Skip to content

oke-rm 1.2.0 #2391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
martatolosa merged 1 commit into from
Jan 4, 2026
Merged

oke-rm 1.2.0 #2391

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions app-dev/devops-and-containers/oke/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,11 @@ Reviewed: 20.12.2023
- [OKE policies](./oke-policies/policies.md)

# Reusable Assets Overview


- [OKE Resource Manager QuickStart](https://github.com/oracle-devrel/technology-engineering/tree/main/app-dev/oke/oke-rm)
- [OKE GitOps Solution](https://github.com/oracle-devrel/technology-engineering/tree/main/app-dev/oke/oke-gitops)
- [OKE Node Packer Solution](https://github.com/oracle-devrel/technology-engineering/tree/main/app-dev/oke/oke-node-packer)
- [Cluster Api OCI](https://github.com/oracle-devrel/technology-engineering/tree/main/app-dev/oke/capoci)
- [Cloud Native QuickStart](https://github.com/alcampag/oci-cn-quickstart)

# License

Expand Down
4 changes: 2 additions & 2 deletions app-dev/devops-and-containers/oke/oke-rm/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,13 @@ This stack is used to create the initial network infrastructure for OKE. When co
* You can apply this stack even on an existing VCN, so that only the NSGs for OKE will be created
* The default CNI is the VCN Native CNI, and it is the recommended one

[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.1.9/infra.zip)
[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.2.0/infra.zip)

## Step 2: Create the OKE control plane

This stack is used to create the OKE control plane ONLY.

[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.1.9/oke.zip)
[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.2.0/oke.zip)

Also note that if the network infrastructure is located in a different compartment than the OKE cluster AND you are planning to use the OCI_VCN_NATIVE CNI,
you must add these policies:
Expand Down
Binary file modified app-dev/devops-and-containers/oke/oke-rm/infra/infra.zip
View file
Open in desktop
Binary file not shown.
26 changes: 13 additions & 13 deletions app-dev/devops-and-containers/oke/oke-rm/infra/local.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
locals {
# VCN_NATIVE_CNI internally it is mapped as npn
cni = var.cni_type == "vcn_native" ? "npn" : var.cni_type
cni = var.cni_type == "vcn_native" ? "npn" : var.cni_type
vcn_cidr_blocks = [var.vcn_cidr_block]
subnets = {
cidr = {
pod = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 1, 0) : null # e.g., "10.1.0.0/17"
worker = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 3, 4) : null # e.g., "10.1.128.0/19"
lb_external = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 160) : null # e.g., "10.1.160.0/24"
lb_internal = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 161) : null # e.g., "10.1.161.0/24"
fss = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 162) : null # e.g., "10.1.162.0/24"
bastion = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 13, 5216) : null # e.g., "10.1.163.0/29"
cp = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 13, 5217) : null # e.g., "10.1.163.8/29"
pod = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 1, 0) : null # e.g., "10.1.0.0/17"
worker = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 3, 4) : null # e.g., "10.1.128.0/19"
lb_external = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 160) : null # e.g., "10.1.160.0/24"
lb_internal = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 161) : null # e.g., "10.1.161.0/24"
fss = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 162) : null # e.g., "10.1.162.0/24"
bastion = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 13, 5216) : null # e.g., "10.1.163.0/29"
cp = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 13, 5217) : null # e.g., "10.1.163.8/29"
}
dns = {
pod = "pod"
worker = "worker"
pod = "pod"
worker = "worker"
lb_external = "lbext"
lb_internal = "lbint"
fss = "fss"
bastion = "bastion"
cp = "cp"
fss = "fss"
bastion = "bastion"
cp = "cp"
}
}
}
78 changes: 39 additions & 39 deletions app-dev/devops-and-containers/oke/oke-rm/infra/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,64 +1,64 @@

module "network" {
source = "./modules/network"
source = "./modules/network"
network_compartment_id = var.network_compartment_id
region = var.region
cni_type = local.cni
region = var.region
cni_type = local.cni
# VCN
create_vcn = var.create_vcn
vcn_id = var.vcn_id
vcn_name = var.vcn_name
create_vcn = var.create_vcn
vcn_id = var.vcn_id
vcn_name = var.vcn_name
vcn_cidr_blocks = local.vcn_cidr_blocks
vcn_dns_label = var.vcn_dns_label
vcn_dns_label = var.vcn_dns_label
# CP SUBNET
create_cp_subnet = var.create_cp_subnet
cp_subnet_cidr = local.subnets.cidr.cp
cp_subnet_dns_label = local.subnets.dns.cp
cp_subnet_name = var.cp_subnet_name
cp_subnet_private = var.cp_subnet_private
create_cp_subnet = var.create_cp_subnet
cp_subnet_cidr = local.subnets.cidr.cp
cp_subnet_dns_label = local.subnets.dns.cp
cp_subnet_name = var.cp_subnet_name
cp_subnet_private = var.cp_subnet_private
cp_allowed_source_cidr = var.cp_allowed_source_cidr
# LB SUBNETS
create_external_lb_subnet = var.create_external_lb_subnet
external_lb_cidr = local.subnets.cidr.lb_external
create_external_lb_subnet = var.create_external_lb_subnet
external_lb_cidr = local.subnets.cidr.lb_external
external_lb_subnet_dns_label = local.subnets.dns.lb_external
external_lb_subnet_name = var.external_lb_subnet_name
create_internal_lb_subnet = var.create_internal_lb_subnet
internal_lb_cidr = local.subnets.cidr.lb_internal
external_lb_subnet_name = var.external_lb_subnet_name
create_internal_lb_subnet = var.create_internal_lb_subnet
internal_lb_cidr = local.subnets.cidr.lb_internal
internal_lb_subnet_dns_label = local.subnets.dns.lb_internal
internal_lb_subnet_name = var.internal_lb_subnet_name
internal_lb_subnet_name = var.internal_lb_subnet_name
# WORKER SUBNET
create_worker_subnet = var.create_worker_subnet
worker_subnet_cidr = local.subnets.cidr.worker
create_worker_subnet = var.create_worker_subnet
worker_subnet_cidr = local.subnets.cidr.worker
worker_subnet_dns_label = local.subnets.dns.worker
worker_subnet_name = var.worker_subnet_name
worker_subnet_name = var.worker_subnet_name
# POD SUBNET
create_pod_subnet = var.create_pod_subnet
pod_subnet_cidr = local.subnets.cidr.pod
create_pod_subnet = var.create_pod_subnet
pod_subnet_cidr = local.subnets.cidr.pod
pod_subnet_dns_label = local.subnets.dns.pod
pod_subnet_name = var.pod_subnet_name
pod_subnet_name = var.pod_subnet_name
# BASTION SUBNET
create_bastion_subnet = var.create_bastion_subnet
bastion_subnet_cidr = local.subnets.cidr.bastion
create_bastion_subnet = var.create_bastion_subnet
bastion_subnet_cidr = local.subnets.cidr.bastion
bastion_subnet_dns_label = local.subnets.dns.bastion
bastion_subnet_name = var.bastion_subnet_name
bastion_subnet_private = var.bastion_subnet_private
bastion_subnet_name = var.bastion_subnet_name
bastion_subnet_private = var.bastion_subnet_private
# FSS SUBNET
create_fss = var.create_fss
fss_subnet_cidr = local.subnets.cidr.fss
create_fss = var.create_fss
fss_subnet_cidr = local.subnets.cidr.fss
fss_subnet_dns_label = local.subnets.dns.fss
fss_subnet_name = var.fss_subnet_name
fss_subnet_name = var.fss_subnet_name
# GATEWAYS
create_gateways = var.create_gateways
create_gateways = var.create_gateways
create_internet_gateway = var.create_internet_gateway
# CONTROL PLANE EXTERNAL CONNECTION
cp_external_nat = var.cp_external_nat
cp_external_nat = var.cp_external_nat
allow_external_cp_traffic = var.allow_external_cp_traffic
cp_egress_cidr = var.cp_egress_cidr
cp_egress_cidr = var.cp_egress_cidr
# DRG
enable_drg = var.enable_drg
create_drg = var.create_drg
drg_id = var.drg_id
drg_name = var.drg_name
enable_drg = var.enable_drg
create_drg = var.create_drg
drg_id = var.drg_id
drg_name = var.drg_name
create_drg_attachment = var.create_drg_attachment
peer_vcns = var.peer_vcns
peer_vcns = var.peer_vcns
}
6 changes: 3 additions & 3 deletions app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/drg.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
resource "oci_core_drg" "vcn_drg" {
compartment_id = var.network_compartment_id
display_name = var.drg_name
display_name = var.drg_name

count = local.create_drg ? 1 : 0
}

resource "oci_core_drg_attachment" "oke_drg_attachment" {
drg_id = local.drg_id
drg_id = local.drg_id
display_name = var.vcn_name

network_details {
id = local.vcn_id
id = local.vcn_id
type = "VCN"
}

Expand Down
10 changes: 5 additions & 5 deletions app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/gateways.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
resource "oci_core_service_gateway" "service_gateway" {
compartment_id = var.network_compartment_id
vcn_id = local.vcn_id
display_name = "SG"
display_name = "SG"
services {
service_id = lookup(data.oci_core_services.all_oci_services.services[0], "id")
}
Expand All @@ -11,13 +11,13 @@ resource "oci_core_service_gateway" "service_gateway" {
resource "oci_core_nat_gateway" "nat_gateway" {
compartment_id = var.network_compartment_id
vcn_id = local.vcn_id
display_name = "NAT"
count = local.create_gateways ? 1 : 0
display_name = "NAT"
count = local.create_gateways ? 1 : 0
}

resource "oci_core_internet_gateway" "internet_gateway" {
compartment_id = var.network_compartment_id
vcn_id = local.vcn_id
display_name = "IG"
count = local.create_internet_gateway ? 1 : 0
display_name = "IG"
count = local.create_internet_gateway ? 1 : 0
}
42 changes: 21 additions & 21 deletions app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/local.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,29 +1,29 @@
locals {
is_npn = var.cni_type == "npn"
create_pod_subnet = var.create_pod_subnet && local.is_npn && var.create_vcn
create_cp_subnet = var.create_cp_subnet && var.create_vcn
create_bastion_subnet = var.create_bastion_subnet && var.create_vcn
create_fss_subnet = var.create_fss && var.create_vcn
create_worker_subnet = var.create_worker_subnet && var.create_vcn
create_external_lb_subnet = var.create_external_lb_subnet && var.create_vcn
create_internal_lb_subnet = var.create_internal_lb_subnet && var.create_vcn
all_subnet_private = (var.cp_subnet_private || ! local.create_cp_subnet) && (! local.create_external_lb_subnet) && (var.bastion_subnet_private || ! var.create_bastion_subnet)
vcn_id = var.create_vcn ? oci_core_vcn.spoke_vcn.0.id : var.vcn_id
service_gateway_id = var.create_gateways ? oci_core_service_gateway.service_gateway.0.id : null
nat_gateway_id = var.create_gateways ? oci_core_nat_gateway.nat_gateway.0.id : null
cp_nat_mode = local.create_cp_subnet && var.cp_subnet_private && var.cp_external_nat
create_cp_external_traffic_rule = var.allow_external_cp_traffic && (! var.create_cp_subnet || (! var.cp_subnet_private || var.cp_external_nat))
is_npn = var.cni_type == "npn"
create_pod_subnet = var.create_pod_subnet && local.is_npn && var.create_vcn
create_cp_subnet = var.create_cp_subnet && var.create_vcn
create_bastion_subnet = var.create_bastion_subnet && var.create_vcn
create_fss_subnet = var.create_fss && var.create_vcn
create_worker_subnet = var.create_worker_subnet && var.create_vcn
create_external_lb_subnet = var.create_external_lb_subnet && var.create_vcn
create_internal_lb_subnet = var.create_internal_lb_subnet && var.create_vcn
all_subnet_private = (var.cp_subnet_private || !local.create_cp_subnet) && (!local.create_external_lb_subnet) && (var.bastion_subnet_private || !var.create_bastion_subnet)
vcn_id = var.create_vcn ? oci_core_vcn.spoke_vcn.0.id : var.vcn_id
service_gateway_id = var.create_gateways ? oci_core_service_gateway.service_gateway.0.id : null
nat_gateway_id = var.create_gateways ? oci_core_nat_gateway.nat_gateway.0.id : null
cp_nat_mode = local.create_cp_subnet && var.cp_subnet_private && var.cp_external_nat
create_cp_external_traffic_rule = var.allow_external_cp_traffic && (!var.create_cp_subnet || (!var.cp_subnet_private || var.cp_external_nat))

create_gateways = (var.create_gateways && ! var.create_vcn) || var.create_vcn
create_internet_gateway = (local.create_gateways && ! var.create_vcn && var.create_internet_gateway) || (var.create_vcn && ! local.all_subnet_private)
create_gateways = (var.create_gateways && !var.create_vcn) || var.create_vcn
create_internet_gateway = (local.create_gateways && !var.create_vcn && var.create_internet_gateway) || (var.create_vcn && !local.all_subnet_private)

create_drg = var.enable_drg && var.create_drg
create_drg = var.enable_drg && var.create_drg
create_drg_attachment = var.enable_drg && var.create_drg_attachment && var.create_vcn
drg_id = var.create_drg ? try(oci_core_drg.vcn_drg.0.id, null) : var.drg_id
drg_id = var.create_drg ? try(oci_core_drg.vcn_drg.0.id, null) : var.drg_id


tcp_protocol = "6"
icmp_protocol = "1"
udp_protocol = "17"
tcp_protocol = "6"
icmp_protocol = "1"
udp_protocol = "17"
service_cidr_block = lookup(data.oci_core_services.all_oci_services.services[0], "cidr_block")
}
Loading