Merge pull request #19 from junior/5G-example

support to create extra subnets externally with oke

Author: junior

VERSION

@@ -1 +1 @@
-0.8.6
+0.8.7

defaults.tf

@@ -81,6 +81,7 @@ locals {
     #   node_pool_node_shape_config_memory_in_gbs = 1
     #   node_pool_boot_volume_size_in_gbs         = "100"
     #   existent_oke_nodepool_id_for_autoscaler   = null
+    #   node_pool_alternative_subnet              = null # Optional, name of previously created subnet
     #   image_operating_system                    = null
     #   image_operating_system_version            = null
     #   extra_initial_node_labels                 = [{ key = "app.pixel/gpu", value = "true" }]
@@ -94,14 +95,16 @@ locals {
     # {
     #   subnet_name                = "opensearch_subnet"
     #   cidr_block                 = cidrsubnet(local.vcn_cidr_blocks[0], 8, 35) # e.g.: "10.20.35.0/24" = 254 usable IPs (10.20.35.0 - 10.20.35.255)
-    #   display_name               = "OCI OpenSearch Service subnet (${local.deploy_id})"
-    #   dns_label                  = "opensearch${local.deploy_id}"
+    #   display_name               = "OCI OpenSearch Service subnet (${local.deploy_id})" # If null, is autogenerated
+    #   dns_label                  = "opensearch${local.deploy_id}" # If null, disable dns label
     #   prohibit_public_ip_on_vnic = false
     #   prohibit_internet_ingress  = false
-    #   route_table_id             = module.route_tables["public"].route_table_id
-    #   dhcp_options_id            = module.vcn.default_dhcp_options_id
-    #   security_list_ids          = [module.security_lists["opensearch_security_list"].security_list_id]
-    #   ipv6cidr_block             = null
+    #   route_table_id             = module.route_tables["public"].route_table_id # If null, the VCN's default route table is used
+    #   alternative_route_table    = null # Optional, Name of the previously created route table
+    #   dhcp_options_id            = module.vcn.default_dhcp_options_id # If null, the VCN's default set of DHCP options is used
+    #   security_list_ids          = [module.security_lists["opensearch_security_list"].security_list_id] # If null, the VCN's default security list is used
+    #   alternative_security_list  = null # Optional, Name of the previously created security list
+    #   ipv6cidr_block             = null # If null, no IPv6 CIDR block is assigned
     # },
   ]
 }

main.tf

@@ -126,7 +126,10 @@ module "oke_node_pool" {
   cni_type                                  = each.value.cni_type
 
   # OKE Network Details
-  nodes_subnet_id                       = local.create_subnets ? module.subnets["oke_nodes_subnet"].subnet_id : var.existent_oke_nodes_subnet_ocid
+  # nodes_subnet_id                       = local.create_subnets ? module.subnets["oke_nodes_subnet"].subnet_id : var.existent_oke_nodes_subnet_ocid
+  nodes_subnet_id = (local.create_subnets ? (anytrue([(each.value.node_pool_alternative_subnet == ""), (each.value.node_pool_alternative_subnet == null)])
+    ? module.subnets["oke_nodes_subnet"].subnet_id : module.subnets[each.value.node_pool_alternative_subnet].subnet_id)
+  : var.existent_oke_nodes_subnet_ocid)
   vcn_native_pod_networking_subnet_ocid = each.value.cni_type == "OCI_VCN_IP_NATIVE" ? (local.create_subnets ? module.subnets["oke_pods_network_subnet"].subnet_id : var.existent_oke_vcn_native_pod_networking_subnet_ocid) : ""
 
   # Encryption (OCI Vault/Key Management/KMS)
@@ -145,6 +148,7 @@ locals {
       node_pool_node_shape_config_memory_in_gbs = var.node_pool_instance_shape_1.memory
       node_pool_boot_volume_size_in_gbs         = var.node_pool_boot_volume_size_in_gbs_1
       existent_oke_nodepool_id_for_autoscaler   = var.existent_oke_nodepool_id_for_autoscaler_1
+      node_pool_alternative_subnet              = null
       image_operating_system                    = var.image_operating_system_1
       image_operating_system_version            = var.image_operating_system_version_1
       extra_initial_node_labels                 = var.extra_initial_node_labels_1
@@ -201,8 +205,10 @@ locals {
       prohibit_public_ip_on_vnic = (var.cluster_endpoint_visibility == "Private") ? true : false
       prohibit_internet_ingress  = (var.cluster_endpoint_visibility == "Private") ? true : false
       route_table_id             = (var.cluster_endpoint_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
+      alternative_route_table    = null
       dhcp_options_id            = module.vcn.default_dhcp_options_id
       security_list_ids          = [module.security_lists["oke_endpoint_security_list"].security_list_id]
+      alternative_security_list  = null
       ipv6cidr_block             = null
     },
     {
@@ -213,8 +219,10 @@ locals {
       prohibit_public_ip_on_vnic = (var.cluster_workers_visibility == "Private") ? true : false
       prohibit_internet_ingress  = (var.cluster_workers_visibility == "Private") ? true : false
       route_table_id             = (var.cluster_workers_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
+      alternative_route_table    = null
       dhcp_options_id            = module.vcn.default_dhcp_options_id
       security_list_ids          = [module.security_lists["oke_nodes_security_list"].security_list_id]
+      alternative_security_list  = null
       ipv6cidr_block             = null
     },
     {
@@ -225,8 +233,10 @@ locals {
       prohibit_public_ip_on_vnic = (var.cluster_load_balancer_visibility == "Private") ? true : false
       prohibit_internet_ingress  = (var.cluster_load_balancer_visibility == "Private") ? true : false
       route_table_id             = (var.cluster_load_balancer_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
+      alternative_route_table    = null
       dhcp_options_id            = module.vcn.default_dhcp_options_id
       security_list_ids          = [module.security_lists["oke_lb_security_list"].security_list_id]
+      alternative_security_list  = null
       ipv6cidr_block             = null
     }
   ]
@@ -239,8 +249,10 @@ locals {
       prohibit_public_ip_on_vnic = (var.pods_network_visibility == "Private") ? true : false
       prohibit_internet_ingress  = (var.pods_network_visibility == "Private") ? true : false
       route_table_id             = (var.pods_network_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id
+      alternative_route_table    = null
       dhcp_options_id            = module.vcn.default_dhcp_options_id
       security_list_ids          = [module.security_lists["oke_pod_network_security_list"].security_list_id]
+      alternative_security_list  = null
       ipv6cidr_block             = null
   }] : []
   subnet_bastion           = []

oci-networking.tf

@@ -64,10 +64,14 @@ module "subnets" {
   dns_label                  = each.value.dns_label    # If null, is autogenerated
   prohibit_public_ip_on_vnic = each.value.prohibit_public_ip_on_vnic
   prohibit_internet_ingress  = each.value.prohibit_internet_ingress
-  route_table_id             = each.value.route_table_id    # If null, the VCN's default route table is used
-  dhcp_options_id            = each.value.dhcp_options_id   # If null, the VCN's default set of DHCP options is used
-  security_list_ids          = each.value.security_list_ids # If null, the VCN's default security list is used
-  ipv6cidr_block             = each.value.ipv6cidr_block    # If null, no IPv6 CIDR block is assigned
+  route_table_id = (anytrue([(each.value.alternative_route_table == ""), (each.value.alternative_route_table == null)])
+    ? each.value.route_table_id
+  : module.route_tables[each.value.alternative_route_table].route_table_id)                                                    # If null, the VCN's default route table is used
+  dhcp_options_id = each.value.dhcp_options_id                                                                                 # If null, the VCN's default set of DHCP options is used
+  security_list_ids = (anytrue([(each.value.alternative_security_list == ""), (each.value.alternative_security_list == null)]) # If null, the VCN's default security list is used
+    ? each.value.security_list_ids
+  : [module.security_lists[each.value.alternative_security_list].security_list_id])
+  ipv6cidr_block = each.value.ipv6cidr_block # If null, no IPv6 CIDR block is assigned
 }
 
 ################################################################################