Merge pull request #31 from junior/example-using-existent-network

Example using existent network

Author: junior

README.md

@@ -18,7 +18,7 @@ $${\color{red}OKE \space Cluster \space deployment \space yet.}$$
 
 This module handles opinionated Oracle Container Engine for [Kubernetes][kubernetes_101] ([OKE][oke]) cluster creation on Oracle Cloud Infrastructure ([OCI][oci]). This module is designed to be used with the [OCI Resource Manager][oci_rm] to deploy a cluster in a single step. The module can also be used with the [OCI Terraform Provider][oci_tf_provider] to deploy a cluster using local or CloudShell Terraform cli.
 
->Note: This project is an alternative to easily create an OKE cluster without the need to use external workarounds and do not need to create compute bastions or jump servers, even if deploying using private endpoints. This is a __NO__(`null_resource` ,`remote_exec`, `operator instance`, `bastion_or_jump_server`, `out_of_tf_state_sh_scripts`) project
+>__Note__: This project is an alternative to easily create an OKE cluster without the need to use external workarounds and do not need to create compute bastions or jump servers, even if deploying using private endpoints. This is a __NO__(`null_resource` ,`remote_exec`, `operator instance`, `bastion_or_jump_server`, `out_of_tf_state_sh_scripts`) project
 
 Sub modules are provided to create a cluster with a single node pool, or a cluster with multiple node pools. Enables Cluster Autoscaler, OCI Vault(KMS) for customer-managed encryption keys for secrets, block volumes. The module also provides a sub module to create a cluster with a single node pool and a private endpoint to Oracle Resource Manager (ORM).
 
@@ -75,7 +75,7 @@ module "oke-quickstart" {
 
 ## Deploy Using Oracle Resource Manager
 
-> **_NOTE:_** If you aren't already signed in, when prompted, enter the tenancy and user credentials. Review and accept the terms and conditions.
+> ___NOTE:___ If you aren't already signed in, when prompted, enter the tenancy and user credentials. Review and accept the terms and conditions.
 
 1. Click to deploy the stack
 
@@ -103,7 +103,7 @@ Note: An example [tfvars file](examples/terraform.tfvars.example) is included fo
 preferred way to run the stack from the CLI, because of the large number of variables to manage.
 
 To use this file just copy the example [tfvars file](examples/terraform.tfvars.example) and save it in the outermost directory.
-Next, rename the file to **terraform.tfvars**. You can override the example values set in this file.
+Next, rename the file to __terraform.tfvars__. You can override the example values set in this file.
 
 ### Clone the Module
 
@@ -139,7 +139,7 @@ terraform destroy -refresh=false
 
 ## Terraform Variables
 
-A complete listing of the Terraform variables used in this stack are referenced [here](VARIABLES.md). 
+A complete listing of the Terraform variables used in this stack are referenced [here](VARIABLES.md).
 <!-- This document is automatically generated
 using the [terraform-docs](https://github.com/terraform-docs/terraform-docs) with the following command:
 

VERSION

@@ -1 +1 @@
-0.8.12
+0.8.15

defaults.tf

@@ -1,4 +1,4 @@
-# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2022-2023 Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
 # 
 
@@ -42,7 +42,7 @@ locals {
   node_pools                    = concat(local.node_pool_1, local.extra_node_pools, var.extra_node_pools)
   create_new_vcn                = (var.create_new_oke_cluster && var.create_new_vcn) ? true : false
   vcn_display_name              = "[${local.app_name}] VCN for OKE (${local.deploy_id})"
-  create_subnets                = (var.create_new_oke_cluster || var.create_subnets) ? true : false
+  create_subnets                = (var.create_subnets) ? true : false
   subnets                       = concat(local.subnets_oke, local.extra_subnets, var.extra_subnets)
   route_tables                  = concat(local.route_tables_oke, var.extra_route_tables)
   security_lists                = concat(local.security_lists_oke, var.extra_security_lists)

examples/5G-NF-Infra/networking.tf

@@ -301,8 +301,8 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5gc_signalling" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5GC-Signalling" }
   }
-  display_name  = "5GC-Signalling vnic Attachment"
-  instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
+  display_name = "5GC-Signalling vnic Attachment"
+  instance_id  = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 }
 resource "oci_core_vnic_attachment" "vnic_attachment_5gc_oam" {
   count = var.node_pool_initial_num_worker_nodes_1
@@ -313,8 +313,8 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5gc_oam" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5GC-OAM" }
   }
-  display_name  = "5GC-OAM vnic Attachment"
-  instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
+  display_name = "5GC-OAM vnic Attachment"
+  instance_id  = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5gc_signalling]
 }
@@ -327,8 +327,8 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5g_ran" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5G RAN" }
   }
-  display_name  = "5G RAN vnic Attachment"
-  instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
+  display_name = "5G RAN vnic Attachment"
+  instance_id  = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5gc_oam]
 }
@@ -341,8 +341,8 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5g_legal_intercept" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5G Legal Intercept" }
   }
-  display_name  = "5G Legal Intercept vnic Attachment"
-  instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
+  display_name = "5G Legal Intercept vnic Attachment"
+  instance_id  = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5g_ran]
 }
@@ -355,8 +355,8 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5g_epc" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5G-EPC" }
   }
-  display_name  = "5G-EPC vnic Attachment"
-  instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
+  display_name = "5G-EPC vnic Attachment"
+  instance_id  = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5g_legal_intercept]
 }

examples/basic-cluster/oke.tf

@@ -1,5 +1,9 @@
+# Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+#
+
 module "oke-quickstart" {
-  source = "github.com/oracle-quickstart/terraform-oci-oke-quickstart?ref=0.8.3"
+  source = "github.com/oracle-quickstart/terraform-oci-oke-quickstart?ref=0.8.15"
 
   # Oracle Cloud Infrastructure Tenancy and Compartment OCID
   tenancy_ocid     = var.tenancy_ocid
@@ -22,4 +26,4 @@ module "oke-quickstart" {
 
   # VCN for OKE arguments
   vcn_cidr_blocks = "10.22.0.0/16"
-}
+}

examples/basic-cluster/providers.tf

@@ -9,7 +9,6 @@ terraform {
       source  = "oracle/oci"
       version = "~> 4, < 5"
       # https://registry.terraform.io/providers/oracle/oci/
-      configuration_aliases = [oci.home_region, oci.current_region]
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
@@ -38,65 +37,3 @@ terraform {
     }
   }
 }
-
-# provider "oci" {
-#   tenancy_ocid = var.tenancy_ocid
-#   region       = var.region
-# }
-
-# provider "oci" {
-#   alias        = "home_region"
-#   tenancy_ocid = var.tenancy_ocid
-#   region       = lookup(data.oci_identity_regions.home_region.regions[0], "name")
-
-#   user_ocid        = var.user_ocid
-#   fingerprint      = var.fingerprint
-#   private_key_path = var.private_key_path
-# }
-
-# provider "oci" {
-#   alias        = "current_region"
-#   tenancy_ocid = var.tenancy_ocid
-#   region       = var.region
-
-#   user_ocid        = var.user_ocid
-#   fingerprint      = var.fingerprint
-#   private_key_path = var.private_key_path
-# }
-
-# New configuration to avoid Terraform Kubernetes provider interpolation. https://registry.terraform.io/providers/hashicorp/kubernetes/2.2.0/docs#stacking-with-managed-kubernetes-cluster-resources
-# Currently need to uncheck to refresh (--refresh=false) when destroying or else the terraform destroy will fail
-
-# # https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengdownloadkubeconfigfile.htm#notes
-# provider "kubernetes" {
-#   host                   = local.cluster_endpoint
-#   cluster_ca_certificate = local.cluster_ca_certificate
-#   exec {
-#     api_version = "client.authentication.k8s.io/v1beta1"
-#     args        = ["ce", "cluster", "generate-token", "--cluster-id", local.cluster_id, "--region", local.cluster_region]
-#     command     = "oci"
-#   }
-# }
-
-# # https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengdownloadkubeconfigfile.htm#notes
-# provider "helm" {
-#   kubernetes {
-#     host                   = local.cluster_endpoint
-#     cluster_ca_certificate = local.cluster_ca_certificate
-#     exec {
-#       api_version = "client.authentication.k8s.io/v1beta1"
-#       args        = ["ce", "cluster", "generate-token", "--cluster-id", local.cluster_id, "--region", local.cluster_region]
-#       command     = "oci"
-#     }
-#   }
-# }
-
-# locals {
-#   # cluster_endpoint = (var.cluster_endpoint_visibility == "Private") ? (
-#   #   "https://${module.oke.orm_private_endpoint_oke_api_ip_address}:6443") : (
-#   # yamldecode(module.oke.kubeconfig)["clusters"][0]["cluster"]["server"])
-#   cluster_endpoint       = yamldecode(module.oke.kubeconfig)["clusters"][0]["cluster"]["server"]
-#   cluster_ca_certificate = base64decode(yamldecode(module.oke.kubeconfig)["clusters"][0]["cluster"]["certificate-authority-data"])
-#   cluster_id             = yamldecode(module.oke.kubeconfig)["users"][0]["user"]["exec"]["args"][4]
-#   cluster_region         = yamldecode(module.oke.kubeconfig)["users"][0]["user"]["exec"]["args"][6]
-# }

examples/basic-cluster/terraform.tfvars.example

@@ -0,0 +1,15 @@
+# Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# OCI authentication
+tenancy_ocid     = "ocid1.tenancy....."
+fingerprint      = "" # e.g.: "5f:53:..." or leave blank if using CloudShell
+user_ocid        = "" # e.g.: "ocid1.user..." or leave blank if using CloudShell
+private_key_path = "" # e.g.: "/users/user/.oci/oci_api_key.pem" or leave blank if using CloudShell
+
+# Deployment compartment
+compartment_ocid = "ocid1.compartment...."
+
+# region
+region = "us-ashburn-1"

examples/basic-cluster/variables.tf

@@ -1,3 +1,7 @@
+# Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+#
+
 # OCI Provider
 variable "tenancy_ocid" {}
 variable "compartment_ocid" {}

examples/basic-with-existing-network/oke.tf

@@ -0,0 +1,38 @@
+# Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+#
+
+module "oke-quickstart" {
+  source = "github.com/oracle-quickstart/terraform-oci-oke-quickstart?ref=0.8.15"
+
+  # Oracle Cloud Infrastructure Tenancy and Compartment OCID
+  tenancy_ocid     = var.tenancy_ocid
+  compartment_ocid = var.compartment_ocid
+  region           = var.region
+
+  # Note: Just few arguments are showing here to simplify the basic example. All other arguments are using default values.
+  # App Name to identify deployment. Used for naming resources.
+  app_name = "Basic with Existent Network"
+
+  # Freeform Tags + Defined Tags. Tags are applied to all resources.
+  tag_values = { "freeformTags" = { "Environment" = "Development", "DeploymentType" = "basic", "QuickstartExample" = "basic-with-existing-network" }, "definedTags" = {} }
+
+  # OKE Node Pool 1 arguments
+  node_pool_cni_type_1                 = "FLANNEL_OVERLAY" # Use "OCI_VCN_IP_NATIVE" for VCN Native PODs Network. If the node pool 1 uses the OCI_VCN_IP_NATIVE, the cluster will also be configured with same cni
+  cluster_autoscaler_enabled           = true
+  node_pool_initial_num_worker_nodes_1 = 3                                                                       # Minimum number of nodes in the node pool
+  node_pool_max_num_worker_nodes_1     = 10                                                                      # Maximum number of nodes in the node pool
+  node_pool_instance_shape_1           = { "instanceShape" = "VM.Standard.E4.Flex", "ocpus" = 2, "memory" = 64 } # If not using a Flex shape, ocpus and memory are ignored
+
+  # VCN for OKE arguments
+  create_new_vcn                = false
+  existent_vcn_ocid             = "ocid1.vcn.oc1.iad.amaaaaaadoggtjaat6nl5pla7kw52nbxpu73erej3nbd4shjhjczn2tfeadq"
+  existent_vcn_compartment_ocid = "" # Optional. Specify if want to create terraform to create the subnets and the VCN is in a different compartment than the OKE cluster
+
+  # Subnet for OKE arguments
+  create_subnets                                     = false
+  existent_oke_k8s_endpoint_subnet_ocid              = "ocid1.subnet.oc1.iad.aaaaaaaakwyp2rkytg3yepvx7qzytff7estok277lda7gjjso3k4wnz6dpoa"
+  existent_oke_nodes_subnet_ocid                     = "ocid1.subnet.oc1.iad.aaaaaaaack6edaxj6vxdxvbgw4ae232to3ou7rpfmv6lyscpbzcetjkeifiq"
+  existent_oke_load_balancer_subnet_ocid             = "ocid1.subnet.oc1.iad.aaaaaaaao6j4ixl23bcp6367he7l5qytuvmm74hrmg4ajiqyfzxowrbrx3pa"
+  existent_oke_vcn_native_pod_networking_subnet_ocid = ""
+}

examples/basic-with-existing-network/outputs.tf

@@ -0,0 +1,38 @@
+# Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+#
+
+# Deployment outputs
+output "deploy_id" {
+  value = module.oke-quickstart.deploy_id
+}
+
+# OKE Outputs
+output "comments" {
+  value = module.oke-quickstart.comments
+}
+output "deployed_oke_kubernetes_version" {
+  value = module.oke-quickstart.deployed_oke_kubernetes_version
+}
+output "deployed_to_region" {
+  value = module.oke-quickstart.deployed_to_region
+}
+output "kubeconfig" {
+  value     = module.oke-quickstart.kubeconfig
+  sensitive = true
+}
+output "kubeconfig_for_kubectl" {
+  value       = module.oke-quickstart.kubeconfig_for_kubectl
+  description = "If using Terraform locally, this command set KUBECONFIG environment variable to run kubectl locally"
+}
+output "dev" {
+  value = module.oke-quickstart.dev
+}
+### Important Security Notice ###
+# The private key generated by this resource will be stored unencrypted in your Terraform state file. 
+# Use of this resource for production deployments is not recommended. 
+# Instead, generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run.
+output "generated_private_key_pem" {
+  value     = module.oke-quickstart.generated_private_key_pem
+  sensitive = true
+}

examples/basic-with-existing-network/providers.tf

@@ -0,0 +1,39 @@
+# Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+#
+
+terraform {
+  required_version = ">= 1.1"
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "~> 4, < 5"
+      # https://registry.terraform.io/providers/oracle/oci/
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2"
+      # https://registry.terraform.io/providers/hashicorp/kubernetes/
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2"
+      # https://registry.terraform.io/providers/hashicorp/helm/
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4"
+      # https://registry.terraform.io/providers/hashicorp/tls/
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "~> 2"
+      # https://registry.terraform.io/providers/hashicorp/local/
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3"
+      # https://registry.terraform.io/providers/hashicorp/random/
+    }
+  }
+}

examples/basic-with-existing-network/terraform.tfvars.example

@@ -0,0 +1,15 @@
+# Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# OCI authentication
+tenancy_ocid     = "ocid1.tenancy....."
+fingerprint      = "" # e.g.: "5f:53:..." or leave blank if using CloudShell
+user_ocid        = "" # e.g.: "ocid1.user..." or leave blank if using CloudShell
+private_key_path = "" # e.g.: "/users/user/.oci/oci_api_key.pem" or leave blank if using CloudShell
+
+# Deployment compartment
+compartment_ocid = "ocid1.compartment...."
+
+# region
+region = "us-ashburn-1"

examples/basic-with-existing-network/variables.tf

@@ -0,0 +1,13 @@
+# OCI Provider
+variable "tenancy_ocid" {}
+variable "compartment_ocid" {}
+variable "region" {}
+variable "user_ocid" {
+  default = ""
+}
+variable "fingerprint" {
+  default = ""
+}
+variable "private_key_path" {
+  default = ""
+}

main.tf

@@ -620,7 +620,7 @@ locals {
           }, {
           description      = "Allow Pods to communicate with Worker Nodes"
           destination      = lookup(local.network_cidrs, "NODES-REGIONAL-SUBNET-CIDR")
-          destination_type = "SERVICE_CIDR_BLOCK"
+          destination_type = "CIDR_BLOCK"
           protocol         = local.security_list_ports.tcp_protocol_number
           stateless        = false
           tcp_options      = { max = -1, min = -1, source_port_range = null }

oci-networking.tf

@@ -2,7 +2,7 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
 # 
 
-# File Version: 0.8.0
+# File Version: 0.9.0
 
 # Dependencies:
 #   - defaults.tf file