Kubernetes node, key/value pair format."
+  type        = map(string)
+}
+
 variable "autoscaler_node_max" {
   type        = number
   description = "Maximum limit of servers to create (default: 10)"
@@ -215,14 +237,14 @@ locals {
 
 variable "autoscaler_version" {
   type        = string
-  description = "Version of the Autoscaler Addon Template (default: 1.27.53)"
-  default     = "1.27.53"
+  description = "Version of the Autoscaler Addon Template (default: 1.28.22)"
+  default     = "1.28.22"
 }
 
 variable "metrics_server_version" {
   type        = string
-  description = "Version of the Metrics Server Addon Template (default: 1.3.37)"
-  default     = "1.3.37"
+  description = "Version of the Metrics Server Addon Template (default: 1.3.39)"
+  default     = "1.3.39"
 }
 
 variable "cluster_authentication_mode" {

diff --git a/modules/cce_gpu_node_pool/README.md b/modules/cce_gpu_node_pool/README.md
@@ -92,6 +92,7 @@ No modules.
 | <a name="input_gpu_beta_version"></a> [gpu\_beta\_version](#input\_gpu\_beta\_version) | Version of the GPU Beta Addon Template (default: 2.0.46) | `string` | `"2.0.46"` | no |
 | <a name="input_gpu_driver_url"></a> [gpu\_driver\_url](#input\_gpu\_driver\_url) | Nvidia Driver download URL. Please refer to https://www.nvidia.com/Download/Find.aspx and ensure your driver is matching the GPU in your node flavor. | `string` | `""` | no |
 | <a name="input_node_container_runtime"></a> [node\_container\_runtime](#input\_node\_container\_runtime) | The container runtime to use. Must be set to either containerd or docker. (default: containerd) | `string` | `"containerd"` | no |
+| <a name="input_node_k8s_tags"></a> [node\_k8s\_tags](#input\_node\_k8s\_tags) | (Optional, Map) Tags of a Kubernetes node, key/value pair format. | `map(string)` | `{}` | no |
 | <a name="input_node_os"></a> [node\_os](#input\_node\_os) | Operating system of worker nodes. | `string` | `"EulerOS 2.9"` | no |
 | <a name="input_node_postinstall"></a> [node\_postinstall](#input\_node\_postinstall) | Post install script for the node pool. | `string` | `""` | no |
 | <a name="input_node_scaling_enabled"></a> [node\_scaling\_enabled](#input\_node\_scaling\_enabled) | Enable the scaling for the node pool. Please note that CCE cluster must have autoscaling addon installed. (default: 10) | `bool` | `true` | no |

diff --git a/modules/cce_gpu_node_pool/main.tf b/modules/cce_gpu_node_pool/main.tf
@@ -52,6 +52,8 @@ resource "opentelekomcloud_cce_node_pool_v3" "cluster_node_pool" {
   docker_base_size         = 20
   postinstall              = var.node_postinstall
 
+  k8s_tags = var.node_k8s_tags
+
   dynamic "taints" {
     for_each = var.node_taints
     content {

diff --git a/modules/cce_gpu_node_pool/variables.tf b/modules/cce_gpu_node_pool/variables.tf
@@ -21,6 +21,12 @@ variable "node_availability_zones" {
   description = "Availability zones for the node pools. Providing multiple availability zones creates one node pool in each zone."
 }
 
+variable "node_k8s_tags" {
+  default     = {}
+  description = "(Optional, Map) Tags of a Kubernetes node, key/value pair format."
+  type        = map(string)
+}
+
 locals {
   valid_availability_zones = {
     eu-de = toset([

diff --git a/modules/jumphost/README.md b/modules/jumphost/README.md
@@ -1,6 +1,6 @@
 ## Jumphost Module
 
-A module designed to create SSH jumphosts via OTC ECS for private networks. 
+A module designed to create SSH jumphosts via OTC ECS for private networks.
 
 Usage example:
 ```hcl
@@ -12,12 +12,10 @@ module "vpc" {
     "subnet-demo" = "default_cidr"
   }
 }
-
 data "opentelekomcloud_images_image_v2" "ubuntu" {
   name       = "Standard_Ubuntu_20.04_latest"
   visibility = "public"
 }
-
 module "jumphost" {
   source        = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/jumphost"
   vpc_id        = module.vpc.vpc.id
@@ -33,12 +31,11 @@ module "jumphost" {
 > - Agency Type = `Account`
 > - Delegated Account = `op_svc_evs`
 > - Permissions = `KMS Administrator` within the project
-
-Notes:
+    Notes:
 - Please see [example_cloud_init](../../example_cloud_init) for example cloud_init configuration
 - More examples of cloud-init can be found in [Cloud config examples](https://cloudinit.readthedocs.io/en/latest/topics/examples.html)
 - For complete documentation of cloud init, please see [cloud-init Documentation](https://cloudinit.readthedocs.io/en/latest/index.html)
-- The jumphost module is designed to ignore changes in the node_image_id parameter. 
+- The jumphost module is designed to ignore changes in the node_image_id parameter.
 - The jumphost node's boot drive is also designed to be preserved even if the instance is destroyed for data resiliency.
 - If an image update or clean boot drive is intended,
   please use taint or destroy:
@@ -106,7 +103,8 @@ No modules.
 | <a name="input_cloud_init"></a> [cloud\_init](#input\_cloud\_init) | Custom Cloud-init configuration. Cloud-init cloud config format is expected. Only *.yml and *.yaml files will be read. | `string` | `""` | no |
 | <a name="input_node_bandwidth_size"></a> [node\_bandwidth\_size](#input\_node\_bandwidth\_size) | Jumphost node external IP bandwidth size in Mbps. (default: 10) | `number` | `10` | no |
 | <a name="input_node_flavor"></a> [node\_flavor](#input\_node\_flavor) | Jumphost node specifications in otc flavor format. (default: s3.medium.2 (3rd generation 1 Core 2GB RAM)) | `string` | `"s3.medium.2"` | no |
-| <a name="input_node_image_id"></a> [node\_image\_id](#input\_node\_image\_id) | Jumphost node image name. Image must exist within the same project as the jumphost node. (default: 9f92079d-9d1b-4832-90c1-a3b4a1c00b9b (Standard\_Ubuntu\_20.04\_latest)) | `string` | `"9f92079d-9d1b-4832-90c1-a3b4a1c00b9b"` | no |
+| <a name="input_node_image_id"></a> [node\_image\_id](#input\_node\_image\_id) | Jumphost node image name. Image must exist within the same project as the jumphost node. (default: bd571d76-c73c-405c-8532-8f7c3b38e5a5 (Standard\_Ubuntu\_22.04\_latest)) | `string` | `"bd571d76-c73c-405c-8532-8f7c3b38e5a5"` | no |
+| <a name="input_node_power_state"></a> [node\_power\_state](#input\_node\_power\_state) | Jumphost node power state. Only active (powered on) and shutoff (shutdown) are supported. (default: active) | `string` | `"active"` | no |
 | <a name="input_node_storage_encryption_enabled"></a> [node\_storage\_encryption\_enabled](#input\_node\_storage\_encryption\_enabled) | Jumphost node system disk storage KMS encryption toggle. | `bool` | `false` | no |
 | <a name="input_node_storage_encryption_key_name"></a> [node\_storage\_encryption\_key\_name](#input\_node\_storage\_encryption\_key\_name) | If jumphost system disk KMS encryption is enabled, use this KMS key name instead of creating a new one. | `string` | `null` | no |
 | <a name="input_node_storage_size"></a> [node\_storage\_size](#input\_node\_storage\_size) | Jumphost node system disk storage size in GB. (default: 20) | `number` | `20` | no |
@@ -123,4 +121,4 @@ No modules.
 | <a name="output_jumphost_address"></a> [jumphost\_address](#output\_jumphost\_address) | n/a |
 | <a name="output_jumphost_private_address"></a> [jumphost\_private\_address](#output\_jumphost\_private\_address) | n/a |
 | <a name="output_jumphost_sg_id"></a> [jumphost\_sg\_id](#output\_jumphost\_sg\_id) | n/a |
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/modules/jumphost/node.tf b/modules/jumphost/node.tf
@@ -44,6 +44,7 @@ resource "opentelekomcloud_compute_instance_v2" "jumphost_node" {
   image_id      = var.node_image_id
   auto_recovery = true
   flavor_id     = var.node_flavor
+  power_state   = var.node_power_state
 
   network {
     uuid           = var.subnet_id

diff --git a/modules/jumphost/variables.tf b/modules/jumphost/variables.tf
@@ -21,8 +21,13 @@ variable "node_flavor" {
 }
 
 variable "node_image_id" {
-  description = "Jumphost node image name. Image must exist within the same project as the jumphost node. (default: 9f92079d-9d1b-4832-90c1-a3b4a1c00b9b (Standard_Ubuntu_20.04_latest))"
-  default     = "9f92079d-9d1b-4832-90c1-a3b4a1c00b9b"
+  description = "Jumphost node image name. Image must exist within the same project as the jumphost node. (default: bd571d76-c73c-405c-8532-8f7c3b38e5a5 (Standard_Ubuntu_22.04_latest))"
+  default     = "bd571d76-c73c-405c-8532-8f7c3b38e5a5"
+}
+
+variable "node_power_state" {
+  description = "Jumphost node power state. Only active (powered on) and shutoff (shutdown) are supported. (default: active)"
+  default     = "active"
 }
 
 variable "node_storage_type" {

diff --git a/modules/projects/README.md b/modules/projects/README.md
@@ -19,7 +19,6 @@ module "projects" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | v1.4.6 |
 | <a name="requirement_opentelekomcloud"></a> [opentelekomcloud](#requirement\_opentelekomcloud) | >=1.34.4 |
 
 ## Providers

diff --git a/modules/state_bucket/README.md b/modules/state_bucket/README.md
@@ -28,7 +28,6 @@ Notes:
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | v1.4.6 |
 | <a name="requirement_opentelekomcloud"></a> [opentelekomcloud](#requirement\_opentelekomcloud) | >=1.34.4 |
 
 ## Providers