oke and oke-node-pool modules clean up

junior · junior · commit 0e71f1fb2dd5 · 2022-08-31T00:25:31.000-05:00
Signed-off-by: junior &lt;junior@users.noreply.github.com&gt;
diff --git a/modules/oke-node-pool/main.tf b/modules/oke-node-pool/main.tf
@@ -5,11 +5,11 @@
 resource "oci_containerengine_node_pool" "oke_node_pool" {
   cluster_id         = var.oke_cluster_ocid
   compartment_id     = var.oke_cluster_compartment_ocid
-  kubernetes_version = (var.k8s_version == "Latest") ? local.node_pool_k8s_latest_version : var.k8s_version
+  kubernetes_version = local.node_k8s_version
   name               = var.node_pool_name
   node_shape         = var.node_pool_shape
-  ssh_public_key     = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.public_key_openssh : var.public_ssh_key
-  freeform_tags      = local.freeform_deployment_tags
+  ssh_public_key     = var.public_ssh_key
+  freeform_tags      = var.freeform_deployment_tags
 
   node_config_details {
     dynamic "placement_configs" {
@@ -24,9 +24,9 @@ resource "oci_containerengine_node_pool" "oke_node_pool" {
       cni_type = "FLANNEL_OVERLAY"
     }
     # nsg_ids       = []
-    size          = var.num_pool_workers
-    kms_key_id    = var.oci_vault_key_id_oke_node_boot_volume ? var.oci_vault_key_id_oke_node_boot_volume : null
-    freeform_tags = local.freeform_deployment_tags
+    size          = var.node_pool_min_nodes
+    kms_key_id    = var.oci_vault_key_id_oke_node_boot_volume != "" ? var.oci_vault_key_id_oke_node_boot_volume : null
+    freeform_tags = var.freeform_deployment_tags
   }
 
   dynamic "node_shape_config" {
@@ -53,7 +53,7 @@ resource "oci_containerengine_node_pool" "oke_node_pool" {
     value = var.node_pool_name
   }
 
-  # count = var.create_new_oke_cluster ? 1 : 0
+  count = var.create_new_node_pool ? 1 : 0
 }
 
 locals {
@@ -62,10 +62,5 @@ locals {
 
   # Gets the latest Kubernetes version supported by the node pool
   node_pool_k8s_latest_version = reverse(sort(data.oci_containerengine_node_pool_option.node_pool.kubernetes_versions))[0]
+  node_k8s_version             = (var.node_k8s_version == "Latest") ? local.node_pool_k8s_latest_version : var.node_k8s_version
 }
-
-# Generate ssh keys to access Worker Nodes, if generate_public_ssh_key=true, applies to the pool
-resource "tls_private_key" "oke_worker_node_ssh_key" {
-  algorithm = "RSA"
-  rsa_bits  = 2048
-}
diff --git a/modules/oke-node-pool/outputs.tf b/modules/oke-node-pool/outputs.tf
@@ -2,11 +2,18 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
 # 
 
-### Important Security Notice ###
-# The private key generated by this resource will be stored unencrypted in your Terraform state file. 
-# Use of this resource for production deployments is not recommended. 
-# Instead, generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run.
-output "generated_private_key_pem" {
-  value     = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.private_key_pem : "No Keys Auto Generated"
-  sensitive = true
-}
+output "node_pool_name" {
+  value = oci_containerengine_node_pool.oke_node_pool.0.name
+}
+output "node_pool_min_nodes" {
+  value = var.node_pool_min_nodes
+}
+output "node_pool_max_nodes" {
+  value = var.node_pool_max_nodes
+}
+output "node_pool_id" {
+  value = oci_containerengine_node_pool.oke_node_pool.0.id
+}
+output "node_k8s_version" {
+  value = local.node_k8s_version
+}
diff --git a/modules/oke-node-pool/variables.tf b/modules/oke-node-pool/variables.tf
@@ -12,26 +12,12 @@ variable "oke_cluster_compartment_ocid" {
   type        = string
 }
 
-## App Variables
-variable "app_name" {
-  default     = "OKE App"
-  description = "Application name. Will be used as prefix to identify resources, such as OKE, VCN, ATP, and others"
-}
-variable "app_deployment_environment" {
-  default     = "generic" # e.g.: Development, QA, Stage, ...
-  description = "Deployment environment for the freeform tags"
-}
-variable "app_deployment_type" {
-  default     = "generic" # e.g.: App Type 1, App Type 2, Red, Purple, ...
-  description = "Deployment type for the freeform tags"
-}
-variable "deploy_id" {
-  default     = ""
-  description = "Deployment ID"
-}
-
 ## Node Pool Variables
-variable "k8s_version" {
+variable "create_new_node_pool" {
+  default     = true
+  description = "Create a new node pool if true or use an existing one if false"
+}
+variable "node_k8s_version" {
   description = "Kubernetes version installed on your worker nodes"
   type        = string
   default     = "Latest"
@@ -40,10 +26,14 @@ variable "node_pool_name" {
   default     = "pool1"
   description = "Name of the node pool"
 }
-variable "num_pool_workers" {
+variable "node_pool_min_nodes" {
   default     = 3
   description = "The number of worker nodes in the node pool. If select Cluster Autoscaler, will assume the minimum number of nodes configured"
 }
+variable "node_pool_max_nodes" {
+  default     = 3
+  description = "The max number of worker nodes in the node pool if using Cluster Autoscaler."
+}
 variable "node_pool_shape" {
   default     = "VM.Standard.E4.Flex"
   description = "A shape is a template that determines the number of OCPUs, amount of memory, and other resources allocated to a newly created instance for the Worker Node"
@@ -68,9 +58,6 @@ variable "node_pool_boot_volume_size_in_gbs" {
   default     = "50"
   description = "Specify a custom boot volume size (in GB)"
 }
-variable "generate_public_ssh_key" {
-  default = true
-}
 variable "public_ssh_key" {
   default     = ""
   description = "In order to access your private nodes with a public SSH key you will need to set up a bastion host (a.k.a. jump box). If using public nodes, bastion is not needed. Left blank to not import keys."
@@ -94,19 +81,10 @@ variable "tenancy_ocid" {}
 
 # App Name Locals
 locals {
-  app_name_normalized = substr(replace(lower(var.app_name), " ", "-"), 0, 6)
+  app_name_normalized = substr(replace(lower(var.freeform_deployment_tags.AppName), " ", "-"), 0, 6)
 }
 
-# Deployment Details
-variable "app_details" {
-  description = "App Details"
-}
-
-# Deployment Tags
-locals {
-  freeform_deployment_tags = {
-    "DeploymentID" = "${var.app_details.app_deployment_id}",
-    "AppName"      = "${var.app_details.app_name}",
-    "Environment"  = "${var.app_details.app_deployment_environment}",
-  "DeploymentType" = "${var.app_details.app_deployment_type}" }
+# Deployment Details + Freeform Tags
+variable "freeform_deployment_tags" {
+  description = "Tags to be added to the resources"
 }
diff --git a/modules/oke/main.tf b/modules/oke/main.tf
@@ -5,10 +5,10 @@
 resource "oci_containerengine_cluster" "oke_cluster" {
   compartment_id     = local.oke_compartment_ocid
   kubernetes_version = (var.k8s_version == "Latest") ? local.cluster_k8s_latest_version : var.k8s_version
-  name               = "${var.app_name} (${random_string.deploy_id.result})"
+  name               = "${local.app_name} (${local.deploy_id})"
   vcn_id             = oci_core_virtual_network.oke_vcn[0].id
-  kms_key_id         = var.oci_vault_key_id_oke_secrets ? var.oci_vault_key_id_oke_secrets : null
-  freeform_tags      = local.freeform_deployment_tags
+  kms_key_id         = var.oci_vault_key_id_oke_secrets != "" ? var.oci_vault_key_id_oke_secrets : null
+  freeform_tags      = var.freeform_deployment_tags
 
   endpoint_config {
     is_public_ip_enabled = (var.cluster_endpoint_visibility == "Private") ? false : true
@@ -29,16 +29,16 @@ resource "oci_containerengine_cluster" "oke_cluster" {
       pods_cidr     = lookup(var.network_cidrs, "PODS-CIDR")
     }
     persistent_volume_config {
-      freeform_tags = local.freeform_deployment_tags
+      freeform_tags = var.freeform_deployment_tags
     }
     service_lb_config {
-      freeform_tags = local.freeform_deployment_tags
+      freeform_tags = var.freeform_deployment_tags
     }
   }
   image_policy_config {
     is_policy_enabled = false
     # key_details {
-    #   # kms_key_id = var.oci_vault_key_id_oke_image_policy ? var.oci_vault_key_id_oke_image_policy : null
+    #   # kms_key_id = var.oci_vault_key_id_oke_image_policy != "" ? var.oci_vault_key_id_oke_image_policy : null
     # }
   }
   cluster_pod_network_options {
@@ -117,33 +117,12 @@ resource "oci_containerengine_cluster" "oke_cluster" {
 # Local kubeconfig for when using Terraform locally. Not used by Oracle Resource Manager
 resource "local_file" "oke_kubeconfig" {
   content  = data.oci_containerengine_cluster_kube_config.oke.content
-  filename = "${path.module}/generated/kubeconfig"
+  filename = "${path.root}/generated/kubeconfig"
 }
 
-# # Generate ssh keys to access Worker Nodes, if generate_public_ssh_key=true, applies to the pool
-# resource "tls_private_key" "oke_worker_node_ssh_key" {
-#   algorithm = "RSA"
-#   rsa_bits  = 2048
-# }
-
 # Get OKE options
 locals {
-  cluster_k8s_latest_version   = reverse(sort(data.oci_containerengine_cluster_option.oke.kubernetes_versions))[0]
-  # node_pool_k8s_latest_version = reverse(sort(data.oci_containerengine_node_pool_option.oke.kubernetes_versions))[0]
+  cluster_k8s_latest_version = reverse(sort(data.oci_containerengine_cluster_option.oke.kubernetes_versions))[0]
   deployed_k8s_version = var.create_new_oke_cluster ? ((var.k8s_version == "Latest") ? local.cluster_k8s_latest_version : var.k8s_version) : [
   for x in data.oci_containerengine_clusters.oke.clusters : x.kubernetes_version if x.id == var.existent_oke_cluster_id][0]
 }
-
-# # Checks if is using Flexible Compute Shapes
-# locals {
-#   # is_flexible_node_shape = contains(local.compute_flexible_shapes, var.node_pool_shape)
-#   is_flexible_node_shape = contains(split(".", var.node_pool_shape), "Flex")
-# }
-
-output "debug_k8s_version_calculated" {
-  value = ((var.k8s_version == "Latest") ? local.cluster_k8s_latest_version : var.k8s_version)
-}
-
-output "debug_k8s_version_var" {
-  value = var.k8s_version
-}
diff --git a/modules/oke/network.tf b/modules/oke/network.tf
@@ -5,52 +5,52 @@
 resource "oci_core_virtual_network" "oke_vcn" {
   cidr_block     = lookup(var.network_cidrs, "VCN-CIDR")
   compartment_id = local.oke_compartment_ocid
-  display_name   = "OKE ${var.app_name} VCN - ${random_string.deploy_id.result}"
-  dns_label      = "oke${random_string.deploy_id.result}"
-  freeform_tags  = local.freeform_deployment_tags
+  display_name   = "OKE ${local.app_name} VCN - ${local.deploy_id}"
+  dns_label      = "oke${local.deploy_id}"
+  freeform_tags  = var.freeform_deployment_tags
 
   count = var.create_new_oke_cluster ? 1 : 0
 }
 
 resource "oci_core_subnet" "oke_k8s_endpoint_subnet" {
   cidr_block                 = lookup(var.network_cidrs, "ENDPOINT-SUBNET-REGIONAL-CIDR")
   compartment_id             = local.oke_compartment_ocid
-  display_name               = "oke-k8s-endpoint-subnet-${local.app_name_normalized}-${random_string.deploy_id.result}"
-  dns_label                  = "okek8sn${random_string.deploy_id.result}"
+  display_name               = "oke-k8s-endpoint-subnet-${local.app_name_normalized}-${local.deploy_id}"
+  dns_label                  = "okek8sn${local.deploy_id}"
   vcn_id                     = oci_core_virtual_network.oke_vcn[0].id
   prohibit_public_ip_on_vnic = (var.cluster_endpoint_visibility == "Private") ? true : false
   route_table_id             = (var.cluster_endpoint_visibility == "Private") ? oci_core_route_table.oke_private_route_table[0].id : oci_core_route_table.oke_public_route_table[0].id
   dhcp_options_id            = oci_core_virtual_network.oke_vcn[0].default_dhcp_options_id
   security_list_ids          = [oci_core_security_list.oke_endpoint_security_list[0].id]
-  freeform_tags              = local.freeform_deployment_tags
+  freeform_tags              = var.freeform_deployment_tags
 
   count = var.create_new_oke_cluster ? 1 : 0
 }
 resource "oci_core_subnet" "oke_nodes_subnet" {
   cidr_block                 = lookup(var.network_cidrs, "SUBNET-REGIONAL-CIDR")
   compartment_id             = local.oke_compartment_ocid
-  display_name               = "oke-nodes-subnet-${local.app_name_normalized}-${random_string.deploy_id.result}"
-  dns_label                  = "okenodesn${random_string.deploy_id.result}"
+  display_name               = "oke-nodes-subnet-${local.app_name_normalized}-${local.deploy_id}"
+  dns_label                  = "okenodesn${local.deploy_id}"
   vcn_id                     = oci_core_virtual_network.oke_vcn[0].id
   prohibit_public_ip_on_vnic = (var.cluster_workers_visibility == "Private") ? true : false
   route_table_id             = (var.cluster_workers_visibility == "Private") ? oci_core_route_table.oke_private_route_table[0].id : oci_core_route_table.oke_public_route_table[0].id
   dhcp_options_id            = oci_core_virtual_network.oke_vcn[0].default_dhcp_options_id
   security_list_ids          = [oci_core_security_list.oke_nodes_security_list[0].id]
-  freeform_tags              = local.freeform_deployment_tags
+  freeform_tags              = var.freeform_deployment_tags
 
   count = var.create_new_oke_cluster ? 1 : 0
 }
 resource "oci_core_subnet" "oke_lb_subnet" {
   cidr_block                 = lookup(var.network_cidrs, "LB-SUBNET-REGIONAL-CIDR")
   compartment_id             = local.oke_compartment_ocid
-  display_name               = "oke-lb-subnet-${local.app_name_normalized}-${random_string.deploy_id.result}"
-  dns_label                  = "okelbsn${random_string.deploy_id.result}"
+  display_name               = "oke-lb-subnet-${local.app_name_normalized}-${local.deploy_id}"
+  dns_label                  = "okelbsn${local.deploy_id}"
   vcn_id                     = oci_core_virtual_network.oke_vcn[0].id
   prohibit_public_ip_on_vnic = false
   route_table_id             = oci_core_route_table.oke_public_route_table[0].id
   dhcp_options_id            = oci_core_virtual_network.oke_vcn[0].default_dhcp_options_id
   security_list_ids          = [oci_core_security_list.oke_lb_security_list[0].id]
-  freeform_tags              = local.freeform_deployment_tags
+  freeform_tags              = var.freeform_deployment_tags
 
   count = var.create_new_oke_cluster ? 1 : 0
 }
@@ -72,8 +72,8 @@ resource "oci_core_subnet" "oke_lb_subnet" {
 resource "oci_core_route_table" "oke_private_route_table" {
   compartment_id = local.oke_compartment_ocid
   vcn_id         = oci_core_virtual_network.oke_vcn[0].id
-  display_name   = "oke-private-route-table-${local.app_name_normalized}-${random_string.deploy_id.result}"
-  freeform_tags  = local.freeform_deployment_tags
+  display_name   = "oke-private-route-table-${local.app_name_normalized}-${local.deploy_id}"
+  freeform_tags  = var.freeform_deployment_tags
 
   route_rules {
     description       = "Traffic to the internet"
@@ -93,8 +93,8 @@ resource "oci_core_route_table" "oke_private_route_table" {
 resource "oci_core_route_table" "oke_public_route_table" {
   compartment_id = local.oke_compartment_ocid
   vcn_id         = oci_core_virtual_network.oke_vcn[0].id
-  display_name   = "oke-public-route-table-${local.app_name_normalized}-${random_string.deploy_id.result}"
-  freeform_tags  = local.freeform_deployment_tags
+  display_name   = "oke-public-route-table-${local.app_name_normalized}-${local.deploy_id}"
+  freeform_tags  = var.freeform_deployment_tags
 
   route_rules {
     description       = "Traffic to/from internet"
@@ -124,28 +124,28 @@ resource "oci_core_route_table" "oke_public_route_table" {
 resource "oci_core_nat_gateway" "oke_nat_gateway" {
   block_traffic  = "false"
   compartment_id = local.oke_compartment_ocid
-  display_name   = "oke-nat-gateway-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  display_name   = "oke-nat-gateway-${local.app_name_normalized}-${local.deploy_id}"
   vcn_id         = oci_core_virtual_network.oke_vcn[0].id
-  freeform_tags  = local.freeform_deployment_tags
+  freeform_tags  = var.freeform_deployment_tags
 
   count = var.create_new_oke_cluster ? 1 : 0
 }
 
 resource "oci_core_internet_gateway" "oke_internet_gateway" {
   compartment_id = local.oke_compartment_ocid
-  display_name   = "oke-internet-gateway-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  display_name   = "oke-internet-gateway-${local.app_name_normalized}-${local.deploy_id}"
   enabled        = true
   vcn_id         = oci_core_virtual_network.oke_vcn[0].id
-  freeform_tags  = local.freeform_deployment_tags
+  freeform_tags  = var.freeform_deployment_tags
 
   count = var.create_new_oke_cluster ? 1 : 0
 }
 
 resource "oci_core_service_gateway" "oke_service_gateway" {
   compartment_id = local.oke_compartment_ocid
-  display_name   = "oke-service-gateway-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  display_name   = "oke-service-gateway-${local.app_name_normalized}-${local.deploy_id}"
   vcn_id         = oci_core_virtual_network.oke_vcn[0].id
-  freeform_tags  = local.freeform_deployment_tags
+  freeform_tags  = var.freeform_deployment_tags
 
   services {
     service_id = lookup(data.oci_core_services.all_services.services[0], "id")
diff --git a/modules/oke/oke-orm-private-endpoint.tf b/modules/oke/oke-orm-private-endpoint.tf
@@ -9,11 +9,11 @@
 
 resource "oci_resourcemanager_private_endpoint" "private_kubernetes_endpoint" {
   compartment_id = local.oke_compartment_ocid
-  display_name   = "Private Endpoint for OKE ${var.app_name} - ${random_string.deploy_id.result}"
-  description    = "Resource Manager Private Endpoint for OKE for the ${var.app_name} - ${random_string.deploy_id.result}"
+  display_name   = "Private Endpoint for OKE ${local.app_name} - ${local.deploy_id}"
+  description    = "Resource Manager Private Endpoint for OKE for the ${local.app_name} - ${local.deploy_id}"
   vcn_id         = oci_core_virtual_network.oke_vcn[0].id
   subnet_id      = oci_core_subnet.oke_k8s_endpoint_subnet[0].id
-  freeform_tags  = local.freeform_deployment_tags
+  freeform_tags  = var.freeform_deployment_tags
 
   count = var.create_new_oke_cluster ? ((var.cluster_endpoint_visibility == "Private") ? 1 : 0) : 0
 }
diff --git a/modules/oke/outputs.tf b/modules/oke/outputs.tf
@@ -5,9 +5,9 @@
 output "comments" {
   value = "The application URL will be unavailable for a few minutes after provisioning while the application is configured and deployed to Kubernetes"
 }
-output "deploy_id" {
-  value = random_string.deploy_id.result
-}
+# output "deploy_id" {
+#   value = random_string.deploy_id.result
+# }
 output "deployed_oke_kubernetes_version" {
   value = local.deployed_k8s_version
 }
diff --git a/modules/oke/policies.tf b/modules/oke/policies.tf
diff --git a/modules/oke/security-lists.tf b/modules/oke/security-lists.tf
diff --git a/modules/oke/variables.tf b/modules/oke/variables.tf

Original file line number	Diff line number	Diff line change
`@@ -5,9 +5,9 @@`
`5`	`5`	`output "comments" {`
`6`	`6`	`value = "The application URL will be unavailable for a few minutes after provisioning while the application is configured and deployed to Kubernetes"`
`7`	`7`	`}`
`8`		`-output "deploy_id" {`
`9`		`- value = random_string.deploy_id.result`
`10`		`-}`
	`8`	`+# output "deploy_id" {`
	`9`	`+# value = random_string.deploy_id.result`
	`10`	`+# }`
`11`	`11`	`output "deployed_oke_kubernetes_version" {`
`12`	`12`	`value = local.deployed_k8s_version`
`13`	`13`	`}`