0.2.1

Bugfixes

• Issue #2 is resolved in this release (with many thanks to @rexwangcc for contributing this fix!). This was caused by a compatibility problem with the use of self_link rather than the more modern/conventional id for a reference to an object.

Known Issues

• If you try to create a pool with a single vault node (or modify the node count to 1 from the module variables), Terraform will have a VERY bad time and bomb out with partial construction of the cluster. There are currently no plans to support a single-node cluster.
• Creation of the ACME certificate for Vault will fail if your domain doesn't have the correct NS records configured, OR if they haven't synchronized yet.

0.2.0

Bugfixes

• Initially, we reused the same KMS keyring and key names, but in the event of a destroy, this created a lack of idempotency and a conflict. (i.e., you could initially create these resources and then destroy them, but if you then attempted to create another cluster on the same project, it would fail because the keyring/key are not deletable once created). This is resolved in the current release by adding a new module to produce randomized names for a new keyring/key every time those resources are destroyed/recreated.
• There was a bug introduced in recent versions of google and kubernetes providers which would prevent this cluster from being removed with terraform destroy. I have resolved this by creating an explicit dependency (the vault namespace depends on the existence of the k8s cluster's node pool).

Known Issues

• If you try to create a pool with a single vault node (or modify the node count to 1 from the module variables), Terraform will have a VERY bad time and bomb out with partial construction of the cluster. There are currently no plans to support a single-node cluster.
• Creation of the ACME certificate for Vault will fail if your domain doesn't have the correct NS records configured, OR if they haven't synchronized yet.

0.1.3

Correct one other slight inaccuracy in the README

0.1.2

Simply corrects a typo in the README from the 0.1.1 release.

Stable Release

This release has identical code to 0.1.0, but it also has an updated README that clarifies some points that I did not explain very well in the initial README.

Stable Release (Tested From Scratch)

• README has been updated with in-depth instructions about how to configure DNS
• The entire module has been tested end-to-end in a brand new GCP project.

0.0.5

• Resolves an issue; the k8s secret for the ACME cert files was statically set rather than parameterized. This could cause containers to fail to start.

0.0.4

• Update README with additional details and caveats.

0.0.3

• Fix a typo that would have created a KMS keyring with an odd name

0.0.2

• Improved the README beyond bare-minimum functionality