Merge pull request #1 from oracle-quickstart/bugfix/lb-sec-lists

fix issue on lb sec-lists

Author: streamnsight

network.tf

@@ -4,8 +4,7 @@
 locals {
   subnet_cidrs            = cidrsubnets(var.vcn_cidr, 12, 8, 4, 4, 4) # API + 1 LB + 3 node pools
   api_subnet_cidr         = element(local.subnet_cidrs, 0)
-  public_lb_subnet_cidr   = element(local.subnet_cidrs, 1)
-  lb_subnets_cidrs        = element(local.subnet_cidrs, 2) # [for k, v in zipmap(slice(local.subnet_cidrs, 1, 3), [var.allow_deploy_public_lb, var.allow_deploy_private_lb]) : k if v]
+  lb_subnet_cidr          = element(local.subnet_cidrs, 1)
   node_pool_subnets_cidrs = slice(local.subnet_cidrs, 2, 5)
   ADs                     = data.oci_identity_availability_domains.ADs.availability_domains.*.name
 }
@@ -337,7 +336,7 @@ resource "oci_core_security_list" "oke_nodepool_lb_comm_sec_list" {
     description      = "TCP to LBs"
     protocol         = "6"
     destination_type = "CIDR_BLOCK"
-    destination      = local.lb_subnets_cidrs
+    destination      = local.lb_subnet_cidr
     stateless        = false
     # }
   }
@@ -348,7 +347,7 @@ resource "oci_core_security_list" "oke_nodepool_lb_comm_sec_list" {
     # content {
     description = "TCP from LBs"
     protocol    = "6"
-    source      = local.lb_subnets_cidrs
+    source      = local.lb_subnet_cidr
     stateless   = false
     # }
   }
@@ -371,18 +370,18 @@ resource "oci_core_subnet" "oke_api_endpoint_subnet" {
   defined_tags               = var.vcn_tags
 }
 
-resource "oci_core_subnet" "oke_public_lb_subnet" {
-  count               = (var.use_existing_vcn && !var.allow_deploy_public_lb) ? 0 : 1
-  cidr_block          = local.public_lb_subnet_cidr
+resource "oci_core_subnet" "oke_lb_subnet" {
+  count               = (var.use_existing_vcn) ? 0 : 1
+  cidr_block          = local.lb_subnet_cidr
   compartment_id      = var.vcn_compartment_id
   availability_domain = null
   vcn_id              = oci_core_vcn.oke_vcn[0].id
   dns_label           = "lb"
-  display_name        = "Services Public LBs Subnet"
+  display_name        = "Services LBs Subnet"
 
   security_list_ids          = [oci_core_vcn.oke_vcn[0].default_security_list_id]
   route_table_id             = oci_core_route_table.oke_rt_via_igw[0].id
-  prohibit_public_ip_on_vnic = false
+  prohibit_public_ip_on_vnic = !var.allow_deploy_public_lb
   defined_tags               = var.vcn_tags
 }
 

oke_cluster.tf

@@ -33,7 +33,7 @@ resource "oci_containerengine_cluster" "oci_oke_cluster" {
 
   options {
     # service_lb_subnet_ids = var.use_existing_vcn ? [for k, v in zipmap([var.public_lb_subnet, var.private_lb_subnet], [var.allow_deploy_public_lb, var.allow_deploy_private_lb]) : k if v] : [for k, v in zipmap([oci_core_subnet.oke_public_lb_subnet[0].id, oci_core_subnet.oke_private_lb_subnet[0].id], [var.allow_deploy_public_lb, var.allow_deploy_private_lb]) : k if v]
-    service_lb_subnet_ids = var.allow_deploy_public_lb ? (var.use_existing_vcn ? [var.public_lb_subnet] : [oci_core_subnet.oke_public_lb_subnet[0].id]) : []
+    service_lb_subnet_ids = var.use_existing_vcn ? [var.public_lb_subnet] : [oci_core_subnet.oke_lb_subnet[0].id]
 
     add_ons {
       is_kubernetes_dashboard_enabled = var.cluster_options_add_ons_is_kubernetes_dashboard_enabled

oke_node_pools.tf

@@ -58,7 +58,7 @@ resource "oci_containerengine_node_pool" "oci_oke_node_pool" {
   cluster_id         = oci_containerengine_cluster.oci_oke_cluster.id
   compartment_id     = var.cluster_compartment_id
   kubernetes_version = var.kubernetes_version != "" ? var.kubernetes_version : reverse(data.oci_containerengine_cluster_option.cluster_options.kubernetes_versions)[0]
-  name               = "${local.node_pools[count.index]["node_shape"]} Node Pool"
+  name               = "${local.node_pools[count.index]["node_shape"]}_Node_Pool"
   node_shape         = local.node_pools[count.index]["node_shape"]
 
   #   initial_node_labels {