Initial load

terraform-provider-oci/oke-quickstartz/VERSION

@@ -0,0 +1 @@
+0.9.2

terraform-provider-oci/oke-quickstartz/cluster-tools.tf

@@ -0,0 +1,141 @@
+# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+################################################################################
+# Module: Kubernetes Cluster Tools
+################################################################################
+module "cluster-tools" {
+  source = "./modules/cluster-tools"
+
+  # Oracle Cloud Infrastructure Tenancy and Compartment OCID
+  tenancy_ocid = var.tenancy_ocid
+  # compartment_ocid = var.compartment_ocid
+  region = var.region
+
+  # Deployment Tags + Freeform Tags + Defined Tags
+  oci_tag_values = local.oci_tag_values
+
+  # Cluster Tools
+  ## Namespace
+  cluster_tools_namespace = "cluster-tools"
+
+  ## Ingress Controller
+  ingress_nginx_enabled                = var.ingress_nginx_enabled
+  ingress_load_balancer_shape          = var.ingress_load_balancer_shape
+  ingress_load_balancer_shape_flex_min = var.ingress_load_balancer_shape_flex_min
+  ingress_load_balancer_shape_flex_max = var.ingress_load_balancer_shape_flex_max
+
+  ## Ingress
+  ingress_hosts                = var.ingress_hosts
+  ingress_tls                  = var.ingress_tls
+  ingress_cluster_issuer       = var.ingress_cluster_issuer
+  ingress_email_issuer         = var.ingress_email_issuer
+  ingress_hosts_include_nip_io = var.ingress_hosts_include_nip_io
+  nip_io_domain                = var.nip_io_domain
+
+  ## Cert Manager
+  cert_manager_enabled = var.cert_manager_enabled
+
+  ## Metrics Server
+  metrics_server_enabled = var.metrics_server_enabled
+
+  ## Prometheus
+  prometheus_enabled = var.prometheus_enabled
+
+  ## Grafana
+  grafana_enabled = var.grafana_enabled
+
+  depends_on = [module.oke, module.oke_node_pools, module.oke_cluster_autoscaler]
+}
+
+# Kubernetes Cluster Tools
+## IngressController/LoadBalancer
+variable "ingress_nginx_enabled" {
+  default     = false
+  description = "Enable Ingress Nginx for Kubernetes Services (This option provision a Load Balancer)"
+}
+variable "ingress_load_balancer_shape" {
+  default     = "flexible" # Flexible, 10Mbps, 100Mbps, 400Mbps or 8000Mps
+  description = "Shape that will be included on the Ingress annotation for the OCI Load Balancer creation"
+}
+variable "ingress_load_balancer_shape_flex_min" {
+  default     = "10"
+  description = "Enter the minimum size of the flexible shape."
+}
+variable "ingress_load_balancer_shape_flex_max" {
+  default     = "100" # From 10 to 8000. Cannot be lower than ingress_load_balancer_shape_flex_min
+  description = "Enter the maximum size of the flexible shape (Should be bigger than minimum size). The maximum service limit is set by your tenancy limits."
+}
+## Ingresses
+variable "ingress_hosts" {
+  default     = ""
+  description = "Enter a valid full qualified domain name (FQDN). You will need to map the domain name to the EXTERNAL-IP address on your DNS provider (DNS Registry type - A). If you have multiple domain names, include separated by comma. e.g.: mushop.example.com,catshop.com"
+}
+variable "ingress_hosts_include_nip_io" {
+  default     = true
+  description = "Include app_name.HEXXX.nip.io on the ingress hosts. e.g.: mushop.HEXXX.nip.io"
+}
+variable "nip_io_domain" {
+  default     = "nip.io"
+  description = "Dynamic wildcard DNS for the application hostname. Should support hex notation. e.g.: nip.io"
+}
+variable "ingress_tls" {
+  default     = false
+  description = "If enabled, will generate SSL certificates to enable HTTPS for the ingress using the Certificate Issuer"
+}
+variable "ingress_cluster_issuer" {
+  default     = "letsencrypt-prod"
+  description = "Certificate issuer type. Currently supports the free Let's Encrypt and Self-Signed. Only *letsencrypt-prod* generates valid certificates"
+}
+variable "ingress_email_issuer" {
+  default     = "[email protected]"
+  description = "You must replace this email address with your own. The certificate provider will use this to contact you about expiring certificates, and issues related to your account."
+}
+
+## Cert Manager
+variable "cert_manager_enabled" {
+  default     = false
+  description = "Enable x509 Certificate Management"
+}
+
+## Metrics Server
+variable "metrics_server_enabled" {
+  default     = true
+  description = "Enable Metrics Server for Metrics, HPA, VPA and Cluster Autoscaler"
+}
+
+## Prometheus
+variable "prometheus_enabled" {
+  default     = false
+  description = "Enable Prometheus"
+}
+
+## Grafana
+variable "grafana_enabled" {
+  default     = false
+  description = "Enable Grafana Dashboards. Includes example dashboards and Prometheus, OCI Logging and OCI Metrics datasources"
+}
+
+# Cluster Tools Outputs
+## grafana
+output "grafana_admin_password" {
+  value     = module.cluster-tools.grafana_admin_password
+  sensitive = true
+}
+
+## Ingress Controller
+locals {
+  app_domain   = module.cluster-tools.ingress_controller_load_balancer_hostname
+  url_protocol = module.cluster-tools.url_protocol
+}
+
+output "grafana_url" {
+  value       = (var.grafana_enabled && var.ingress_nginx_enabled) ? format("${local.url_protocol}://%s/grafana", local.app_domain) : null
+  description = "Grafana Dashboards URL"
+}
+
+output "app_url" {
+  value       = (var.ingress_nginx_enabled) ? format("${local.url_protocol}://%s", local.app_domain) : null
+  description = "Application URL"
+}

terraform-provider-oci/oke-quickstartz/datasources.tf

@@ -0,0 +1,28 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# # Gets home and current regions
+# data "oci_identity_tenancy" "tenant_details" {
+#   tenancy_id = var.tenancy_ocid
+
+#   provider = oci.current_region
+# }
+
+# data "oci_identity_regions" "home_region" {
+#   filter {
+#     name   = "key"
+#     values = [data.oci_identity_tenancy.tenant_details.home_region_key]
+#   }
+
+#   provider = oci.current_region
+# }
+
+# Available OCI Services
+data "oci_core_services" "all_services_network" {
+  filter {
+    name   = "name"
+    values = ["All .* Services In Oracle Services Network"]
+    regex  = true
+  }
+}

terraform-provider-oci/oke-quickstartz/defaults.tf

@@ -0,0 +1,111 @@
+# Copyright (c) 2022-2023 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# File Version: 0.1.0
+
+# Dependencies:
+#   - terraform-oci-networking module
+
+################################################################################
+# If you have extra configurations to add, you can add them here.
+# It's supported to include:
+#   - Extra Node Pools and their configurations
+#   - Extra subnets
+#   - Extra route tables and security lists
+################################################################################
+
+################################################################################
+# Deployment Defaults
+################################################################################
+locals {
+  deploy_id   = random_string.deploy_id.result
+  deploy_tags = { "DeploymentID" = local.deploy_id, "AppName" = local.app_name, "Quickstart" = "terraform-oci-oke-quickstart", "OKEclusterName" = "${local.app_name} (${local.deploy_id})" }
+  oci_tag_values = {
+    "freeformTags" = merge(var.tag_values.freeformTags, local.deploy_tags),
+    "definedTags"  = var.tag_values.definedTags
+  }
+  app_name            = var.app_name
+  app_name_normalized = substr(replace(lower(local.app_name), " ", "-"), 0, 6)
+  app_name_for_dns    = substr(lower(replace(local.app_name, "/\\W|_|\\s/", "")), 0, 6)
+}
+
+resource "random_string" "deploy_id" {
+  length  = 4
+  special = false
+}
+
+################################################################################
+# Required locals for the oci-networking and oke modules
+################################################################################
+locals {
+  node_pools                    = concat(local.node_pool_1, local.extra_node_pools, var.extra_node_pools)
+  create_new_vcn                = (var.create_new_oke_cluster && var.create_new_vcn) ? true : false
+  vcn_display_name              = "[${local.app_name}] VCN for OKE (${local.deploy_id})"
+  create_subnets                = (var.create_subnets) ? true : false
+  subnets                       = concat(local.subnets_oke, local.extra_subnets, var.extra_subnets)
+  route_tables                  = concat(local.route_tables_oke, var.extra_route_tables)
+  security_lists                = concat(local.security_lists_oke, var.extra_security_lists)
+  resolved_vcn_compartment_ocid = (var.create_new_compartment_for_oke ? local.oke_compartment_ocid : var.compartment_ocid)
+  pre_vcn_cidr_blocks           = split(",", var.vcn_cidr_blocks)
+  vcn_cidr_blocks               = contains(module.vcn.cidr_blocks, local.pre_vcn_cidr_blocks[0]) ? distinct(concat([local.pre_vcn_cidr_blocks[0]], module.vcn.cidr_blocks)) : module.vcn.cidr_blocks
+  network_cidrs = {
+    VCN-MAIN-CIDR                                  = local.vcn_cidr_blocks[0]                     # e.g.: "10.20.0.0/16" = 65536 usable IPs
+    ENDPOINT-REGIONAL-SUBNET-CIDR                  = cidrsubnet(local.vcn_cidr_blocks[0], 12, 0)  # e.g.: "10.20.0.0/28" = 15 usable IPs
+    NODES-REGIONAL-SUBNET-CIDR                     = cidrsubnet(local.vcn_cidr_blocks[0], 6, 3)   # e.g.: "10.20.12.0/22" = 1021 usable IPs (10.20.12.0 - 10.20.15.255)
+    LB-REGIONAL-SUBNET-CIDR                        = cidrsubnet(local.vcn_cidr_blocks[0], 6, 4)   # e.g.: "10.20.16.0/22" = 1021 usable IPs (10.20.16.0 - 10.20.19.255)
+    FSS-MOUNT-TARGETS-REGIONAL-SUBNET-CIDR         = cidrsubnet(local.vcn_cidr_blocks[0], 10, 81) # e.g.: "10.20.20.64/26" = 62 usable IPs (10.20.20.64 - 10.20.20.255)
+    APIGW-FN-REGIONAL-SUBNET-CIDR                  = cidrsubnet(local.vcn_cidr_blocks[0], 8, 30)  # e.g.: "10.20.30.0/24" = 254 usable IPs (10.20.30.0 - 10.20.30.255)
+    VCN-NATIVE-POD-NETWORKING-REGIONAL-SUBNET-CIDR = cidrsubnet(local.vcn_cidr_blocks[0], 1, 1)   # e.g.: "10.20.128.0/17" = 32766 usable IPs (10.20.128.0 - 10.20.255.255)
+    BASTION-REGIONAL-SUBNET-CIDR                   = cidrsubnet(local.vcn_cidr_blocks[0], 12, 32) # e.g.: "10.20.2.0/28" = 15 usable IPs (10.20.2.0 - 10.20.2.15)
+    PODS-CIDR                                      = "10.244.0.0/16"
+    KUBERNETES-SERVICE-CIDR                        = "10.96.0.0/16"
+    ALL-CIDR                                       = "0.0.0.0/0"
+  }
+}
+
+################################################################################
+# Extra OKE node pools
+# Example commented out below
+################################################################################
+locals {
+  extra_node_pools = [
+    # {
+    #   node_pool_name                            = "GPU" # Must be unique
+    #   node_pool_autoscaler_enabled            = false
+    #   node_pool_min_nodes                       = 1
+    #   node_pool_max_nodes                       = 2
+    #   node_k8s_version                          = var.k8s_version
+    #   node_pool_shape                           = "BM.GPU.A10.4"
+    #   node_pool_shape_specific_ad                = 3 # Optional, if not provided or set = 0, will be randomly assigned
+    #   node_pool_node_shape_config_ocpus         = 1
+    #   node_pool_node_shape_config_memory_in_gbs = 1
+    #   node_pool_boot_volume_size_in_gbs         = "100"
+    #   existent_oke_nodepool_id_for_autoscaler   = null
+    #   node_pool_alternative_subnet              = null # Optional, name of previously created subnet
+    #   image_operating_system                    = null
+    #   image_operating_system_version            = null
+    #   extra_initial_node_labels                 = [{ key = "app.pixel/gpu", value = "true" }]
+    #   cni_type                                  = "FLANNEL_OVERLAY" # "FLANNEL_OVERLAY" or "OCI_VCN_IP_NATIVE"
+    # },
+  ]
+}
+
+locals {
+  extra_subnets = [
+    # {
+    #   subnet_name                = "opensearch_subnet"
+    #   cidr_block                 = cidrsubnet(local.vcn_cidr_blocks[0], 8, 35) # e.g.: "10.20.35.0/24" = 254 usable IPs (10.20.35.0 - 10.20.35.255)
+    #   display_name               = "OCI OpenSearch Service subnet (${local.deploy_id})" # If null, is autogenerated
+    #   dns_label                  = "opensearch${local.deploy_id}" # If null, disable dns label
+    #   prohibit_public_ip_on_vnic = false
+    #   prohibit_internet_ingress  = false
+    #   route_table_id             = module.route_tables["public"].route_table_id # If null, the VCN's default route table is used
+    #   alternative_route_table_name    = null # Optional, Name of the previously created route table
+    #   dhcp_options_id            = module.vcn.default_dhcp_options_id # If null, the VCN's default set of DHCP options is used
+    #   security_list_ids          = [module.security_lists["opensearch_security_list"].security_list_id] # If null, the VCN's default security list is used
+    #   extra_security_list_names  = [] # Optional, Names of the previously created security lists
+    #   ipv6cidr_block             = null # If null, no IPv6 CIDR block is assigned
+    # },
+  ]
+}