Add node-cycle-mode support

Author: robo-cap

docs/src/guide/workers_node_cycle.md

@@ -18,6 +18,14 @@ When you set `node_cycling_enabled` to `true` for a node pool, OKE will compare
 
 The `node_cycling_max_surge` (default: `1`) and `node_cycling_max_unavailable` (default: `0`) node_pool attributes can be configured with absolute values or percentage values, calculated relative to the node_pool `size`. These attributes determine how OKE will replace the nodes with a stale config in the node_pool.
 
+The `node_cycling_mode` attribute supports two node cycling modes:
+- `instance` - (default) - cycling deletes and recreates a new node with the changes applied.
+- `boot_volume` cycling swaps the boot volume on the same node.
+
+**Notes:**
+- Only a subset of fields (`kubernetes_version`, `image_id`, `boot_volume_size`, `node_metadata`, `ssh_public_key`, `volume_kms_key_id`) can be changed with `boot_volume` cycling.
+- The cycling operation will attempt to bring all nodes in the NodePool in sync with the NodePool specification. If `boot_volume` cycling mode is chosen, and the node needs changes to fields that can not be updated via a `boot_volume` cycle, the cycle attempt for that node will fail. The cycle_mode has to be changed to `instance` and the node-cycle operation needs to be retried.
+
 When cycling nodes, the OKE cordons, drains, and terminates nodes according to the node pool's cordon and drain options.
 
 **Notes:**

examples/workers/vars-workers-node-cycling.auto.tfvars

@@ -10,5 +10,6 @@ worker_pools = {
     node_cycling_enabled         = true
     node_cycling_max_surge       = "25%"
     node_cycling_max_unavailable = 0
+    node_cycling_mode            = ["instance"] # An alternative value is boot_volume. Only a single mode is supported.
   }
 }

modules/cluster-addons/versions.tf

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     oci = {
       source  = "oracle/oci"
-      version = ">= 6.17.0"
+      version = ">= 6.37.0"
     }
   }
 }

modules/cluster/versions.tf

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     oci = {
       source  = "oracle/oci"
-      version = ">= 6.32.0"
+      version = ">= 6.37.0"
     }
   }
 }

modules/iam/group-cluster.tf

@@ -14,7 +14,9 @@ locals {
   cluster_policy_statements = coalesce(var.cluster_kms_key_id, "none") != "none" ? tolist([format(
     "Allow dynamic-group %v to use keys in compartment id %v where target.key.id = '%v'",
     local.cluster_group_name, var.compartment_id, var.cluster_kms_key_id,
-  )]) : []
+  ), format("Allow dynamic-group %v to read instance-images in compartment id %v",
+    local.cluster_group_name, var.compartment_id)
+  ]) : []
 }
 
 resource "oci_identity_dynamic_group" "cluster" {

modules/iam/policy.tf

@@ -34,10 +34,10 @@ resource "oci_identity_policy" "cluster" {
 resource "oci_identity_policy" "cluster_ipv6" {
   provider       = oci.home
   count          = var.enable_ipv6 && var.create_iam_resources ? 1 : 0
-  compartment_id = var.network_compartment_id
+  compartment_id = var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id
   description    = format("Policies for OKE Terraform state %v", var.state_id)
   name           = var.policy_name
-  statements     = [format("Allow any-user to use ipv6s in compartment %s where all { request.principal.id = '%s' }", var.network_compartment_id, var.cluster_id )]
+  statements     = [format("Allow any-user to use ipv6s in compartment %s where all { request.principal.type = 'cluster' }", var.network_compartment_id != null ? var.network_compartment_id : var.compartment_id )]
   defined_tags   = local.defined_tags
   freeform_tags  = local.freeform_tags
   lifecycle {

modules/workers/locals.tf

@@ -46,6 +46,7 @@ locals {
     node_cycling_enabled         = false
     node_cycling_max_surge       = 1
     node_cycling_max_unavailable = 0
+    node_cycling_mode            = ["instance"]
     node_labels                  = var.node_labels
     nsg_ids                      = [] # empty pool-specific default
     ocpus                        = local.ocpus
@@ -169,8 +170,17 @@ locals {
         pool.autoscale ? { "oke.oraclecloud.com/cluster_autoscaler" = "managed" } : {},
         pool.node_labels,
       )
+
+      # Override Node-cycling mode
+      node_cycling_mode = pool.node_cycling_mode != null ? [ for entry in pool.node_cycling_mode: lookup(local.supported_node_cycling_mode, lower(entry)) ] : null
+      
     }) if tobool(pool.create)
   }
+  
+  supported_node_cycling_mode = {
+    instance    = "INSTANCE_REPLACE"
+    boot_volume = "BOOT_VOLUME_REPLACE"
+  }
 
   enabled_modes = distinct([for w in values(local.enabled_worker_pools) : w.mode])
 

modules/workers/nodepools.tf

@@ -261,6 +261,7 @@ resource "oci_containerengine_node_pool" "autoscaled_workers" {
     is_node_cycling_enabled = each.value.node_cycling_enabled
     maximum_surge           = each.value.node_cycling_max_surge
     maximum_unavailable     = each.value.node_cycling_max_unavailable
+    cycle_modes             = each.value.node_cycling_mode
   }
 
   node_source_details {

modules/workers/versions.tf

@@ -12,7 +12,7 @@ terraform {
 
     oci = {
       source  = "oracle/oci"
-      version = ">= 4.119.0"
+      version = ">= 6.37.0"
     }
   }
 }

versions.tf

@@ -23,7 +23,7 @@ terraform {
     oci = {
       configuration_aliases = [oci.home]
       source                = "oracle/oci"
-      version               = ">= 4.119.0"
+      version               = ">= 6.37.0"
     }
 
     random = {