cluster tools update

Signed-off-by: junior <junior@users.noreply.github.com>

Author: junior

module-oke.tf

@@ -11,10 +11,10 @@ module "vault" {
   }
 
   # Oracle Cloud Infrastructure Tenancy and Compartment OCID
-  tenancy_ocid     = var.tenancy_ocid
+  tenancy_ocid = var.tenancy_ocid
 
-  # App Details
-  app_details = local.app_details
+  # Deployment Tags + Freeform Tags
+  freeform_deployment_tags = local.freeform_deployment_tags
 
   # Encryption (OCI Vault/Key Management/KMS)
   use_encryption_from_oci_vault = var.use_encryption_from_oci_vault
@@ -43,15 +43,13 @@ module "oke" {
   compartment_ocid = local.oke_compartment_ocid
   region           = var.region
 
-  # App Details
-  app_details = local.app_details
+  # Deployment Tags + Freeform Tags
+  freeform_deployment_tags = local.freeform_deployment_tags
 
   # OKE Cluster
   ## create_new_oke_cluster
-  create_new_oke_cluster         = var.create_new_oke_cluster
-  existent_oke_cluster_id        = var.existent_oke_cluster_id
-  # create_new_compartment_for_oke = var.create_new_compartment_for_oke
-  # oke_compartment_description    = var.oke_compartment_description
+  create_new_oke_cluster  = var.create_new_oke_cluster
+  existent_oke_cluster_id = var.existent_oke_cluster_id
 
   ## Cluster Workers visibility
   cluster_workers_visibility = var.cluster_workers_visibility
@@ -67,72 +65,65 @@ module "oke" {
   create_compartment_policies                   = var.create_compartment_policies
 
   ## Encryption (OCI Vault/Key Management/KMS)
-  oci_vault_key_id_oke_secrets = module.vault.oci_vault_key_id
+  oci_vault_key_id_oke_secrets      = module.vault.oci_vault_key_id
   oci_vault_key_id_oke_image_policy = module.vault.oci_vault_key_id
-  # use_encryption_from_oci_vault = var.use_encryption_from_oci_vault
-  # create_new_encryption_key     = var.create_new_encryption_key
-  # existent_encryption_key_id    = var.existent_encryption_key_id
-
-  ## Enable Cluster Autoscaler
-  cluster_autoscaler_enabled = var.cluster_autoscaler_enabled
-  # cluster_autoscaler_min_nodes            = var.cluster_autoscaler_min_nodes
-  # cluster_autoscaler_max_nodes            = var.cluster_autoscaler_max_nodes
-  # existent_oke_nodepool_id_for_autoscaler = var.existent_oke_nodepool_id_for_autoscaler
-
-  # ## OKE Worker Nodes (Compute)
-  # num_pool_workers                          = var.cluster_autoscaler_enabled ? var.cluster_autoscaler_min_nodes : var.num_pool_workers
-  # node_pool_shape                           = var.node_pool_instance_shape.instanceShape
-  # node_pool_node_shape_config_ocpus         = var.node_pool_instance_shape.ocpus
-  # node_pool_node_shape_config_memory_in_gbs = var.node_pool_instance_shape.memory
-  # generate_public_ssh_key                   = var.generate_public_ssh_key
-  # public_ssh_key                            = var.public_ssh_key
 }
 
 module "oke_node_pool" {
-  source = "./modules/oke-node-pool"
+  for_each = { for map in local.node_pools : map.node_pool_name => map }
+  source   = "./modules/oke-node-pool"
 
-  # App Details
-  app_details = local.app_details
+  # Deployment Tags + Freeform Tags
+  freeform_deployment_tags = local.freeform_deployment_tags
 
   # Oracle Cloud Infrastructure Tenancy and Compartment OCID
-  tenancy_ocid     = var.tenancy_ocid
+  tenancy_ocid = var.tenancy_ocid
 
   # OKE Cluster Details
-  oke_cluster_ocid = module.oke.oke_cluster_ocid
+  oke_cluster_ocid             = module.oke.oke_cluster_ocid
   oke_cluster_compartment_ocid = local.oke_compartment_ocid
+  create_new_node_pool         = var.create_new_oke_cluster
 
   # OKE Worker Nodes (Compute)
-  num_pool_workers                          = var.num_pool_workers
-  node_pool_shape                           = var.node_pool_instance_shape.instanceShape
-  node_pool_node_shape_config_ocpus         = var.node_pool_instance_shape.ocpus
-  node_pool_node_shape_config_memory_in_gbs = var.node_pool_instance_shape.memory
-  generate_public_ssh_key                   = var.generate_public_ssh_key
-  public_ssh_key                            = var.public_ssh_key
+  node_pool_name                            = each.value.node_pool_name
+  node_pool_min_nodes                       = each.value.node_pool_min_nodes
+  node_pool_max_nodes                       = each.value.node_pool_max_nodes
+  node_k8s_version                          = each.value.node_k8s_version
+  node_pool_shape                           = each.value.node_pool_shape
+  node_pool_node_shape_config_ocpus         = each.value.node_pool_node_shape_config_ocpus
+  node_pool_node_shape_config_memory_in_gbs = each.value.node_pool_node_shape_config_memory_in_gbs
+  public_ssh_key                            = local.workers_public_ssh_key
 
   # OKE Network Details
   oke_vcn_nodes_subnet_ocid = module.oke.oke_vcn_nodes_subnet_ocid
 
   # Encryption (OCI Vault/Key Management/KMS)
   oci_vault_key_id_oke_node_boot_volume = module.vault.oci_vault_key_id
 }
+locals {
+  node_pools = [
+    {
+      node_pool_name                            = var.node_pool_name != "" ? var.node_pool_name : "pool1" # Must be unique
+      node_pool_min_nodes                       = var.cluster_autoscaler_enabled ? var.cluster_autoscaler_min_nodes_1 : var.num_pool_workers
+      node_pool_max_nodes                       = var.cluster_autoscaler_max_nodes_1
+      node_k8s_version                          = var.k8s_version # TODO: Allow to set different version for each node pool
+      node_pool_shape                           = var.node_pool_instance_shape.instanceShape
+      node_pool_node_shape_config_ocpus         = var.node_pool_instance_shape.ocpus
+      node_pool_node_shape_config_memory_in_gbs = var.node_pool_instance_shape.memory
+      node_pool_boot_volume_size_in_gbs         = var.node_pool_boot_volume_size_in_gbs
+    },
+  ]
+}
 
 module "oke_cluster_autoscaler" {
   source = "./modules/oke-cluster-autoscaler"
 
   # Oracle Cloud Infrastructure Tenancy and Compartment OCID
-  # tenancy_ocid     = var.tenancy_ocid
-  # compartment_ocid = var.compartment_ocid
   region = var.region
 
   ## Enable Cluster Autoscaler
   cluster_autoscaler_enabled = var.cluster_autoscaler_enabled
-  # cluster_autoscaler_min_nodes            = var.cluster_autoscaler_min_nodes
-  # cluster_autoscaler_max_nodes            = var.cluster_autoscaler_max_nodes
-  # existent_oke_nodepool_id_for_autoscaler = var.existent_oke_nodepool_id_for_autoscaler
-  oke_node_pools = var.oke_node_pools
-
-  ## Nodes Kubernetes Version
-  k8s_version = var.k8s_version
+  oke_node_pools             = values(module.oke_node_pool)
 
   depends_on = [module.oke, module.oke_node_pool]
 }
@@ -142,14 +133,6 @@ variable "app_name" {
   default     = "K8s App"
   description = "Application name. Will be used as prefix to identify resources, such as OKE, VCN, ATP, and others"
 }
-variable "app_deployment_environment" {
-  default     = "generic" # e.g.: Development, QA, Stage, ...
-  description = "Deployment environment for the freeform tags"
-}
-variable "app_deployment_type" {
-  default     = "generic" # e.g.: App Type 1, App Type 2, Red, Purple, ...
-  description = "Deployment type for the freeform tags"
-}
 variable "create_new_oke_cluster" {
   default     = true
   description = "Creates a new OKE cluster, node pool and network resources"
@@ -216,30 +199,14 @@ variable "cluster_autoscaler_enabled" {
   default     = true
   description = "Enables OKE cluster autoscaler. Node pools will auto scale based on the resources usage"
 }
-variable "oke_node_pools" {
-  type = list(any)
-
-  default = [
-    {
-      node_pool_id         = "" # TODO: node pool Id from module
-      node_pool_min_nodes  = 3
-      node_pool__max_nodes = 10
-    }
-  ]
-  description = "Node pools (id, min_nodes, max_nodes) to use with Cluster Autoscaler"
+variable "cluster_autoscaler_min_nodes_1" {
+  default     = 3
+  description = "Minimum number of nodes on the node pool to be scheduled by the Kubernetes"
+}
+variable "cluster_autoscaler_max_nodes_1" {
+  default     = 10
+  description = "Maximum number of nodes on the node pool to be scheduled by the Kubernetes"
 }
-# variable "cluster_autoscaler_min_nodes" {
-#   default     = 3
-#   description = "Minimum number of nodes on the node pool to be scheduled by the Kubernetes"
-# }
-# variable "cluster_autoscaler_max_nodes" {
-#   default     = 10
-#   description = "Maximum number of nodes on the node pool to be scheduled by the Kubernetes"
-# }
-# variable "existent_oke_nodepool_id_for_autoscaler" {
-#   default     = ""
-#   description = "Nodepool Id of the existent OKE to use with Cluster Autoscaler"
-# }
 
 ## OKE Node Pool Details
 variable "node_pool_name" {
@@ -248,7 +215,7 @@ variable "node_pool_name" {
 }
 variable "k8s_version" {
   default     = "Latest"
-  description = "Kubernetes version installed on your master and worker nodes. If not version select, will use the latest available."
+  description = "Kubernetes version installed on your Control Plane and worker nodes. If not version select, will use the latest available."
 }
 variable "num_pool_workers" {
   default     = 3
@@ -299,31 +266,45 @@ variable "create_compartment_policies" {
   description = "Creates policies that will reside on the compartment. e.g.: Policies to support Cluster Autoscaler, OCI Logging datasource on Grafana"
 }
 
+variable "tag_values" {
+  type = map(any)
+  default = { "freeformTags" = {
+    "Environment" = "Development",     # e.g.: Demo, Sandbox, Development, QA, Stage, ...
+  "DeploymentType" = "generic" } } # e.g.: App Type 1, App Type 2, Red, Purple, ...
+  description = "Use Tagging to add metadata to resources. All resources created by this stack will be tagged with the selected tag values."
+}
+
 resource "random_string" "deploy_id" {
   length  = 4
   special = false
 }
 
 resource "oci_identity_compartment" "oke_compartment" {
   compartment_id = var.compartment_ocid
-  name           = "${local.app_details.app_name_normalized}-${local.deploy_id}"
+  name           = "${local.app_name_normalized}-${local.deploy_id}"
   description    = "${var.app_name} ${var.oke_compartment_description} (Deployment ${local.deploy_id})"
   enable_delete  = true
 
   count = var.create_new_compartment_for_oke ? 1 : 0
 }
 
+# Generate ssh keys to access Worker Nodes, if generate_public_ssh_key=true, applies to the pool
+resource "tls_private_key" "oke_worker_node_ssh_key" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
 # Locals
 locals {
-  deploy_id = random_string.deploy_id.result
+  deploy_id            = random_string.deploy_id.result
   oke_compartment_ocid = var.create_new_compartment_for_oke ? oci_identity_compartment.oke_compartment.0.id : var.compartment_ocid
-  app_details = {
-    "app_name" = var.app_name
-    "app_name_normalized" = substr(replace(lower(var.app_name), " ", "-"), 0, 6)
-    "app_deployment_environment" = var.app_deployment_environment
-    "app_deployment_type" = var.app_deployment_type
-    "app_deployment_id" = local.deploy_id
-  }
+  deploy_tags = {
+    "DeploymentID" = local.deploy_id,
+    "AppName"      = var.app_name,
+  "Quickstart" = "oke_base" }
+  freeform_deployment_tags = merge(var.tag_values.freeformTags, local.deploy_tags)
+  workers_public_ssh_key   = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.public_key_openssh : var.public_ssh_key
+  app_name_normalized      = substr(replace(lower(var.app_name), " ", "-"), 0, 6)
 }
 
 # OKE Outputs
@@ -341,7 +322,8 @@ output "deployed_to_region" {
   value = module.oke.deployed_to_region
 }
 output "kubeconfig" {
-  value = module.oke.kubeconfig
+  value     = module.oke.kubeconfig
+  sensitive = true
 }
 output "kubeconfig_for_kubectl" {
   value       = module.oke.kubeconfig_for_kubectl
@@ -355,7 +337,7 @@ output "dev" {
 # Use of this resource for production deployments is not recommended. 
 # Instead, generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run.
 output "generated_private_key_pem" {
-  value     = module.oke_node_pool.generated_private_key_pem
+  value     = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.private_key_pem : "No Keys Auto Generated"
   sensitive = true
 }
 
@@ -368,11 +350,3 @@ output "generated_private_key_pem" {
 # output "oke_debug_oke_endpoints" {
 #   value = module.oke.oke_debug_oke_endpoints
 # }
-
-output "debug_k8s_version_calculated" {
-  value = module.oke.debug_k8s_version_calculated
-}
-
-output "debug_k8s_version_var" {
-  value = module.oke.debug_k8s_version_var
-}

modules/cluster-tools/cluster-tools.tf

@@ -13,13 +13,13 @@ locals {
   # Helm repos
   helm_repository = {
     ingress_nginx          = "https://kubernetes.github.io/ingress-nginx"
-    ingress_nginx_version  = "4.2.0"
+    ingress_nginx_version  = "4.2.3"
     jetstack               = "https://charts.jetstack.io" # cert-manager
-    jetstack_version       = "1.8.2"                      # cert-manager
+    jetstack_version       = "1.9.1"                      # cert-manager
     grafana                = "https://grafana.github.io/helm-charts"
-    grafana_version        = "6.32.5"
+    grafana_version        = "6.34.0"
     prometheus             = "https://prometheus-community.github.io/helm-charts"
-    prometheus_version     = "15.10.5"
+    prometheus_version     = "15.12.0"
     metrics_server         = "https://kubernetes-sigs.github.io/metrics-server"
     metrics_server_version = "3.8.2"
   }