Updates in Compute module
- Compute: logic updated for platform images lookup by name.
- Block Volumes: precondition check for cross region replication and encryption with customer managed key removed.
- File Storage: following attributes were added to mount_targets attribute: network_security_groups, hostname_label, defined_tags, freeform_tags.
Updates in Compute module
- Support for ZPR (Zero Trust Packet Routing) attributes on Compute instances and secondary VNICs. See zpr_attributes attribute in Compute module documentation for details.
- Disabled precondition check on platform images supported shapes when the platform image OCID is provided as the Compute image source.
Updates in Compute module
- Marketplace images, platform images and custom images split for clarity in module interface.
- Marketplace image's publisher_name attribute has been removed and version attribute has been introduced. See Compute section for usage guidance.
- Marketplace images configured with automatic Marketplace agreements.
- Module now validates whether provided shape is compatible with provided marketplace or platform image.
- All modules now require Terraform binary equal or greater than 1.3.0.
- cislz-terraform-module tag renamed to ocilz-terraform-module.
- Aligned README.md structure to Oracle's GitHub organizations requirements.
- OKE module added, supporting basic and enhanced clusters, with managed node pools and virtual node pools. See OKE module for details.
- Compute module can now manage cluster networks and compute clusters. See Clusters for details.
- Compute module now supports cloud-init scripts passed in as a file or as a string in Terraform heredoc style. See Compute for details.
- Compute module now supports SSH public keys passed in as a file or as a string.
-
Compute aligns with CIS Benchmark 2.0.0: in additional to encryption at rest, CIS profile level now drives in-transit encryption, secure Boot (Shielded instances), and the availability of legacy Metadata service endpoint.
- CIS profile level 1 enables in-transit encryption.
- CIS profile level 2 enables secure boot and disables legacy Metadata service endpoint.
-
Cloud Agent Requirements documented.
- How to Mount Block Volumes
- Network dependency aligned with CIS Landing Zone Networking Module Output
Instructions are provided in README.md for mounting block volumes. The modules does not mount volumes automatically.
network_dependency input variable aligns with CIS Landing Zone Networking module output. The Networking module outputs resources grouped by resource type ("vcns", "subnets", "network_security_groups", etc.). All modules in this repository have been updated accordingly. This impacts the contents of network_dependency variable. See external-dependencies for an example.
Compute module can configure instances with secondary VNICs and secondary IPs per VNIC.
Modules for Compute, Storage, Platform Images and Marketplace Images
- CIS profile level drives data at rest encryption configuration.
- Boot volumes encryption with customer managed keys from OCI Vault service.
- In-transit encryption for boot volumes and attached block volumes.
- Data in-use encryption for platform images (Confidential computing).
- Shielded instances.
- Boot volumes backup with Oracle managed policies.
- Cloud Agent Plugins.
- CIS profile level drives data at rest encryption configuration.
- Data at rest encryption with customer managed keys from OCI Vault service.
- In-transit encryption for attached Compute instances.
- Cross-region replication for strong cyber resilience posture.
- Backups with Oracle managed policies.
- Shareable block volume attachments.
- CIS profile level drives data at rest encryption configuration.
- Data at rest encryption with customer managed keys from OCI Vault service.
- Cross-region replication for strong cyber resilience posture.
- Backups with custom snapshot policies.
- Aids in finding OCI Platform images.
- Aids in finding OCI Marketplace images.