Add new OCI cloud controls

6 years ago · 83838b7fbc
4 changed files with 40 additions and 3 deletions
--- a/inventory/sample/group_vars/all/oci.yml
+++ b/inventory/sample/group_vars/all/oci.yml
@ -8,8 +8,18 @@
 #oci_vnc_id:
 #oci_subnet1_id:
 #oci_subnet2_id:
-## Overide these default behaviors if you wish
+## Overide these default/optional behaviors if you wish
 #oci_security_list_management: All
+# If you would like the controller to manage specific lists per subnet. This is a mapping of subnet ocids to security list ocids. Below are examples. 
+#oci_security_lists:
+  #ocid1.subnet.oc1.phx.aaaaaaaasa53hlkzk6nzksqfccegk2qnkxmphkblst3riclzs4rhwg7rg57q: ocid1.securitylist.oc1.iad.aaaaaaaaqti5jsfvyw6ejahh7r4okb2xbtuiuguswhs746mtahn72r7adt7q
+  #ocid1.subnet.oc1.phx.aaaaaaaahuxrgvs65iwdz7ekwgg3l5gyah7ww5klkwjcso74u3e4i64hvtvq: ocid1.securitylist.oc1.iad.aaaaaaaaqti5jsfvyw6ejahh7r4okb2xbtuiuguswhs746mtahn72r7adt7q
 # If oci_use_instance_principals is true, you do not need to set the region, tenancy, user, key, passphrase, or fingerprint
 #oci_use_instance_principals: false
-#oci_cloud_controller_version: 0.5.0
+#oci_cloud_controller_version: 0.6.0
+# If you would like to control OCI query rate limits for the controller 
+#oci_rate_limit:
+  #rate_limit_qps_read:
+  #rate_limit_qps_write:
+  #rate_limit_bucket_read:
+  #rate_limit_bucket_write:
--- a/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml
+++ b/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml
@ -2,4 +2,4 @@

 oci_security_list_management: All
 oci_use_instance_principals: false
-oci_cloud_controller_version: 0.5.0
+oci_cloud_controller_version: 0.6.0
--- a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
+++ b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
@ -28,6 +28,7 @@
  kube:
    kubectl: "{{ bin_dir }}/kubectl"
    filename: "/tmp/cloud-provider.yml"
+    state: latest
  when: inventory_hostname == groups['kube-master'][0]
  tags: oci

@ -47,5 +48,6 @@
  kube:
    kubectl: "{{ bin_dir }}/kubectl"
    filename: "/tmp/oci-cloud-controller-manager.yml"
+    state: latest
  when: inventory_hostname == groups['kube-master'][0]
  tags: oci
--- a/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2
+++ b/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2
@ -54,3 +54,28 @@ loadBalancer:
  #                    inbound traffic to load balancers.
  securityListManagementMode: {{ oci_security_list_management }}

+{% if oci_security_lists is defined and oci_security_lists|length > 0 %}
+  # Optional specification of which security lists to modify per subnet. This does not apply if security list management is off.
+  securityLists:
+{% for subnet_ocid, list_ocid in oci_security_lists.iteritems() %}
+    {{ subnet_ocid }}: {{ list_ocid }}
+{% endfor %}
+{% endif %}
+
+{% if oci_rate_limit is defined and oci_rate_limit|length > 0 %}
+# Optional rate limit controls for accessing OCI API
+rateLimiter:
+{% if oci_rate_limit.rate_limit_qps_read %}
+  rateLimitQPSRead: {{ oci_rate_limit.rate_limit_qps_read }} 
+{% endif %}
+{% if oci_rate_limit.rate_limit_qps_write %}
+  rateLimitQPSWrite: {{ oci_rate_limit.rate_limit_qps_write }} 
+{% endif %}
+{% if oci_rate_limit.rate_limit_bucket_read %}
+  rateLimitBucketRead: {{ oci_rate_limit.rate_limit_bucket_read }} 
+{% endif %}
+{% if oci_rate_limit.rate_limit_bucket_write %}
+  rateLimitBucketWrite: {{ oci_rate_limit.rate_limit_bucket_write }} 
+{% endif %}
+{% endif %}
+