2
2
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
3
3
#
4
4
5
+ module "vault" {
6
+ source = " ./modules/oci-vault-kms"
7
+
8
+ providers = {
9
+ oci = oci
10
+ oci.home_region = oci.home_region
11
+ }
12
+
13
+ # Oracle Cloud Infrastructure Tenancy and Compartment OCID
14
+ tenancy_ocid = var. tenancy_ocid
15
+
16
+ # App Details
17
+ app_details = local. app_details
18
+
19
+ # Encryption (OCI Vault/Key Management/KMS)
20
+ use_encryption_from_oci_vault = var. use_encryption_from_oci_vault
21
+ create_new_encryption_key = var. create_new_encryption_key
22
+ existent_encryption_key_id = var. existent_encryption_key_id
23
+
24
+ # OKE Cluster Details
25
+ oke_cluster_compartment_ocid = local. oke_compartment_ocid
26
+
27
+ # # Create Dynamic group and Policies for OCI Vault (Key Management/KMS)
28
+ create_dynamic_group_for_nodes_in_compartment = var. create_dynamic_group_for_nodes_in_compartment
29
+ create_compartment_policies = var. create_compartment_policies
30
+ create_vault_policies_for_group = var. create_vault_policies_for_group
31
+ }
32
+
5
33
module "oke" {
6
34
source = " ./modules/oke"
7
35
@@ -12,19 +40,18 @@ module "oke" {
12
40
13
41
# Oracle Cloud Infrastructure Tenancy and Compartment OCID
14
42
tenancy_ocid = var. tenancy_ocid
15
- compartment_ocid = var . compartment_ocid
43
+ compartment_ocid = local . oke_compartment_ocid
16
44
region = var. region
17
45
18
- # OKE Cluster
19
- app_name = var. app_name
20
- app_deployment_environment = var. app_deployment_environment
21
- app_deployment_type = var. app_deployment_type
46
+ # App Details
47
+ app_details = local. app_details
22
48
49
+ # OKE Cluster
23
50
# # create_new_oke_cluster
24
51
create_new_oke_cluster = var. create_new_oke_cluster
25
52
existent_oke_cluster_id = var. existent_oke_cluster_id
26
- create_new_compartment_for_oke = var. create_new_compartment_for_oke
27
- oke_compartment_description = var. oke_compartment_description
53
+ # create_new_compartment_for_oke = var.create_new_compartment_for_oke
54
+ # oke_compartment_description = var.oke_compartment_description
28
55
29
56
# # Cluster Workers visibility
30
57
cluster_workers_visibility = var. cluster_workers_visibility
@@ -40,26 +67,56 @@ module "oke" {
40
67
create_compartment_policies = var. create_compartment_policies
41
68
42
69
# # Encryption (OCI Vault/Key Management/KMS)
43
- use_encryption_from_oci_vault = var. use_encryption_from_oci_vault
44
- create_new_encryption_key = var. create_new_encryption_key
45
- existent_encryption_key_id = var. existent_encryption_key_id
70
+ oci_vault_key_id_oke_secrets = module. vault . oci_vault_key_id
71
+ oci_vault_key_id_oke_image_policy = module. vault . oci_vault_key_id
72
+ # use_encryption_from_oci_vault = var.use_encryption_from_oci_vault
73
+ # create_new_encryption_key = var.create_new_encryption_key
74
+ # existent_encryption_key_id = var.existent_encryption_key_id
46
75
47
76
# # Enable Cluster Autoscaler
48
77
cluster_autoscaler_enabled = var. cluster_autoscaler_enabled
49
78
# cluster_autoscaler_min_nodes = var.cluster_autoscaler_min_nodes
50
79
# cluster_autoscaler_max_nodes = var.cluster_autoscaler_max_nodes
51
80
# existent_oke_nodepool_id_for_autoscaler = var.existent_oke_nodepool_id_for_autoscaler
52
81
53
- # # OKE Worker Nodes (Compute)
54
- num_pool_workers = var. cluster_autoscaler_enabled ? var. cluster_autoscaler_min_nodes : var. num_pool_workers
82
+ # ## OKE Worker Nodes (Compute)
83
+ # num_pool_workers = var.cluster_autoscaler_enabled ? var.cluster_autoscaler_min_nodes : var.num_pool_workers
84
+ # node_pool_shape = var.node_pool_instance_shape.instanceShape
85
+ # node_pool_node_shape_config_ocpus = var.node_pool_instance_shape.ocpus
86
+ # node_pool_node_shape_config_memory_in_gbs = var.node_pool_instance_shape.memory
87
+ # generate_public_ssh_key = var.generate_public_ssh_key
88
+ # public_ssh_key = var.public_ssh_key
89
+ }
90
+
91
+ module "oke_node_pool" {
92
+ source = " ./modules/oke-node-pool"
93
+
94
+ # App Details
95
+ app_details = local. app_details
96
+
97
+ # Oracle Cloud Infrastructure Tenancy and Compartment OCID
98
+ tenancy_ocid = var. tenancy_ocid
99
+
100
+ # OKE Cluster Details
101
+ oke_cluster_ocid = module. oke . oke_cluster_ocid
102
+ oke_cluster_compartment_ocid = local. oke_compartment_ocid
103
+
104
+ # OKE Worker Nodes (Compute)
105
+ num_pool_workers = var. num_pool_workers
55
106
node_pool_shape = var. node_pool_instance_shape . instanceShape
56
107
node_pool_node_shape_config_ocpus = var. node_pool_instance_shape . ocpus
57
108
node_pool_node_shape_config_memory_in_gbs = var. node_pool_instance_shape . memory
58
109
generate_public_ssh_key = var. generate_public_ssh_key
59
110
public_ssh_key = var. public_ssh_key
111
+
112
+ # OKE Network Details
113
+ oke_vcn_nodes_subnet_ocid = module. oke . oke_vcn_nodes_subnet_ocid
114
+
115
+ # Encryption (OCI Vault/Key Management/KMS)
116
+ oci_vault_key_id_oke_node_boot_volume = module. vault . oci_vault_key_id
60
117
}
61
118
62
- module "oke-cluster-autoscaler " {
119
+ module "oke_cluster_autoscaler " {
63
120
source = " ./modules/oke-cluster-autoscaler"
64
121
65
122
# Oracle Cloud Infrastructure Tenancy and Compartment OCID
@@ -77,7 +134,7 @@ module "oke-cluster-autoscaler" {
77
134
# # Nodes Kubernetes Version
78
135
k8s_version = var. k8s_version
79
136
80
- depends_on = [module . oke ]
137
+ depends_on = [module . oke , module . oke_node_pool ]
81
138
}
82
139
83
140
# # OKE Cluster Details
@@ -242,13 +299,40 @@ variable "create_compartment_policies" {
242
299
description = " Creates policies that will reside on the compartment. e.g.: Policies to support Cluster Autoscaler, OCI Logging datasource on Grafana"
243
300
}
244
301
302
+ resource "random_string" "deploy_id" {
303
+ length = 4
304
+ special = false
305
+ }
306
+
307
+ resource "oci_identity_compartment" "oke_compartment" {
308
+ compartment_id = var. compartment_ocid
309
+ name = " ${ local . app_details . app_name_normalized } -${ local . deploy_id } "
310
+ description = " ${ var . app_name } ${ var . oke_compartment_description } (Deployment ${ local . deploy_id } )"
311
+ enable_delete = true
312
+
313
+ count = var. create_new_compartment_for_oke ? 1 : 0
314
+ }
315
+
316
+ # Locals
317
+ locals {
318
+ deploy_id = random_string. deploy_id . result
319
+ oke_compartment_ocid = var. create_new_compartment_for_oke ? oci_identity_compartment. oke_compartment . 0 . id : var. compartment_ocid
320
+ app_details = {
321
+ " app_name" = var.app_name
322
+ " app_name_normalized" = substr (replace (lower (var. app_name ), " " , " -" ), 0 , 6 )
323
+ " app_deployment_environment" = var.app_deployment_environment
324
+ " app_deployment_type" = var.app_deployment_type
325
+ " app_deployment_id" = local.deploy_id
326
+ }
327
+ }
328
+
245
329
# OKE Outputs
246
330
247
331
output "comments" {
248
332
value = module. oke . comments
249
333
}
250
334
output "deploy_id" {
251
- value = module . oke . deploy_id
335
+ value = local . deploy_id
252
336
}
253
337
output "deployed_oke_kubernetes_version" {
254
338
value = module. oke . deployed_oke_kubernetes_version
@@ -271,7 +355,7 @@ output "dev" {
271
355
# Use of this resource for production deployments is not recommended.
272
356
# Instead, generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run.
273
357
output "generated_private_key_pem" {
274
- value = module. oke . generated_private_key_pem
358
+ value = module. oke_node_pool . generated_private_key_pem
275
359
sensitive = true
276
360
}
277
361
0 commit comments