Skip to content

Commit 6cc1f89

Browse files
nlamiraultkarthicgit
nlamirault
and
karthicgit
authored
Optional VCN (#467)
* Add: support freeform tags on OKE submodule Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: use existing VCN Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: remove comment Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: remove comment Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Add: freeform tags into service load balancer Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Fix: freeform tags for OKE Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: could use existing ID Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: variables when no VCN creation Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Fix: rename datasource filename Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Fix: variables descriptions Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Fix: typo Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: freeform tags for OKE Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Fix: use locals for storage module Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Fix: rename oci_core_vcns datasource name Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> Co-authored-by: Karthic Ravindran <karthic.ravindran@oracle.com>
1 parent 6460989 commit 6cc1f89

File tree

11 files changed

+154
-24
lines changed

11 files changed

+154
-24
lines changed

datasource.tf

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
# Copyright 2017, 2021 Oracle Corporation and/or affiliates.
2+
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
3+
4+
data "oci_core_vcns" "vcns" {
5+
count = var.create_vcn == true ? 0 : 1
6+
7+
compartment_id = var.compartment_id
8+
display_name = var.vcn_display_name
9+
10+
state = "AVAILABLE"
11+
}
12+
13+
data "oci_core_route_tables" "nat" {
14+
count = var.create_vcn == true ? 0 : 1
15+
16+
compartment_id = var.compartment_id
17+
18+
display_name = var.nat_route_table_display_name
19+
vcn_id = local.vcn_id
20+
21+
state = "AVAILABLE"
22+
}
23+
24+
data "oci_core_route_tables" "ig" {
25+
count = var.create_vcn == true ? 0 : 1
26+
27+
compartment_id = var.compartment_id
28+
29+
display_name = var.ig_route_table_display_name
30+
vcn_id = local.vcn_id
31+
32+
state = "AVAILABLE"
33+
}

examples/verrazzano/oke.tf

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,20 @@ module "oke" {
7070
security = "high"
7171
verrazzano = "dev"
7272
}
73+
oke = {
74+
cluster = {
75+
environment = "dev"
76+
role = "cluster"
77+
}
78+
service_lb = {
79+
environment = "dev"
80+
role = "load balancer"
81+
}
82+
node_pool = {
83+
environment = "dev"
84+
role = "node-pool"
85+
}
86+
}
7387
}
7488

7589
providers = {

examples/verrazzano/terraform.tfvars.example

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,4 +18,12 @@ ssh_private_key_path = "~/.ssh/id_rsa"
1818
ssh_public_key_path = "~/.ssh/id_rsa.pub"
1919

2020
verrazzano_version = "1.0.3"
21-
verrazzano_name = "v8o"
21+
verrazzano_name = "v8o"
22+
23+
create_vcn = false
24+
vcn_display_name = ""
25+
vcn_id = ""
26+
ig_route_table_display_name = ""
27+
ig_route_table_id = ""
28+
nat_route_table_display_name = ""
29+
nat_route_table_id = ""

locals.tf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,8 @@ locals {
55
bastion_public_ip = var.create_bastion_host == true ? module.bastion[0].bastion_public_ip : ""
66
operator_private_ip = var.create_operator == true ? module.operator[0].operator_private_ip : ""
77
operator_instance_principal_group_name = var.create_operator == true ? module.operator[0].operator_instance_principal_group_name : ""
8+
9+
vcn_id = var.create_vcn == true ? module.vcn[0].vcn_id : coalesce(var.vcn_id, data.oci_core_vcns.vcns[0].virtual_networks[0].id)
10+
ig_route_id = var.create_vcn == true ? module.vcn[0].ig_route_id : coalesce(var.ig_route_table_id, data.oci_core_route_tables.ig[0].route_tables[0].id)
11+
nat_route_id = var.create_vcn == true ? module.vcn[0].nat_route_id : coalesce(var.nat_route_table_id, data.oci_core_route_tables.nat[0].route_tables[0].id)
812
}

main.tf

Lines changed: 13 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ module "vcn" {
3030
internet_gateway_route_rules = var.internet_gateway_route_rules
3131
nat_gateway_route_rules = var.nat_gateway_route_rules
3232

33-
33+
count = var.create_vcn == true ? 1 : 0
3434
}
3535

3636

@@ -46,10 +46,10 @@ module "bastion" {
4646
# networking
4747
availability_domain = var.availability_domains["bastion"]
4848
bastion_access = var.bastion_access
49-
ig_route_id = module.vcn.ig_route_id
49+
ig_route_id = local.ig_route_id
5050
netnum = lookup(var.subnets["bastion"], "netnum")
5151
newbits = lookup(var.subnets["bastion"], "newbits")
52-
vcn_id = module.vcn.vcn_id
52+
vcn_id = local.vcn_id
5353

5454
# bastion host parameters
5555
bastion_image_id = var.bastion_image_id
@@ -94,11 +94,11 @@ module "operator" {
9494

9595
# networking
9696
availability_domain = var.availability_domains["operator"]
97-
nat_route_id = module.vcn.nat_route_id
97+
nat_route_id = local.nat_route_id
9898
netnum = lookup(var.subnets["operator"], "netnum")
9999
newbits = lookup(var.subnets["operator"], "newbits")
100100
nsg_ids = var.operator_nsg_ids
101-
vcn_id = module.vcn.vcn_id
101+
vcn_id = local.vcn_id
102102

103103
# operator host parameters
104104
operator_image_id = var.operator_image_id
@@ -143,7 +143,7 @@ module "bastionsvc" {
143143
bastion_service_access = var.bastion_service_access
144144
bastion_service_name = var.bastion_service_name
145145
bastion_service_target_subnet = var.bastion_service_target_subnet
146-
vcn_id = module.vcn.vcn_id
146+
vcn_id = local.vcn_id
147147

148148
depends_on = [
149149
module.operator
@@ -162,10 +162,10 @@ module "network" {
162162
label_prefix = var.label_prefix
163163

164164
# oke networking parameters
165-
ig_route_id = module.vcn.ig_route_id
166-
nat_route_id = module.vcn.nat_route_id
165+
ig_route_id = local.ig_route_id
166+
nat_route_id = local.nat_route_id
167167
subnets = var.subnets
168-
vcn_id = module.vcn.vcn_id
168+
vcn_id = local.vcn_id
169169

170170

171171
# control plane endpoint parameters
@@ -200,7 +200,7 @@ module "network" {
200200
]
201201
}
202202

203-
# cluster creation for oke
203+
# # cluster creation for oke
204204
module "oke" {
205205
source = "./modules/oke"
206206

@@ -224,7 +224,7 @@ module "oke" {
224224
cluster_options_kubernetes_network_config_pods_cidr = var.pods_cidr
225225
cluster_options_kubernetes_network_config_services_cidr = var.services_cidr
226226
cluster_subnets = module.network.subnet_ids
227-
vcn_id = module.vcn.vcn_id
227+
vcn_id = local.vcn_id
228228
use_cluster_encryption = var.use_cluster_encryption
229229
cluster_kms_key_id = var.cluster_kms_key_id
230230
create_policies = var.create_policies
@@ -251,8 +251,6 @@ module "oke" {
251251
# worker nsgs
252252
worker_nsgs = concat(var.worker_nsgs, [module.network.worker_nsg_id])
253253

254-
255-
# freeform_tags
256254
freeform_tags = var.freeform_tags["oke"]
257255

258256
depends_on = [
@@ -276,8 +274,8 @@ module "storage" {
276274

277275
# FSS network information
278276
subnets = var.subnets
279-
vcn_id = module.vcn.vcn_id
280-
nat_route_id = module.vcn.nat_route_id
277+
vcn_id = local.vcn_id
278+
nat_route_id = local.nat_route_id
281279

282280
fss_mount_path = var.fss_mount_path
283281

modules/oke/cluster.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@ resource "oci_containerengine_cluster" "k8s_cluster" {
3939
}
4040
}
4141

42+
freeform_tags = var.freeform_tags["cluster"]
43+
4244
options {
4345
add_ons {
4446
is_kubernetes_dashboard_enabled = var.cluster_options_add_ons_is_kubernetes_dashboard_enabled

modules/oke/iam.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ resource "oci_identity_dynamic_group" "oke_kms_cluster" {
2121
name = var.label_prefix == "none" ? "oke-kms-cluster" : "${var.label_prefix}-oke-kms-cluster"
2222
count = var.use_cluster_encryption == true && var.create_policies == true ? 1 : 0
2323

24+
freeform_tags = var.freeform_tags
25+
2426
lifecycle {
2527
ignore_changes = [matching_rule]
2628
}
@@ -32,8 +34,13 @@ resource "oci_identity_policy" "oke_kms" {
3234
description = "policy to allow dynamic group ${var.label_prefix}-oke-kms-cluster to use KMS to encrypt etcd"
3335
depends_on = [oci_identity_dynamic_group.oke_kms_cluster]
3436
name = var.label_prefix == "none" ? "oke-kms" : "${var.label_prefix}-oke-kms"
37+
38+
freeform_tags = var.freeform_tags
39+
3540
statements = [local.cluster_kms_policy_statement]
41+
3642
count = var.use_cluster_encryption == true && var.create_policies == true ? 1 : 0
43+
3744
}
3845

3946
resource "oci_identity_policy" "oke_volume_kms" {
@@ -42,5 +49,7 @@ resource "oci_identity_policy" "oke_volume_kms" {
4249
description = "Policies for block volumes to access kms key"
4350
name = var.label_prefix == "none" ? "oke-volume-kms" : "${var.label_prefix}-oke-volume-kms"
4451
statements = local.oke_volume_kms_policy_statements
52+
4553
count = var.use_node_pool_volume_encryption == true && var.create_policies == true ? 1 : 0
54+
4655
}

modules/oke/nodepools.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ resource "oci_containerengine_node_pool" "nodepools" {
1010
kubernetes_version = var.cluster_kubernetes_version
1111
name = var.label_prefix == "none" ? each.key : "${var.label_prefix}-${each.key}"
1212

13+
freeform_tags = var.freeform_tags["node_pool"]
14+
1315
node_config_details {
1416

1517
dynamic "placement_configs" {

outputs.tf

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,15 +13,14 @@ output "nodepool_ids" {
1313
value = module.oke.nodepool_ids
1414
}
1515

16-
1716
output "ig_route_id" {
1817
description = "id of route table to vcn internet gateway"
19-
value = module.vcn.ig_route_id
18+
value = local.ig_route_id
2019
}
2120

2221
output "nat_route_id" {
2322
description = "id of route table to nat gateway attached to vcn"
24-
value = module.vcn.nat_route_id
23+
value = local.nat_route_id
2524
}
2625

2726
output "int_lb_nsg" {
@@ -41,7 +40,7 @@ output "subnet_ids" {
4140

4241
output "vcn_id" {
4342
description = "id of vcn where oke is created. use this vcn id to add additional resources"
44-
value = module.vcn.vcn_id
43+
value = local.vcn_id
4544
}
4645

4746
# convenient output

terraform.tfvars.example

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -57,9 +57,17 @@ subnets = {
5757
fss = { netnum = 18, newbits = 11 }
5858
}
5959

60-
vcn_cidrs = ["10.0.0.0/16"]
61-
vcn_dns_label = "oke"
62-
vcn_name = "vcnoke"
60+
create_vcn = true
61+
vcn_cidrs = ["10.0.0.0/16"]
62+
vcn_dns_label = "oke"
63+
vcn_name = "vcnoke"
64+
vcn_display_name = ""
65+
vcn_id = ""
66+
ig_route_table_display_name = ""
67+
ig_route_table_id = ""
68+
nat_route_table_display_name = ""
69+
nat_route_table_id = ""
70+
6371

6472
# bastion host
6573
create_bastion_host = true
@@ -249,10 +257,18 @@ freeform_tags = {
249257
security = "high"
250258
}
251259
oke = {
252-
service_lb = {
260+
cluster = {
261+
environment = "dev"
262+
role = "cluster"
263+
}
264+
service_lb = {
253265
environment = "dev"
254266
role = "load balancer"
255267
}
268+
node_pool = {
269+
environment = "dev"
270+
role = "node-pool"
271+
}
256272
}
257273
}
258274

0 commit comments

Comments
 (0)