diff --git a/Makefile b/Makefile index 77ce5e5..a4e307c 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ release: - @cd proxy; zip -q ../proxy-stack.zip schema.yaml *.tf; cd .. - @cd hub; zip -q ../hub-stack.zip schema.yaml *.tf; cd .. - @cd hub-apim; zip -q ../hub-apim-stack.zip schema.yaml *.tf; cd .. + @bash release.sh proxy + @bash release.sh hub + @bash release.sh hub-apim @ls -lh *.zip diff --git a/README.md b/README.md index d9842c8..0269569 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,12 @@ # oci-traefiklabs-stacks -To launch it locally, you'll need to set those env. variables: +To launch it locally, you'll need to go back to latest terraform version before license change: + +```sh +sudo apt-get install terraform=1.5.7-1 +``` + +and set those env. variables: ```sh export TF_VAR_user_ocid= diff --git a/hub-apim/provider.tf b/hub-apim/provider.tf index 9600d54..d9431f5 100644 --- a/hub-apim/provider.tf +++ b/hub-apim/provider.tf @@ -20,12 +20,24 @@ provider "oci" { region = var.region } +module "oke" { + source = "../oke" + count = var.oke_cluster_create ? 1 : 0 + + tenancy_ocid = var.tenancy_ocid + region = var.region + oke_display_name = var.oke_cluster_name + providers = { + oci = oci + } +} + data "oci_containerengine_cluster" "target" { - cluster_id = var.oke_cluster_id + cluster_id = var.oke_cluster_create ? module.oke[0].cluster_id : var.oke_cluster_id } data "oci_containerengine_cluster_kube_config" "target" { - cluster_id = var.oke_cluster_id + cluster_id = data.oci_containerengine_cluster.target.id } locals { @@ -42,8 +54,8 @@ provider "helm" { exec = { api_version = "client.authentication.k8s.io/v1beta1" command = "docker" - # args = ["run", "--rm", "-it", "-v", "/home/michel/.oci:/oracle/.oci", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", var.oke_cluster_id, "--region", var.region] - args = ["run", "--rm", "-t", "-u", "1101:1101", "-v", "/home/orm:/home/orm", "-e", "OCI_CLI_AUTH", "-e", "OCI_CLI_CONFIG_FILE", "-e", "OCI_CLI_CLOUD_SHELL", "-e", "OCI_CLI_USE_INSTANCE_METADATA_SERVICE", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", var.oke_cluster_id, "--region", var.region] + # args = ["run", "--rm", "-it", "-v", "/home/michel/.oci:/oracle/.oci", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", data.oci_containerengine_cluster.target.id, "--region", var.region] + args = ["run", "--rm", "-t", "-u", "1101:1101", "-v", "/home/orm:/home/orm", "-e", "OCI_CLI_AUTH", "-e", "OCI_CLI_CONFIG_FILE", "-e", "OCI_CLI_CLOUD_SHELL", "-e", "OCI_CLI_USE_INSTANCE_METADATA_SERVICE", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", data.oci_containerengine_cluster.target.id, "--region", var.region] } } } @@ -56,6 +68,6 @@ provider "kubernetes" { api_version = "client.authentication.k8s.io/v1beta1" command = "docker" # args = ["run", "--rm", "-it", "-v", "/home/michel/.oci:/oracle/.oci", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", var.oke_cluster_id, "--region", var.region] - args = ["run", "--rm", "-t", "-u", "1101:1101", "-v", "/home/orm:/home/orm", "-e", "OCI_CLI_AUTH", "-e", "OCI_CLI_CONFIG_FILE", "-e", "OCI_CLI_CLOUD_SHELL", "-e", "OCI_CLI_USE_INSTANCE_METADATA_SERVICE", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", var.oke_cluster_id, "--region", var.region] + args = ["run", "--rm", "-t", "-u", "1101:1101", "-v", "/home/orm:/home/orm", "-e", "OCI_CLI_AUTH", "-e", "OCI_CLI_CONFIG_FILE", "-e", "OCI_CLI_CLOUD_SHELL", "-e", "OCI_CLI_USE_INSTANCE_METADATA_SERVICE", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", data.oci_containerengine_cluster.target.id, "--region", var.region] } } diff --git a/hub-apim/schema.yaml b/hub-apim/schema.yaml index 1763fa4..b557b6f 100644 --- a/hub-apim/schema.yaml +++ b/hub-apim/schema.yaml @@ -34,9 +34,21 @@ variableGroups: - title: "OKE Configuration" variables: - - oke_cluster_id + - oke_cluster_create - oke_insecure + - title: "Create basic OKE" + variables: + - oke_cluster_name + visible: ${oke_cluster_create} + + - title: "Use existing OKE" + variables: + - oke_cluster_id + visible: + not: + - ${oke_cluster_create} + - title: "Chart Configuration" variables: - chart_create_namespace @@ -69,10 +81,22 @@ variables: oke_cluster_id: type: string - required: true title: OKE Cluster ID description: The Oracle Cloud ID of the OKE cluster + oke_cluster_create: + type: boolean + title: Create basic OKE Cluster + description: 3 nodes (VM.Standard.E3.Flex) / 2 OCPU / 4 GB RAM / latest OKE version + + oke_cluster_name: + type: string + title: Name of OKE Cluster to create + default: traefik-demo + minLength: 1 + maxLength: 25 + pattern: "^[a-z][a-zA-Z0-9-]+$" + oke_insecure: type: boolean title: Allow insecure connection diff --git a/hub-apim/variables.tf b/hub-apim/variables.tf index a1a9417..8ef9325 100644 --- a/hub-apim/variables.tf +++ b/hub-apim/variables.tf @@ -1,7 +1,18 @@ variable "tenancy_ocid" {} variable "region" {} -variable "oke_cluster_id" {} +variable "oke_cluster_id" { + type = string + default = "" +} +variable "oke_cluster_name" { + type = string + default = "traefik-demo" +} +variable "oke_cluster_create" { + type = bool + default = false +} variable "oke_insecure" { type = bool default = false @@ -10,20 +21,16 @@ variable "oke_insecure" { variable "chart_values" { type = string } - variable "chart_hub_token" { type = string sensitive = true } - variable "chart_hub_version" { type = string } - variable "chart_namespace" { type = string } - variable "chart_create_namespace" { type = bool default = false diff --git a/hub/provider.tf b/hub/provider.tf index 9600d54..8bdbdaf 100644 --- a/hub/provider.tf +++ b/hub/provider.tf @@ -20,12 +20,24 @@ provider "oci" { region = var.region } +module "oke" { + source = "../oke" + count = var.oke_cluster_create ? 1 : 0 + + tenancy_ocid = var.tenancy_ocid + region = var.region + oke_display_name = var.oke_cluster_name + providers = { + oci = oci + } +} + data "oci_containerengine_cluster" "target" { - cluster_id = var.oke_cluster_id + cluster_id = var.oke_cluster_create ? module.oke[0].cluster_id : var.oke_cluster_id } data "oci_containerengine_cluster_kube_config" "target" { - cluster_id = var.oke_cluster_id + cluster_id = data.oci_containerengine_cluster.target.id } locals { @@ -43,7 +55,7 @@ provider "helm" { api_version = "client.authentication.k8s.io/v1beta1" command = "docker" # args = ["run", "--rm", "-it", "-v", "/home/michel/.oci:/oracle/.oci", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", var.oke_cluster_id, "--region", var.region] - args = ["run", "--rm", "-t", "-u", "1101:1101", "-v", "/home/orm:/home/orm", "-e", "OCI_CLI_AUTH", "-e", "OCI_CLI_CONFIG_FILE", "-e", "OCI_CLI_CLOUD_SHELL", "-e", "OCI_CLI_USE_INSTANCE_METADATA_SERVICE", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", var.oke_cluster_id, "--region", var.region] + args = ["run", "--rm", "-t", "-u", "1101:1101", "-v", "/home/orm:/home/orm", "-e", "OCI_CLI_AUTH", "-e", "OCI_CLI_CONFIG_FILE", "-e", "OCI_CLI_CLOUD_SHELL", "-e", "OCI_CLI_USE_INSTANCE_METADATA_SERVICE", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", data.oci_containerengine_cluster.target.id, "--region", var.region] } } } @@ -55,7 +67,7 @@ provider "kubernetes" { exec { api_version = "client.authentication.k8s.io/v1beta1" command = "docker" - # args = ["run", "--rm", "-it", "-v", "/home/michel/.oci:/oracle/.oci", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", var.oke_cluster_id, "--region", var.region] - args = ["run", "--rm", "-t", "-u", "1101:1101", "-v", "/home/orm:/home/orm", "-e", "OCI_CLI_AUTH", "-e", "OCI_CLI_CONFIG_FILE", "-e", "OCI_CLI_CLOUD_SHELL", "-e", "OCI_CLI_USE_INSTANCE_METADATA_SERVICE", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", var.oke_cluster_id, "--region", var.region] + # args = ["run", "--rm", "-it", "-v", "/home/michel/.oci:/oracle/.oci", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", data.oci_containerengine_cluster.target.id, "--region", var.region] + args = ["run", "--rm", "-t", "-u", "1101:1101", "-v", "/home/orm:/home/orm", "-e", "OCI_CLI_AUTH", "-e", "OCI_CLI_CONFIG_FILE", "-e", "OCI_CLI_CLOUD_SHELL", "-e", "OCI_CLI_USE_INSTANCE_METADATA_SERVICE", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", data.oci_containerengine_cluster.target.id, "--region", var.region] } } diff --git a/hub/schema.yaml b/hub/schema.yaml index 0f9fa63..06d3739 100644 --- a/hub/schema.yaml +++ b/hub/schema.yaml @@ -34,9 +34,21 @@ variableGroups: - title: "OKE Configuration" variables: - - oke_cluster_id + - oke_cluster_create - oke_insecure + - title: "Create basic OKE" + variables: + - oke_cluster_name + visible: ${oke_cluster_create} + + - title: "Use existing OKE" + variables: + - oke_cluster_id + visible: + not: + - ${oke_cluster_create} + - title: "Chart Configuration" variables: - chart_create_namespace @@ -69,10 +81,22 @@ variables: oke_cluster_id: type: string - required: true title: OKE Cluster ID description: The Oracle Cloud ID of the OKE cluster + oke_cluster_create: + type: boolean + title: Create basic OKE Cluster + description: 3 nodes (VM.Standard.E3.Flex) / 2 OCPU / 4 GB RAM / latest OKE version + + oke_cluster_name: + type: string + title: Name of OKE Cluster to create + default: traefik-demo + minLength: 1 + maxLength: 25 + pattern: "^[a-z][a-zA-Z0-9-]+$" + oke_insecure: type: boolean title: Allow insecure connection diff --git a/hub/variables.tf b/hub/variables.tf index a1a9417..4842940 100644 --- a/hub/variables.tf +++ b/hub/variables.tf @@ -1,7 +1,18 @@ variable "tenancy_ocid" {} variable "region" {} -variable "oke_cluster_id" {} +variable "oke_cluster_id" { + type = string + default = "" +} +variable "oke_cluster_name" { + type = string + default = "traefik-demo" +} +variable "oke_cluster_create" { + type = bool + default = false +} variable "oke_insecure" { type = bool default = false @@ -10,7 +21,6 @@ variable "oke_insecure" { variable "chart_values" { type = string } - variable "chart_hub_token" { type = string sensitive = true diff --git a/oke/main.tf b/oke/main.tf new file mode 100644 index 0000000..4f67266 --- /dev/null +++ b/oke/main.tf @@ -0,0 +1,418 @@ +data "oci_containerengine_cluster_option" "current" { + cluster_option_id = "all" +} + +data "oci_core_services" "current" { +} + +data "oci_identity_availability_domain" "ad1" { + compartment_id = var.tenancy_ocid + ad_number = 1 +} + +data "oci_identity_availability_domain" "ad2" { + compartment_id = var.tenancy_ocid + ad_number = 2 +} + +data "oci_identity_availability_domain" "ad3" { + compartment_id = var.tenancy_ocid + ad_number = 3 +} + +data "oci_containerengine_node_pool_option" "current" { + node_pool_option_id = oci_containerengine_cluster.traefik-demo.id + compartment_id = var.tenancy_ocid +} + +locals { + kubernetes_version = reverse(data.oci_containerengine_cluster_option.current.kubernetes_versions)[0] + + oke_sources = data.oci_containerengine_node_pool_option.current.sources + + oracle_linux_images = [for source in local.oke_sources : source.image_id if length(regexall("Oracle-Linux-\\d+\\.\\d+-[0-9.]{10}-\\d+-OKE-${substr(local.kubernetes_version, 1, -1)}-[0-9]*", source.source_name)) > 0] + + image_id = local.oracle_linux_images[0] +} + +resource "oci_core_vcn" "traefik-demo" { + cidr_block = "10.0.0.0/16" + compartment_id = var.tenancy_ocid + display_name = var.oke_display_name + dns_label = "traefikdemo" +} + +resource "oci_core_internet_gateway" "traefik-demo" { + compartment_id = var.tenancy_ocid + display_name = var.oke_display_name + enabled = "true" + vcn_id = oci_core_vcn.traefik-demo.id +} + +resource "oci_core_nat_gateway" "traefik-demo" { + compartment_id = var.tenancy_ocid + display_name = var.oke_display_name + vcn_id = oci_core_vcn.traefik-demo.id +} + +resource "oci_core_service_gateway" "traefik-demo" { + compartment_id = var.tenancy_ocid + display_name = var.oke_display_name + services { + service_id = data.oci_core_services.current.services[1].id + } + vcn_id = oci_core_vcn.traefik-demo.id +} + +resource "oci_core_route_table" "traefik-demo" { + compartment_id = var.tenancy_ocid + display_name = "oke-private-${var.oke_display_name}" + route_rules { + description = "traffic to the internet" + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + network_entity_id = oci_core_nat_gateway.traefik-demo.id + } + route_rules { + description = "traffic to OCI services" + destination = "all-iad-services-in-oracle-services-network" + destination_type = "SERVICE_CIDR_BLOCK" + network_entity_id = oci_core_service_gateway.traefik-demo.id + } + vcn_id = oci_core_vcn.traefik-demo.id +} + +resource "oci_core_subnet" "svclb" { + cidr_block = "10.0.20.0/24" + compartment_id = var.tenancy_ocid + display_name = "oke-${var.oke_display_name}-svclb-regional" + dns_label = "lbsubde4f0e3f7" + prohibit_public_ip_on_vnic = "false" + route_table_id = oci_core_default_route_table.traefik-demo.id + security_list_ids = [oci_core_security_list.svclb.id] + vcn_id = oci_core_vcn.traefik-demo.id +} + +resource "oci_core_subnet" "nodes" { + cidr_block = "10.0.10.0/24" + compartment_id = var.tenancy_ocid + display_name = "oke-${var.oke_display_name}-nodesubnet-regional" + dns_label = "sub58536a37a" + prohibit_public_ip_on_vnic = "true" + route_table_id = oci_core_route_table.traefik-demo.id + security_list_ids = [oci_core_security_list.nodes.id] + vcn_id = oci_core_vcn.traefik-demo.id +} + +resource "oci_core_subnet" "kubernetes_api_endpoint" { + cidr_block = "10.0.0.0/28" + compartment_id = var.tenancy_ocid + display_name = "oke-${var.oke_display_name}-k8sApiEndpoint-regional" + dns_label = "subd14ec26fe" + prohibit_public_ip_on_vnic = "false" + route_table_id = oci_core_default_route_table.traefik-demo.id + security_list_ids = [oci_core_security_list.kubernetes_api_endpoint.id] + vcn_id = oci_core_vcn.traefik-demo.id +} + +resource "oci_core_default_route_table" "traefik-demo" { + display_name = "oke-public-${var.oke_display_name}" + route_rules { + description = "traffic to/from internet" + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + network_entity_id = oci_core_internet_gateway.traefik-demo.id + } + manage_default_resource_id = oci_core_vcn.traefik-demo.default_route_table_id +} + +resource "oci_core_security_list" "svclb" { + compartment_id = var.tenancy_ocid + display_name = "oke-svclb-${var.oke_display_name}" + vcn_id = oci_core_vcn.traefik-demo.id + + lifecycle { + ignore_changes = [ + egress_security_rules, + ingress_security_rules + ] + } +} + +resource "oci_core_security_list" "nodes" { + compartment_id = var.tenancy_ocid + display_name = "oke-nodes-${var.oke_display_name}" + egress_security_rules { + description = "Allow pods on one worker node to communicate with pods on other worker nodes" + destination = "10.0.10.0/24" + destination_type = "CIDR_BLOCK" + protocol = "all" + stateless = "false" + } + egress_security_rules { + description = "Access to Kubernetes API Endpoint" + destination = "10.0.0.0/28" + destination_type = "CIDR_BLOCK" + protocol = "6" + stateless = "false" + + tcp_options { + max = 6443 + min = 6443 + } + } + egress_security_rules { + description = "Kubernetes worker to control plane communication" + destination = "10.0.0.0/28" + destination_type = "CIDR_BLOCK" + protocol = "6" + stateless = "false" + tcp_options { + max = 12250 + min = 12250 + } + } + egress_security_rules { + description = "Path discovery" + destination = "10.0.0.0/28" + destination_type = "CIDR_BLOCK" + icmp_options { + code = "4" + type = "3" + } + protocol = "1" + stateless = "false" + } + egress_security_rules { + description = "Allow nodes to communicate with OKE to ensure correct start-up and continued functioning" + destination = "all-iad-services-in-oracle-services-network" + destination_type = "SERVICE_CIDR_BLOCK" + protocol = "6" + stateless = "false" + + tcp_options { + max = 443 + min = 443 + } + } + egress_security_rules { + description = "ICMP Access from Kubernetes Control Plane" + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + icmp_options { + code = "4" + type = "3" + } + protocol = "1" + stateless = "false" + } + egress_security_rules { + description = "Worker Nodes access to Internet" + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + protocol = "all" + stateless = "false" + } + ingress_security_rules { + description = "Allow pods on one worker node to communicate with pods on other worker nodes" + protocol = "all" + source = "10.0.10.0/24" + stateless = "false" + } + ingress_security_rules { + description = "Path discovery" + icmp_options { + code = "4" + type = "3" + } + protocol = "1" + source = "10.0.0.0/28" + stateless = "false" + } + ingress_security_rules { + description = "TCP access from Kubernetes Control Plane" + protocol = "6" + source = "10.0.0.0/28" + stateless = "false" + } + ingress_security_rules { + description = "Inbound SSH traffic to worker nodes" + protocol = "6" + source = "0.0.0.0/0" + stateless = "false" + tcp_options { + max = 22 + min = 22 + } + } + vcn_id = oci_core_vcn.traefik-demo.id + lifecycle { + ignore_changes = [ + egress_security_rules, + ingress_security_rules + ] + } +} + +resource "oci_core_security_list" "kubernetes_api_endpoint" { + compartment_id = var.tenancy_ocid + display_name = "oke-k8sApiEndpoint-${var.oke_display_name}" + + egress_security_rules { + description = "Allow Kubernetes Control Plane to communicate with OKE" + destination = "all-iad-services-in-oracle-services-network" + destination_type = "SERVICE_CIDR_BLOCK" + protocol = "6" + stateless = "false" + + tcp_options { + max = 443 + min = 443 + } + } + egress_security_rules { + description = "All traffic to worker nodes" + destination = "10.0.10.0/24" + destination_type = "CIDR_BLOCK" + protocol = "6" + stateless = "false" + } + egress_security_rules { + description = "Path discovery" + destination = "10.0.10.0/24" + destination_type = "CIDR_BLOCK" + icmp_options { + code = "4" + type = "3" + } + protocol = "1" + stateless = "false" + } + ingress_security_rules { + description = "External access to Kubernetes API endpoint" + protocol = "6" + source = "0.0.0.0/0" + stateless = "false" + + tcp_options { + max = 6443 + min = 6443 + } + } + ingress_security_rules { + description = "Kubernetes worker to Kubernetes API endpoint communication" + protocol = "6" + source = "10.0.10.0/24" + stateless = "false" + + tcp_options { + max = 6443 + min = 6443 + } + } + ingress_security_rules { + description = "Kubernetes worker to control plane communication" + protocol = "6" + source = "10.0.10.0/24" + stateless = "false" + + tcp_options { + max = 12250 + min = 12250 + } + } + ingress_security_rules { + description = "Path discovery" + icmp_options { + code = "4" + type = "3" + } + protocol = "1" + source = "10.0.10.0/24" + stateless = "false" + } + vcn_id = oci_core_vcn.traefik-demo.id +} + +resource "oci_containerengine_cluster" "traefik-demo" { + cluster_pod_network_options { + cni_type = "OCI_VCN_IP_NATIVE" + } + compartment_id = var.tenancy_ocid + endpoint_config { + is_public_ip_enabled = "true" + subnet_id = oci_core_subnet.kubernetes_api_endpoint.id + } + freeform_tags = { + "OKEclusterName" = var.oke_display_name + } + kubernetes_version = local.kubernetes_version + name = var.oke_display_name + options { + admission_controller_options { + is_pod_security_policy_enabled = "false" + } + persistent_volume_config { + freeform_tags = { + "OKEclusterName" = var.oke_display_name + } + } + service_lb_config { + freeform_tags = { + "OKEclusterName" = var.oke_display_name + } + } + service_lb_subnet_ids = [oci_core_subnet.svclb.id] + } + type = "ENHANCED_CLUSTER" # "BASIC_CLUSTER" + vcn_id = oci_core_vcn.traefik-demo.id +} + +resource "oci_containerengine_node_pool" "traefik-demo" { + cluster_id = oci_containerengine_cluster.traefik-demo.id + compartment_id = var.tenancy_ocid + freeform_tags = { + "OKEnodePoolName" = var.oke_display_name + } + initial_node_labels { + key = "name" + value = var.oke_display_name + } + kubernetes_version = local.kubernetes_version + name = var.oke_display_name + node_config_details { + freeform_tags = { + "OKEnodePoolName" = var.oke_display_name + } + node_pool_pod_network_option_details { + cni_type = "OCI_VCN_IP_NATIVE" + pod_subnet_ids = [oci_core_subnet.nodes.id] + } + placement_configs { + availability_domain = data.oci_identity_availability_domain.ad3.name + subnet_id = oci_core_subnet.nodes.id + } + placement_configs { + availability_domain = data.oci_identity_availability_domain.ad2.name + subnet_id = oci_core_subnet.nodes.id + } + placement_configs { + availability_domain = data.oci_identity_availability_domain.ad1.name + subnet_id = oci_core_subnet.nodes.id + } + size = var.oke_nodes_count + } + node_eviction_node_pool_settings { + eviction_grace_duration = "PT5M" + is_force_delete_after_grace_duration = true + } + node_shape = var.node_shape + node_shape_config { + memory_in_gbs = var.oke_nodes_mem_in_gb + ocpus = var.oke_nodes_cpu + } + node_source_details { + image_id = local.image_id + source_type = "IMAGE" + } +} diff --git a/oke/output.tf b/oke/output.tf new file mode 100644 index 0000000..c41c63a --- /dev/null +++ b/oke/output.tf @@ -0,0 +1,19 @@ +output "latest_k8s_version" { + value = local.kubernetes_version +} + +data "oci_core_image" "oke" { + image_id = local.image_id +} + +output "image_name" { + value = data.oci_core_image.oke.display_name +} + +output "image_id" { + value = local.image_id +} + +output "cluster_id" { + value = oci_containerengine_cluster.traefik-demo.id +} diff --git a/oke/provider.tf b/oke/provider.tf new file mode 100644 index 0000000..9ec47c7 --- /dev/null +++ b/oke/provider.tf @@ -0,0 +1,15 @@ +terraform { + required_version = "~> 1.5.0, < 1.12" + + required_providers { + oci = { + source = "oracle/oci" + version = "6.30.0" + } + } +} + +# provider "oci" { +# tenancy_ocid = var.tenancy_ocid +# region = var.region +# } diff --git a/oke/variables.tf b/oke/variables.tf new file mode 100644 index 0000000..8911e15 --- /dev/null +++ b/oke/variables.tf @@ -0,0 +1,26 @@ +variable "tenancy_ocid" {} +variable "region" {} + +variable "oke_display_name" { + default = "traefik-demo" +} + +variable "node_shape" { + type = string + default = "VM.Standard.E3.Flex" +} + +variable "oke_nodes_count" { + type = string + default = "3" +} + +variable "oke_nodes_cpu" { + type = string + default = "2" +} + +variable "oke_nodes_mem_in_gb" { + type = string + default = "4" +} diff --git a/proxy/main.tf b/proxy/main.tf index 067f0a4..a08ec3e 100644 --- a/proxy/main.tf +++ b/proxy/main.tf @@ -18,7 +18,7 @@ data "helm_template" "traefik" { chart = "traefik" namespace = var.chart_namespace - values = [var.chart_values] + values = [var.chart_values] # As of v3.0.0-pre2, the data source requires this kube_version to be set. # Otherwise, it believes we are on k8s v1.20. diff --git a/proxy/provider.tf b/proxy/provider.tf index d7af410..240968b 100644 --- a/proxy/provider.tf +++ b/proxy/provider.tf @@ -18,13 +18,24 @@ provider "oci" { region = var.region } +module "oke" { + source = "../oke" + count = var.oke_cluster_create ? 1 : 0 + + tenancy_ocid = var.tenancy_ocid + region = var.region + oke_display_name = var.oke_cluster_name + providers = { + oci = oci + } +} data "oci_containerengine_cluster" "target" { - cluster_id = var.oke_cluster_id + cluster_id = var.oke_cluster_create ? module.oke[0].cluster_id : var.oke_cluster_id } data "oci_containerengine_cluster_kube_config" "target" { - cluster_id = var.oke_cluster_id + cluster_id = data.oci_containerengine_cluster.target.id } locals { @@ -41,8 +52,8 @@ provider "helm" { exec = { api_version = "client.authentication.k8s.io/v1beta1" command = "docker" - args = ["run", "--rm", "-it", "-v", "/home/michel/.oci:/oracle/.oci", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", var.oke_cluster_id, "--region", var.region] - # args = ["run", "--rm", "-t", "-u", "1101:1101", "-v", "/home/orm:/home/orm", "-e", "OCI_CLI_AUTH", "-e", "OCI_CLI_CONFIG_FILE", "-e", "OCI_CLI_CLOUD_SHELL", "-e", "OCI_CLI_USE_INSTANCE_METADATA_SERVICE", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", var.oke_cluster_id, "--region", var.region] + # args = ["run", "--rm", "-t", "-v", "/home/michel/.oci:/oracle/.oci", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", data.oci_containerengine_cluster.target.id, "--region", var.region] + args = ["run", "--rm", "-t", "-u", "1101:1101", "-v", "/home/orm:/home/orm", "-e", "OCI_CLI_AUTH", "-e", "OCI_CLI_CONFIG_FILE", "-e", "OCI_CLI_CLOUD_SHELL", "-e", "OCI_CLI_USE_INSTANCE_METADATA_SERVICE", "ghcr.io/oracle/oci-cli", "ce", "cluster", "generate-token", "--cluster-id", data.oci_containerengine_cluster.target.id, "--region", var.region] } } } diff --git a/proxy/schema.yaml b/proxy/schema.yaml index 015a30e..60c512d 100644 --- a/proxy/schema.yaml +++ b/proxy/schema.yaml @@ -26,6 +26,7 @@ variableGroups: #"variables used internally - not exposed to end user" - tenancy_ocid - region + - marketplace_source_images - mp_listing_id - mp_listing_resource_id - mp_listing_resource_version @@ -33,9 +34,21 @@ variableGroups: - title: "OKE Configuration" variables: - - oke_cluster_id + - oke_cluster_create - oke_insecure + - title: "Create basic OKE" + variables: + - oke_cluster_name + visible: ${oke_cluster_create} + + - title: "Use existing OKE" + variables: + - oke_cluster_id + visible: + not: + - ${oke_cluster_create} + - title: "Chart Configuration" variables: - chart_namespace @@ -65,10 +78,22 @@ variables: oke_cluster_id: type: string - required: true title: OKE Cluster ID description: The ID of the OKE cluster + oke_cluster_create: + type: boolean + title: Create basic OKE Cluster + description: 3 nodes (VM.Standard.E3.Flex) / 2 OCPU / 4 GB RAM / latest OKE version + + oke_cluster_name: + type: string + title: Name of OKE Cluster to create + default: traefik-demo + minLength: 1 + maxLength: 25 + pattern: "^[a-z][a-zA-Z0-9-]+$" + oke_insecure: type: boolean title: Allow insecure connection diff --git a/proxy/variables.tf b/proxy/variables.tf index 39f21b6..93dcd34 100644 --- a/proxy/variables.tf +++ b/proxy/variables.tf @@ -1,8 +1,18 @@ variable "tenancy_ocid" {} variable "region" {} -variable "oke_cluster_id" {} - +variable "oke_cluster_id" { + type = string + default = "" +} +variable "oke_cluster_name" { + type = string + default = "traefik-demo" +} +variable "oke_cluster_create" { + type = bool + default = false +} variable "oke_insecure" { type = bool default = false diff --git a/release.sh b/release.sh new file mode 100755 index 0000000..f28cce0 --- /dev/null +++ b/release.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +TARGET="$1" + +cd "${TARGET}" +sed -i -e 's#source = "../oke"#source = "./oke"#g' provider.tf +mkdir oke +cp ../oke/*.tf oke/ +zip -q "../${TARGET}-stack.zip" schema.yaml *.tf oke/*.tf +rm -rf oke/ +sed -i -e 's#source = "./oke"#source = "../oke"#g' provider.tf +cd ..