Services cluster terraform and kubernetes v1.33.1 updates

Signed-off-by: Koray Oksay <koray.oksay@gmail.com>

Author: koksay

ci/services/cluster/cluster.tf

@@ -1,7 +1,7 @@
 locals {
   # it can be aquired from:
   # oci ce node-pool-options get --node-pool-option-id all | jq '.data.sources.[] | select(."source-name" | match("Oracle-Linux-8.10-2025.*OKE-1.32.*"))'
-  oci_image_id = "ocid1.image.oc1.us-sanjose-1.aaaaaaaakex5p5yb4hudzzvmcoacq2lmjur3rwqmxdsqd4bol4npx2j6x7iq"
+  oci_image_id = "ocid1.image.oc1.us-sanjose-1.aaaaaaaa3rkpji3z32yqk5jaydjnxrlfwrgb5rqmyzak2ytcctjm7jrwdgya"
 }
 
 resource "oci_containerengine_cluster" "service" {

ci/services/cluster/network.tf

@@ -160,6 +160,7 @@ resource "oci_core_security_list" "svc_lb" {
   display_name   = "${var.cluster_name}-svclb-seclist"
 
   egress_security_rules {
+    description      = "kube-proxy access"
     destination      = "10.0.10.0/23"
     destination_type = "CIDR_BLOCK"
     protocol         = "6"
@@ -172,6 +173,7 @@ resource "oci_core_security_list" "svc_lb" {
   }
 
   egress_security_rules {
+    description      = "NodePort service access"
     destination      = "10.0.10.0/23"
     destination_type = "CIDR_BLOCK"
     protocol         = "6"
@@ -184,6 +186,7 @@ resource "oci_core_security_list" "svc_lb" {
   }
 
   egress_security_rules {
+    description      = "NodePort service access"
     destination      = "10.0.10.0/23"
     destination_type = "CIDR_BLOCK"
     protocol         = "6"
@@ -196,6 +199,7 @@ resource "oci_core_security_list" "svc_lb" {
   }
 
   egress_security_rules {
+    description      = "NodePort service access"
     destination      = "10.0.10.0/23"
     destination_type = "CIDR_BLOCK"
     protocol         = "6"
@@ -380,6 +384,7 @@ resource "oci_core_security_list" "node" {
   }
 
   ingress_security_rules {
+    description = "Access kube-proxy"
     protocol    = "6"
     source      = "10.0.20.0/24"
     source_type = "CIDR_BLOCK"
@@ -392,6 +397,7 @@ resource "oci_core_security_list" "node" {
   }
 
   ingress_security_rules {
+    description = "NodePort service access"
     protocol    = "6"
     source      = "10.0.20.0/24"
     source_type = "CIDR_BLOCK"
@@ -404,6 +410,7 @@ resource "oci_core_security_list" "node" {
   }
 
   ingress_security_rules {
+    description = "NodePort service access"
     protocol    = "6"
     source      = "10.0.20.0/24"
     source_type = "CIDR_BLOCK"
@@ -416,6 +423,7 @@ resource "oci_core_security_list" "node" {
   }
 
   ingress_security_rules {
+    description = "NodePort service access"
     protocol    = "6"
     source      = "10.0.20.0/24"
     source_type = "CIDR_BLOCK"
@@ -467,10 +475,12 @@ resource "oci_core_public_ip" "ingress_ip" {
   compartment_id = var.compartment_ocid
   lifetime       = "RESERVED"
   display_name   = "${var.cluster_name}-ingress-ip"
+  private_ip_id  = "ocid1.privateip.oc1.us-sanjose-1.abzwuljrkimbtnfaj5jjpepkmp4ifttqcltnmdldwvzviicmsk5foxp4oiwa"
 }
 
 resource "oci_core_public_ip" "kcp_lb_ip" {
   compartment_id = var.compartment_ocid
   lifetime       = "RESERVED"
   display_name   = "${var.cluster_name}-kcp-lp-ip"
+  private_ip_id  = "ocid1.privateip.oc1.us-sanjose-1.abzwuljrzbthnlqawsumhrda7i7ucfivjcirrw565fuomenlknsmcxpvn2ka"
 }

ci/services/cluster/provider.tf

@@ -8,7 +8,7 @@ terraform {
   required_providers {
     oci = {
       source  = "oracle/oci"
-      version = "7.1.0"
+      version = "7.21.0"
     }
   }
 

ci/services/cluster/variables.tf

@@ -48,7 +48,7 @@ variable "node_pool_worker_size" {
 
 variable "kubernetes_version" {
   type    = string
-  default = "v1.32.1"
+  default = "v1.33.1"
 }
 
 variable "cluster_autoscaler_min" {
@@ -77,4 +77,4 @@ variable "oke_node_cpu" {
   type        = number
   description = "OKE worker node CPUs"
   default     = 8
-}
+}