Merge pull request #20 from junior/5G-example

junior · web-flow · commit 2d4bc91f04d1 · 2022-12-02T23:07:22.000-06:00
version 0.8.8
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.8.7
+0.8.8
diff --git a/defaults.tf b/defaults.tf
@@ -100,10 +100,10 @@ locals {
     #   prohibit_public_ip_on_vnic = false
     #   prohibit_internet_ingress  = false
     #   route_table_id             = module.route_tables["public"].route_table_id # If null, the VCN's default route table is used
-    #   alternative_route_table    = null # Optional, Name of the previously created route table
+    #   alternative_route_table_name    = null # Optional, Name of the previously created route table
     #   dhcp_options_id            = module.vcn.default_dhcp_options_id # If null, the VCN's default set of DHCP options is used
     #   security_list_ids          = [module.security_lists["opensearch_security_list"].security_list_id] # If null, the VCN's default security list is used
-    #   alternative_security_list  = null # Optional, Name of the previously created security list
+    #   extra_security_list_names  = [] # Optional, Names of the previously created security lists
     #   ipv6cidr_block             = null # If null, no IPv6 CIDR block is assigned
     # },
   ]
diff --git a/main.tf b/main.tf
@@ -198,62 +198,62 @@ locals {
   subnets_oke = concat(local.subnets_oke_standard, local.subnet_vcn_native_pod_networking, local.subnet_bastion, local.subnet_fss_mount_targets)
   subnets_oke_standard = [
     {
-      subnet_name                = "oke_k8s_endpoint_subnet"
-      cidr_block                 = lookup(local.network_cidrs, "ENDPOINT-REGIONAL-SUBNET-CIDR")
-      display_name               = "OKE K8s Endpoint subnet (${local.deploy_id})"
-      dns_label                  = "okek8s${local.deploy_id}"
-      prohibit_public_ip_on_vnic = (var.cluster_endpoint_visibility == "Private") ? true : false
-      prohibit_internet_ingress  = (var.cluster_endpoint_visibility == "Private") ? true : false
-      route_table_id             = (var.cluster_endpoint_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
-      alternative_route_table    = null
-      dhcp_options_id            = module.vcn.default_dhcp_options_id
-      security_list_ids          = [module.security_lists["oke_endpoint_security_list"].security_list_id]
-      alternative_security_list  = null
-      ipv6cidr_block             = null
+      subnet_name                  = "oke_k8s_endpoint_subnet"
+      cidr_block                   = lookup(local.network_cidrs, "ENDPOINT-REGIONAL-SUBNET-CIDR")
+      display_name                 = "OKE K8s Endpoint subnet (${local.deploy_id})"
+      dns_label                    = "okek8s${local.deploy_id}"
+      prohibit_public_ip_on_vnic   = (var.cluster_endpoint_visibility == "Private") ? true : false
+      prohibit_internet_ingress    = (var.cluster_endpoint_visibility == "Private") ? true : false
+      route_table_id               = (var.cluster_endpoint_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
+      alternative_route_table_name = null
+      dhcp_options_id              = module.vcn.default_dhcp_options_id
+      security_list_ids            = [module.security_lists["oke_endpoint_security_list"].security_list_id]
+      extra_security_list_names    = anytrue([(var.extra_security_list_name_for_api_endpoint == ""), (var.extra_security_list_name_for_api_endpoint == null)]) ? [] : [var.extra_security_list_name_for_api_endpoint]
+      ipv6cidr_block               = null
     },
     {
-      subnet_name                = "oke_nodes_subnet"
-      cidr_block                 = lookup(local.network_cidrs, "NODES-REGIONAL-SUBNET-CIDR")
-      display_name               = "OKE Nodes subnet (${local.deploy_id})"
-      dns_label                  = "okenodes${local.deploy_id}"
-      prohibit_public_ip_on_vnic = (var.cluster_workers_visibility == "Private") ? true : false
-      prohibit_internet_ingress  = (var.cluster_workers_visibility == "Private") ? true : false
-      route_table_id             = (var.cluster_workers_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
-      alternative_route_table    = null
-      dhcp_options_id            = module.vcn.default_dhcp_options_id
-      security_list_ids          = [module.security_lists["oke_nodes_security_list"].security_list_id]
-      alternative_security_list  = null
-      ipv6cidr_block             = null
+      subnet_name                  = "oke_nodes_subnet"
+      cidr_block                   = lookup(local.network_cidrs, "NODES-REGIONAL-SUBNET-CIDR")
+      display_name                 = "OKE Nodes subnet (${local.deploy_id})"
+      dns_label                    = "okenodes${local.deploy_id}"
+      prohibit_public_ip_on_vnic   = (var.cluster_workers_visibility == "Private") ? true : false
+      prohibit_internet_ingress    = (var.cluster_workers_visibility == "Private") ? true : false
+      route_table_id               = (var.cluster_workers_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
+      alternative_route_table_name = null
+      dhcp_options_id              = module.vcn.default_dhcp_options_id
+      security_list_ids            = [module.security_lists["oke_nodes_security_list"].security_list_id]
+      extra_security_list_names    = anytrue([(var.extra_security_list_name_for_nodes == ""), (var.extra_security_list_name_for_nodes == null)]) ? [] : [var.extra_security_list_name_for_nodes]
+      ipv6cidr_block               = null
     },
     {
-      subnet_name                = "oke_lb_subnet"
-      cidr_block                 = lookup(local.network_cidrs, "LB-REGIONAL-SUBNET-CIDR")
-      display_name               = "OKE LoadBalancers subnet (${local.deploy_id})"
-      dns_label                  = "okelb${local.deploy_id}"
-      prohibit_public_ip_on_vnic = (var.cluster_load_balancer_visibility == "Private") ? true : false
-      prohibit_internet_ingress  = (var.cluster_load_balancer_visibility == "Private") ? true : false
-      route_table_id             = (var.cluster_load_balancer_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
-      alternative_route_table    = null
-      dhcp_options_id            = module.vcn.default_dhcp_options_id
-      security_list_ids          = [module.security_lists["oke_lb_security_list"].security_list_id]
-      alternative_security_list  = null
-      ipv6cidr_block             = null
+      subnet_name                  = "oke_lb_subnet"
+      cidr_block                   = lookup(local.network_cidrs, "LB-REGIONAL-SUBNET-CIDR")
+      display_name                 = "OKE LoadBalancers subnet (${local.deploy_id})"
+      dns_label                    = "okelb${local.deploy_id}"
+      prohibit_public_ip_on_vnic   = (var.cluster_load_balancer_visibility == "Private") ? true : false
+      prohibit_internet_ingress    = (var.cluster_load_balancer_visibility == "Private") ? true : false
+      route_table_id               = (var.cluster_load_balancer_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
+      alternative_route_table_name = null
+      dhcp_options_id              = module.vcn.default_dhcp_options_id
+      security_list_ids            = [module.security_lists["oke_lb_security_list"].security_list_id]
+      extra_security_list_names    = []
+      ipv6cidr_block               = null
     }
   ]
   subnet_vcn_native_pod_networking = (var.create_pod_network_subnet || var.cluster_cni_type == "OCI_VCN_IP_NATIVE" || var.node_pool_cni_type_1 == "OCI_VCN_IP_NATIVE") ? [
     {
-      subnet_name                = "oke_pods_network_subnet"
-      cidr_block                 = lookup(local.network_cidrs, "VCN-NATIVE-POD-NETWORKING-REGIONAL-SUBNET-CIDR") # e.g.: 10.20.128.0/17 (1,1) = 32766 usable IPs (10.20.128.0 - 10.20.255.255)
-      display_name               = "OKE PODs Network subnet (${local.deploy_id})"
-      dns_label                  = "okenpn${local.deploy_id}"
-      prohibit_public_ip_on_vnic = (var.pods_network_visibility == "Private") ? true : false
-      prohibit_internet_ingress  = (var.pods_network_visibility == "Private") ? true : false
-      route_table_id             = (var.pods_network_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
-      alternative_route_table    = null
-      dhcp_options_id            = module.vcn.default_dhcp_options_id
-      security_list_ids          = [module.security_lists["oke_pod_network_security_list"].security_list_id]
-      alternative_security_list  = null
-      ipv6cidr_block             = null
+      subnet_name                  = "oke_pods_network_subnet"
+      cidr_block                   = lookup(local.network_cidrs, "VCN-NATIVE-POD-NETWORKING-REGIONAL-SUBNET-CIDR") # e.g.: 10.20.128.0/17 (1,1) = 32766 usable IPs (10.20.128.0 - 10.20.255.255)
+      display_name                 = "OKE PODs Network subnet (${local.deploy_id})"
+      dns_label                    = "okenpn${local.deploy_id}"
+      prohibit_public_ip_on_vnic   = (var.pods_network_visibility == "Private") ? true : false
+      prohibit_internet_ingress    = (var.pods_network_visibility == "Private") ? true : false
+      route_table_id               = (var.pods_network_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
+      alternative_route_table_name = null
+      dhcp_options_id              = module.vcn.default_dhcp_options_id
+      security_list_ids            = [module.security_lists["oke_pod_network_security_list"].security_list_id]
+      extra_security_list_names    = []
+      ipv6cidr_block               = null
   }] : []
   subnet_bastion           = []
   subnet_fss_mount_targets = [] # 10.20.20.64/26 (10,81) = 62 usable IPs (10.20.20.64 - 10.20.20.255)
diff --git a/oci-networking.tf b/oci-networking.tf
@@ -64,14 +64,16 @@ module "subnets" {
   dns_label                  = each.value.dns_label    # If null, is autogenerated
   prohibit_public_ip_on_vnic = each.value.prohibit_public_ip_on_vnic
   prohibit_internet_ingress  = each.value.prohibit_internet_ingress
-  route_table_id = (anytrue([(each.value.alternative_route_table == ""), (each.value.alternative_route_table == null)])
+  route_table_id = (anytrue([(each.value.alternative_route_table_name == ""), (each.value.alternative_route_table_name == null)])
     ? each.value.route_table_id
-  : module.route_tables[each.value.alternative_route_table].route_table_id)                                                    # If null, the VCN's default route table is used
-  dhcp_options_id = each.value.dhcp_options_id                                                                                 # If null, the VCN's default set of DHCP options is used
-  security_list_ids = (anytrue([(each.value.alternative_security_list == ""), (each.value.alternative_security_list == null)]) # If null, the VCN's default security list is used
-    ? each.value.security_list_ids
-  : [module.security_lists[each.value.alternative_security_list].security_list_id])
-  ipv6cidr_block = each.value.ipv6cidr_block # If null, no IPv6 CIDR block is assigned
+  : module.route_tables[each.value.alternative_route_table_name].route_table_id)                                                                        # If null, the VCN's default route table is used
+  dhcp_options_id   = each.value.dhcp_options_id                                                                                                        # If null, the VCN's default set of DHCP options is used
+  security_list_ids = concat(each.value.security_list_ids, [for v in each.value.extra_security_list_names : module.security_lists[v].security_list_id]) # If null, the VCN's default security list is used
+  ipv6cidr_block    = each.value.ipv6cidr_block                                                                                                         # If null, no IPv6 CIDR block is assigned
+
+  #   security_list_ids = (anytrue([(each.value.alternative_security_list == ""), (each.value.alternative_security_list == null)]) # If null, the VCN's default security list is used
+  #   ? each.value.security_list_ids
+  # : [module.security_lists[each.value.alternative_security_list].security_list_id])
 }
 
 ################################################################################
diff --git a/variables.tf b/variables.tf
@@ -107,6 +107,14 @@ variable "extra_security_lists" {
   default     = []
   description = "Extra security lists to be created."
 }
+variable "extra_security_list_name_for_api_endpoint" {
+  default     = null
+  description = "Extra security list name previosly created to be used by the K8s API Endpoint Subnet."
+}
+variable "extra_security_list_name_for_nodes" {
+  default     = null
+  description = "Extra security list name previosly created to be used by the Nodes Subnet."
+}
 
 ################################################################################
 # Variables: OKE Network
