Merge pull request #3184 from oracle/new_oci_controls

Add new OCI cloud controls
This commit is contained in:
Aivars Sterns 2018-10-16 11:29:13 +03:00 committed by GitHub
commit 9b773185c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 40 additions and 3 deletions

View file

@ -8,8 +8,18 @@
#oci_vnc_id:
#oci_subnet1_id:
#oci_subnet2_id:
## Overide these default behaviors if you wish
## Overide these default/optional behaviors if you wish
#oci_security_list_management: All
# If you would like the controller to manage specific lists per subnet. This is a mapping of subnet ocids to security list ocids. Below are examples.
#oci_security_lists:
#ocid1.subnet.oc1.phx.aaaaaaaasa53hlkzk6nzksqfccegk2qnkxmphkblst3riclzs4rhwg7rg57q: ocid1.securitylist.oc1.iad.aaaaaaaaqti5jsfvyw6ejahh7r4okb2xbtuiuguswhs746mtahn72r7adt7q
#ocid1.subnet.oc1.phx.aaaaaaaahuxrgvs65iwdz7ekwgg3l5gyah7ww5klkwjcso74u3e4i64hvtvq: ocid1.securitylist.oc1.iad.aaaaaaaaqti5jsfvyw6ejahh7r4okb2xbtuiuguswhs746mtahn72r7adt7q
# If oci_use_instance_principals is true, you do not need to set the region, tenancy, user, key, passphrase, or fingerprint
#oci_use_instance_principals: false
#oci_cloud_controller_version: 0.5.0
#oci_cloud_controller_version: 0.6.0
# If you would like to control OCI query rate limits for the controller
#oci_rate_limit:
#rate_limit_qps_read:
#rate_limit_qps_write:
#rate_limit_bucket_read:
#rate_limit_bucket_write:

View file

@ -2,4 +2,4 @@
oci_security_list_management: All
oci_use_instance_principals: false
oci_cloud_controller_version: 0.5.0
oci_cloud_controller_version: 0.6.0

View file

@ -28,6 +28,7 @@
kube:
kubectl: "{{ bin_dir }}/kubectl"
filename: "/tmp/cloud-provider.yml"
state: latest
when: inventory_hostname == groups['kube-master'][0]
tags: oci
@ -47,5 +48,6 @@
kube:
kubectl: "{{ bin_dir }}/kubectl"
filename: "/tmp/oci-cloud-controller-manager.yml"
state: latest
when: inventory_hostname == groups['kube-master'][0]
tags: oci

View file

@ -54,3 +54,28 @@ loadBalancer:
# inbound traffic to load balancers.
securityListManagementMode: {{ oci_security_list_management }}
{% if oci_security_lists is defined and oci_security_lists|length > 0 %}
# Optional specification of which security lists to modify per subnet. This does not apply if security list management is off.
securityLists:
{% for subnet_ocid, list_ocid in oci_security_lists.iteritems() %}
{{ subnet_ocid }}: {{ list_ocid }}
{% endfor %}
{% endif %}
{% if oci_rate_limit is defined and oci_rate_limit|length > 0 %}
# Optional rate limit controls for accessing OCI API
rateLimiter:
{% if oci_rate_limit.rate_limit_qps_read %}
rateLimitQPSRead: {{ oci_rate_limit.rate_limit_qps_read }}
{% endif %}
{% if oci_rate_limit.rate_limit_qps_write %}
rateLimitQPSWrite: {{ oci_rate_limit.rate_limit_qps_write }}
{% endif %}
{% if oci_rate_limit.rate_limit_bucket_read %}
rateLimitBucketRead: {{ oci_rate_limit.rate_limit_bucket_read }}
{% endif %}
{% if oci_rate_limit.rate_limit_bucket_write %}
rateLimitBucketWrite: {{ oci_rate_limit.rate_limit_bucket_write }}
{% endif %}
{% endif %}