Merge pull request #2391 from oracle-devrel/oke-rm

oke-rm 1.2.0

Author: martatolosa

app-dev/devops-and-containers/oke/README.md

@@ -54,9 +54,11 @@ Reviewed: 20.12.2023
 - [OKE policies](./oke-policies/policies.md)
 
 # Reusable Assets Overview
- 
+
+- [OKE Resource Manager QuickStart](https://github.com/oracle-devrel/technology-engineering/tree/main/app-dev/oke/oke-rm)
+- [OKE GitOps Solution](https://github.com/oracle-devrel/technology-engineering/tree/main/app-dev/oke/oke-gitops)
+- [OKE Node Packer Solution](https://github.com/oracle-devrel/technology-engineering/tree/main/app-dev/oke/oke-node-packer)
 - [Cluster Api OCI](https://github.com/oracle-devrel/technology-engineering/tree/main/app-dev/oke/capoci)
-- [Cloud Native QuickStart](https://github.com/alcampag/oci-cn-quickstart)
 
 # License
 

app-dev/devops-and-containers/oke/oke-rm/README.md

@@ -17,13 +17,13 @@ This stack is used to create the initial network infrastructure for OKE. When co
 * You can apply this stack even on an existing VCN, so that only the NSGs for OKE will be created
 * The default CNI is the VCN Native CNI, and it is the recommended one
 
-[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.1.9/infra.zip)
+[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.2.0/infra.zip)
 
 ## Step 2: Create the OKE control plane
 
 This stack is used to create the OKE control plane ONLY.
 
-[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.1.9/oke.zip)
+[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.2.0/oke.zip)
 
 Also note that if the network infrastructure is located in a different compartment than the OKE cluster AND you are planning to use the OCI_VCN_NATIVE CNI,
 you must add these policies:

app-dev/devops-and-containers/oke/oke-rm/infra/infra.zip

@@ -1,25 +1,25 @@
 locals {
   # VCN_NATIVE_CNI internally it is mapped as npn
-  cni = var.cni_type == "vcn_native" ? "npn" : var.cni_type
+  cni             = var.cni_type == "vcn_native" ? "npn" : var.cni_type
   vcn_cidr_blocks = [var.vcn_cidr_block]
   subnets = {
     cidr = {
-      pod           = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 1, 0) : null       # e.g., "10.1.0.0/17"
-      worker        = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 3, 4) : null       # e.g., "10.1.128.0/19"
-      lb_external   = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 160) : null     # e.g., "10.1.160.0/24"
-      lb_internal   = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 161) : null     # e.g., "10.1.161.0/24"
-      fss           = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 162) : null     # e.g., "10.1.162.0/24"
-      bastion       = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 13, 5216) : null   # e.g., "10.1.163.0/29"
-      cp            = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 13, 5217) : null   # e.g., "10.1.163.8/29"
+      pod         = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 1, 0) : null     # e.g., "10.1.0.0/17"
+      worker      = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 3, 4) : null     # e.g., "10.1.128.0/19"
+      lb_external = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 160) : null   # e.g., "10.1.160.0/24"
+      lb_internal = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 161) : null   # e.g., "10.1.161.0/24"
+      fss         = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 162) : null   # e.g., "10.1.162.0/24"
+      bastion     = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 13, 5216) : null # e.g., "10.1.163.0/29"
+      cp          = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 13, 5217) : null # e.g., "10.1.163.8/29"
     }
     dns = {
-      pod = "pod"
-      worker = "worker"
+      pod         = "pod"
+      worker      = "worker"
       lb_external = "lbext"
       lb_internal = "lbint"
-      fss = "fss"
-      bastion = "bastion"
-      cp = "cp"
+      fss         = "fss"
+      bastion     = "bastion"
+      cp          = "cp"
     }
   }
 }

app-dev/devops-and-containers/oke/oke-rm/infra/local.tf

@@ -1,64 +1,64 @@
 
 module "network" {
-  source = "./modules/network"
+  source                 = "./modules/network"
   network_compartment_id = var.network_compartment_id
-  region = var.region
-  cni_type = local.cni
+  region                 = var.region
+  cni_type               = local.cni
   # VCN
-  create_vcn = var.create_vcn
-  vcn_id = var.vcn_id
-  vcn_name = var.vcn_name
+  create_vcn      = var.create_vcn
+  vcn_id          = var.vcn_id
+  vcn_name        = var.vcn_name
   vcn_cidr_blocks = local.vcn_cidr_blocks
-  vcn_dns_label = var.vcn_dns_label
+  vcn_dns_label   = var.vcn_dns_label
   # CP SUBNET
-  create_cp_subnet = var.create_cp_subnet
-  cp_subnet_cidr = local.subnets.cidr.cp
-  cp_subnet_dns_label = local.subnets.dns.cp
-  cp_subnet_name = var.cp_subnet_name
-  cp_subnet_private = var.cp_subnet_private
+  create_cp_subnet       = var.create_cp_subnet
+  cp_subnet_cidr         = local.subnets.cidr.cp
+  cp_subnet_dns_label    = local.subnets.dns.cp
+  cp_subnet_name         = var.cp_subnet_name
+  cp_subnet_private      = var.cp_subnet_private
   cp_allowed_source_cidr = var.cp_allowed_source_cidr
   # LB SUBNETS
-  create_external_lb_subnet = var.create_external_lb_subnet
-  external_lb_cidr = local.subnets.cidr.lb_external
+  create_external_lb_subnet    = var.create_external_lb_subnet
+  external_lb_cidr             = local.subnets.cidr.lb_external
   external_lb_subnet_dns_label = local.subnets.dns.lb_external
-  external_lb_subnet_name = var.external_lb_subnet_name
-  create_internal_lb_subnet = var.create_internal_lb_subnet
-  internal_lb_cidr = local.subnets.cidr.lb_internal
+  external_lb_subnet_name      = var.external_lb_subnet_name
+  create_internal_lb_subnet    = var.create_internal_lb_subnet
+  internal_lb_cidr             = local.subnets.cidr.lb_internal
   internal_lb_subnet_dns_label = local.subnets.dns.lb_internal
-  internal_lb_subnet_name = var.internal_lb_subnet_name
+  internal_lb_subnet_name      = var.internal_lb_subnet_name
   # WORKER SUBNET
-  create_worker_subnet = var.create_worker_subnet
-  worker_subnet_cidr = local.subnets.cidr.worker
+  create_worker_subnet    = var.create_worker_subnet
+  worker_subnet_cidr      = local.subnets.cidr.worker
   worker_subnet_dns_label = local.subnets.dns.worker
-  worker_subnet_name = var.worker_subnet_name
+  worker_subnet_name      = var.worker_subnet_name
   # POD SUBNET
-  create_pod_subnet = var.create_pod_subnet
-  pod_subnet_cidr = local.subnets.cidr.pod
+  create_pod_subnet    = var.create_pod_subnet
+  pod_subnet_cidr      = local.subnets.cidr.pod
   pod_subnet_dns_label = local.subnets.dns.pod
-  pod_subnet_name = var.pod_subnet_name
+  pod_subnet_name      = var.pod_subnet_name
   # BASTION SUBNET
-  create_bastion_subnet = var.create_bastion_subnet
-  bastion_subnet_cidr = local.subnets.cidr.bastion
+  create_bastion_subnet    = var.create_bastion_subnet
+  bastion_subnet_cidr      = local.subnets.cidr.bastion
   bastion_subnet_dns_label = local.subnets.dns.bastion
-  bastion_subnet_name = var.bastion_subnet_name
-  bastion_subnet_private = var.bastion_subnet_private
+  bastion_subnet_name      = var.bastion_subnet_name
+  bastion_subnet_private   = var.bastion_subnet_private
   # FSS SUBNET
-  create_fss = var.create_fss
-  fss_subnet_cidr = local.subnets.cidr.fss
+  create_fss           = var.create_fss
+  fss_subnet_cidr      = local.subnets.cidr.fss
   fss_subnet_dns_label = local.subnets.dns.fss
-  fss_subnet_name = var.fss_subnet_name
+  fss_subnet_name      = var.fss_subnet_name
   # GATEWAYS
-  create_gateways = var.create_gateways
+  create_gateways         = var.create_gateways
   create_internet_gateway = var.create_internet_gateway
   # CONTROL PLANE EXTERNAL CONNECTION
-  cp_external_nat = var.cp_external_nat
+  cp_external_nat           = var.cp_external_nat
   allow_external_cp_traffic = var.allow_external_cp_traffic
-  cp_egress_cidr = var.cp_egress_cidr
+  cp_egress_cidr            = var.cp_egress_cidr
   # DRG
-  enable_drg = var.enable_drg
-  create_drg = var.create_drg
-  drg_id = var.drg_id
-  drg_name = var.drg_name
+  enable_drg            = var.enable_drg
+  create_drg            = var.create_drg
+  drg_id                = var.drg_id
+  drg_name              = var.drg_name
   create_drg_attachment = var.create_drg_attachment
-  peer_vcns = var.peer_vcns
+  peer_vcns             = var.peer_vcns
 }

app-dev/devops-and-containers/oke/oke-rm/infra/main.tf

@@ -1,16 +1,16 @@
 resource "oci_core_drg" "vcn_drg" {
   compartment_id = var.network_compartment_id
-  display_name = var.drg_name
+  display_name   = var.drg_name
 
   count = local.create_drg ? 1 : 0
 }
 
 resource "oci_core_drg_attachment" "oke_drg_attachment" {
-  drg_id = local.drg_id
+  drg_id       = local.drg_id
   display_name = var.vcn_name
 
   network_details {
-    id = local.vcn_id
+    id   = local.vcn_id
     type = "VCN"
   }
 

app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/drg.tf

@@ -1,7 +1,7 @@
 resource "oci_core_service_gateway" "service_gateway" {
   compartment_id = var.network_compartment_id
   vcn_id         = local.vcn_id
-  display_name = "SG"
+  display_name   = "SG"
   services {
     service_id = lookup(data.oci_core_services.all_oci_services.services[0], "id")
   }
@@ -11,13 +11,13 @@ resource "oci_core_service_gateway" "service_gateway" {
 resource "oci_core_nat_gateway" "nat_gateway" {
   compartment_id = var.network_compartment_id
   vcn_id         = local.vcn_id
-  display_name = "NAT"
-  count = local.create_gateways ? 1 : 0
+  display_name   = "NAT"
+  count          = local.create_gateways ? 1 : 0
 }
 
 resource "oci_core_internet_gateway" "internet_gateway" {
   compartment_id = var.network_compartment_id
   vcn_id         = local.vcn_id
-  display_name = "IG"
-  count = local.create_internet_gateway ? 1 : 0
+  display_name   = "IG"
+  count          = local.create_internet_gateway ? 1 : 0
 }

app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/gateways.tf

@@ -1,29 +1,29 @@
 locals {
-  is_npn = var.cni_type == "npn"
-  create_pod_subnet = var.create_pod_subnet && local.is_npn && var.create_vcn
-  create_cp_subnet = var.create_cp_subnet && var.create_vcn
-  create_bastion_subnet = var.create_bastion_subnet && var.create_vcn
-  create_fss_subnet = var.create_fss && var.create_vcn
-  create_worker_subnet = var.create_worker_subnet && var.create_vcn
-  create_external_lb_subnet = var.create_external_lb_subnet && var.create_vcn
-  create_internal_lb_subnet = var.create_internal_lb_subnet && var.create_vcn
-  all_subnet_private = (var.cp_subnet_private || ! local.create_cp_subnet) && (! local.create_external_lb_subnet) && (var.bastion_subnet_private || ! var.create_bastion_subnet)
-  vcn_id = var.create_vcn ? oci_core_vcn.spoke_vcn.0.id : var.vcn_id
-  service_gateway_id = var.create_gateways ? oci_core_service_gateway.service_gateway.0.id : null
-  nat_gateway_id = var.create_gateways ? oci_core_nat_gateway.nat_gateway.0.id : null
-  cp_nat_mode = local.create_cp_subnet && var.cp_subnet_private && var.cp_external_nat
-  create_cp_external_traffic_rule = var.allow_external_cp_traffic && (! var.create_cp_subnet || (! var.cp_subnet_private || var.cp_external_nat))
+  is_npn                          = var.cni_type == "npn"
+  create_pod_subnet               = var.create_pod_subnet && local.is_npn && var.create_vcn
+  create_cp_subnet                = var.create_cp_subnet && var.create_vcn
+  create_bastion_subnet           = var.create_bastion_subnet && var.create_vcn
+  create_fss_subnet               = var.create_fss && var.create_vcn
+  create_worker_subnet            = var.create_worker_subnet && var.create_vcn
+  create_external_lb_subnet       = var.create_external_lb_subnet && var.create_vcn
+  create_internal_lb_subnet       = var.create_internal_lb_subnet && var.create_vcn
+  all_subnet_private              = (var.cp_subnet_private || !local.create_cp_subnet) && (!local.create_external_lb_subnet) && (var.bastion_subnet_private || !var.create_bastion_subnet)
+  vcn_id                          = var.create_vcn ? oci_core_vcn.spoke_vcn.0.id : var.vcn_id
+  service_gateway_id              = var.create_gateways ? oci_core_service_gateway.service_gateway.0.id : null
+  nat_gateway_id                  = var.create_gateways ? oci_core_nat_gateway.nat_gateway.0.id : null
+  cp_nat_mode                     = local.create_cp_subnet && var.cp_subnet_private && var.cp_external_nat
+  create_cp_external_traffic_rule = var.allow_external_cp_traffic && (!var.create_cp_subnet || (!var.cp_subnet_private || var.cp_external_nat))
 
-  create_gateways = (var.create_gateways && ! var.create_vcn) || var.create_vcn
-  create_internet_gateway = (local.create_gateways && ! var.create_vcn && var.create_internet_gateway) || (var.create_vcn && ! local.all_subnet_private)
+  create_gateways         = (var.create_gateways && !var.create_vcn) || var.create_vcn
+  create_internet_gateway = (local.create_gateways && !var.create_vcn && var.create_internet_gateway) || (var.create_vcn && !local.all_subnet_private)
 
-  create_drg = var.enable_drg && var.create_drg
+  create_drg            = var.enable_drg && var.create_drg
   create_drg_attachment = var.enable_drg && var.create_drg_attachment && var.create_vcn
-  drg_id = var.create_drg ? try(oci_core_drg.vcn_drg.0.id, null) : var.drg_id
+  drg_id                = var.create_drg ? try(oci_core_drg.vcn_drg.0.id, null) : var.drg_id
 
 
-  tcp_protocol = "6"
-  icmp_protocol = "1"
-  udp_protocol = "17"
+  tcp_protocol       = "6"
+  icmp_protocol      = "1"
+  udp_protocol       = "17"
   service_cidr_block = lookup(data.oci_core_services.all_oci_services.services[0], "cidr_block")
 }