fix: formatting. default value for grace eviction default and in example

hyder · hyder · commit 23a6c53575ba · 2023-03-23T09:58:36.000+11:00
Signed-off-by: Ali Mukadam &lt;ali.mukadam@oracle.com&gt;
diff --git a/locals.tf b/locals.tf
@@ -2,7 +2,7 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
 locals {
-  tenancy_id     = coalesce(var.tenancy_id, var.tenancy_ocid)
+  tenancy_id = coalesce(var.tenancy_id, var.tenancy_ocid)
   compartment_id = coalesce(
     var.compartment_id, var.compartment_ocid,
     var.tenancy_id, var.tenancy_ocid,
@@ -13,17 +13,17 @@ locals {
     var.api_private_key != ""
     ? try(base64decode(var.api_private_key), var.api_private_key)
     : var.api_private_key_path != ""
-      ? file(var.api_private_key_path)
-      : null)
+    ? file(var.api_private_key_path)
+  : null)
 
-  bastion_public_ip                      = var.create_bastion_host == true ? module.bastion[0].bastion_public_ip : var.bastion_public_ip != "" ? var.bastion_public_ip: ""
-  operator_private_ip                    = var.create_operator == true ? module.operator[0].operator_private_ip : var.operator_private_ip !="" ? var.operator_private_ip: ""
+  bastion_public_ip                      = var.create_bastion_host == true ? module.bastion[0].bastion_public_ip : var.bastion_public_ip != "" ? var.bastion_public_ip : ""
+  operator_private_ip                    = var.create_operator == true ? module.operator[0].operator_private_ip : var.operator_private_ip != "" ? var.operator_private_ip : ""
   operator_instance_principal_group_name = var.create_operator == true ? module.operator[0].operator_instance_principal_group_name : ""
 
   vcn_id       = var.create_vcn == true ? module.vcn[0].vcn_id : coalesce(var.vcn_id, try(data.oci_core_vcns.vcns[0].virtual_networks[0].id, ""))
   ig_route_id  = var.create_vcn == true ? module.vcn[0].ig_route_id : coalesce(var.ig_route_table_id, try(data.oci_core_route_tables.ig[0].route_tables[0].id, ""))
   nat_route_id = var.create_vcn == true ? module.vcn[0].nat_route_id : coalesce(var.nat_route_table_id, try(data.oci_core_route_tables.nat[0].route_tables[0].id, ""))
 
-  ssh_key_arg                            = var.ssh_private_key_path == "none" ? "" : " -i ${var.ssh_private_key_path}"
+  ssh_key_arg        = var.ssh_private_key_path == "none" ? "" : " -i ${var.ssh_private_key_path}"
   validate_drg_input = var.create_drg && (var.drg_id != null) ? tobool("[ERROR]: create_drg variable can not be true if drg_id is provided.]") : true
 }
diff --git a/main.tf b/main.tf
@@ -403,7 +403,7 @@ module "extensions" {
   vpa_version          = var.vpa_version
 
   #Gatekeeper
-  enable_gatekeeper   = var.enable_gatekeeper
+  enable_gatekeeper  = var.enable_gatekeeper
   gatekeeper_version = var.gatekeeper_version
 
   # service account
diff --git a/modules/oke/cluster.tf b/modules/oke/cluster.tf
@@ -13,7 +13,7 @@ resource "oci_containerengine_cluster" "k8s_cluster" {
   kubernetes_version = var.cluster_kubernetes_version
   kms_key_id         = var.use_cluster_encryption == true ? var.cluster_kms_key_id : null
   name               = var.label_prefix == "none" ? var.cluster_name : "${var.label_prefix}-${var.cluster_name}"
-  
+
   depends_on = [time_sleep.wait_30_seconds]
 
   cluster_pod_network_options {
@@ -43,17 +43,18 @@ resource "oci_containerengine_cluster" "k8s_cluster" {
     }
   }
 
-  freeform_tags = lookup(var.freeform_tags,"cluster",{})
-  defined_tags  = lookup(var.defined_tags,"cluster",{})
+  freeform_tags = lookup(var.freeform_tags, "cluster", {})
+  defined_tags  = lookup(var.defined_tags, "cluster", {})
 
   options {
     add_ons {
       is_kubernetes_dashboard_enabled = var.cluster_options_add_ons_is_kubernetes_dashboard_enabled
       is_tiller_enabled               = false
     }
 
+    //TODO: remove this option when the relevant Kubernetes version (v1.25) is no longer supported by OKE
     admission_controller_options {
-      is_pod_security_policy_enabled = lookup(var.admission_controller_options,"PodSecurityPolicy",false)
+      is_pod_security_policy_enabled = lookup(var.admission_controller_options, "PodSecurityPolicy", false)
     }
 
     kubernetes_network_config {
@@ -62,13 +63,13 @@ resource "oci_containerengine_cluster" "k8s_cluster" {
     }
 
     persistent_volume_config {
-      freeform_tags = lookup(var.freeform_tags,"persistent_volume",{})
-      defined_tags  = lookup(var.defined_tags,"persistent_volume",{})
+      freeform_tags = lookup(var.freeform_tags, "persistent_volume", {})
+      defined_tags  = lookup(var.defined_tags, "persistent_volume", {})
     }
 
     service_lb_config {
-      freeform_tags = lookup(var.freeform_tags,"service_lb",{})
-      defined_tags  = lookup(var.defined_tags,"service_lb",{})
+      freeform_tags = lookup(var.freeform_tags, "service_lb", {})
+      defined_tags  = lookup(var.defined_tags, "service_lb", {})
     }
 
     service_lb_subnet_ids = [var.cluster_subnets[local.lb_subnet]]
diff --git a/modules/oke/iam.tf b/modules/oke/iam.tf
@@ -33,11 +33,9 @@ resource "oci_identity_policy" "oke_kms" {
   description    = "policy to allow dynamic group ${var.label_prefix}-oke-kms-cluster to use KMS to encrypt etcd"
   depends_on     = [oci_identity_dynamic_group.oke_kms_cluster]
   name           = var.label_prefix == "none" ? "oke-kms" : "${var.label_prefix}-oke-kms"
+  statements = [local.cluster_kms_policy_statement]
 
-
-  statements     = [local.cluster_kms_policy_statement]
-
-  count          = var.use_cluster_encryption == true && var.create_policies == true ? 1 : 0
+  count = var.use_cluster_encryption == true && var.create_policies == true ? 1 : 0
 
 }
 
@@ -48,6 +46,6 @@ resource "oci_identity_policy" "oke_volume_kms" {
   name           = var.label_prefix == "none" ? "oke-volume-kms" : "${var.label_prefix}-oke-volume-kms"
   statements     = local.oke_volume_kms_policy_statements
 
-  count          = var.use_node_pool_volume_encryption == true && var.create_policies == true ? 1 : 0
+  count = var.use_node_pool_volume_encryption == true && var.create_policies == true ? 1 : 0
 
 }
diff --git a/modules/oke/locals.tf b/modules/oke/locals.tf
@@ -36,11 +36,11 @@ locals {
   # build a list  of nodepools to autoscale in the format expected by cluster autoscaler:
   # - --nodes:min:max:nodepool_id
   autoscaling_nodepools = [
-    for nodepool_name, nodepool_parameters in var.node_pools : { 
-      "name" = "${nodepool_name}", 
-      "node_pool_size" = "${nodepool_parameters.node_pool_size}", 
-      "max_node_pool_size" = "${lookup(nodepool_parameters,"max_node_pool_size",lookup(nodepool_parameters,"node_pool_size"))}", 
-      "id" = "${lookup(lookup(oci_containerengine_node_pool.nodepools, nodepool_name), "id")}"       
+    for nodepool_name, nodepool_parameters in var.node_pools : {
+      "name"               = "${nodepool_name}",
+      "node_pool_size"     = "${nodepool_parameters.node_pool_size}",
+      "max_node_pool_size" = "${lookup(nodepool_parameters, "max_node_pool_size", lookup(nodepool_parameters, "node_pool_size"))}",
+      "id"                 = "${lookup(lookup(oci_containerengine_node_pool.nodepools, nodepool_name), "id")}"
     } if !tobool(lookup(nodepool_parameters, "autoscale", false))
   ]
 }
diff --git a/modules/oke/nodepools.tf b/modules/oke/nodepools.tf
@@ -66,8 +66,8 @@ resource "oci_containerengine_node_pool" "nodepools" {
 
   node_eviction_node_pool_settings {
     #Optional
-    eviction_grace_duration              = format("PT%sM",lookup(each.value, "eviction_grace_duration", 0))
-    is_force_delete_after_grace_duration = lookup(each.value, "force_node_delete", true)
+    eviction_grace_duration              = format("PT%sM", lookup(each.value, "eviction_grace_duration", 0))
+    is_force_delete_after_grace_duration = tobool(lookup(each.value, "force_node_delete", true))
   }
 
   # setting shape
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -198,7 +198,7 @@ node_pools = {
   #  memory           = 32,
   #  node_pool_size   = 1,
   #  boot_volume_size = 150,
-  #  eviction_grace_duration = 2,
+  #  eviction_grace_duration = 0,  //Grade duration in minutes. Service default is 60.
   #  force_node_delete       = true  
   #}
   # # node pool with initial node labels
diff --git a/variables.tf b/variables.tf
@@ -174,7 +174,7 @@ variable "drg_display_name" {
   default     = "drg"
 }
 
-variable "drg_id"  {
+variable "drg_id" {
   description = "ID of an external created Dynamic Routing Gateway to be attached to the VCN"
   type        = string
   default     = null
@@ -694,7 +694,7 @@ variable "kubeproxy_mode" {
   }
 }
 variable "node_pools" {
-  default = {}
+  default     = {}
   description = "Tuple of node pools. Each key maps to a node pool. Each value is a tuple of shape (string),ocpus(number) , node_pool_size(number) and boot_volume_size(number)"
   type        = any
 }
@@ -936,7 +936,7 @@ variable "calico_mode" {
   validation {
     condition     = contains(["policy-only", "canal", "vxlan", "ipip", "flannel-migration"], var.calico_mode)
     error_message = "Accepted values are policy-only, canal, vxlan, ipip, or flannel-migration."
-  }  
+  }
 }
 
 variable "calico_mtu" {
@@ -965,8 +965,8 @@ variable "typha_enabled" {
 
 variable "typha_replicas" {
   description = "The number of replicas for the Typha deployment (0 = auto)"
-  default = 0
-  type    = number
+  default     = 0
+  type        = number
 }
 
 variable "calico_staging_dir" {

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ resource "oci_containerengine_cluster" "k8s_cluster" {`
`13`	`13`	`kubernetes_version = var.cluster_kubernetes_version`
`14`	`14`	`kms_key_id = var.use_cluster_encryption == true ? var.cluster_kms_key_id : null`
`15`	`15`	`name = var.label_prefix == "none" ? var.cluster_name : "${var.label_prefix}-${var.cluster_name}"`
`16`		`-`
	`16`	`+`
`17`	`17`	`depends_on = [time_sleep.wait_30_seconds]`
`18`	`18`
`19`	`19`	`cluster_pod_network_options {`
`@@ -43,17 +43,18 @@ resource "oci_containerengine_cluster" "k8s_cluster" {`
`43`	`43`	`}`
`44`	`44`	`}`
`45`	`45`
`46`		`- freeform_tags = lookup(var.freeform_tags,"cluster",{})`
`47`		`- defined_tags = lookup(var.defined_tags,"cluster",{})`
	`46`	`+ freeform_tags = lookup(var.freeform_tags, "cluster", {})`
	`47`	`+ defined_tags = lookup(var.defined_tags, "cluster", {})`
`48`	`48`
`49`	`49`	`options {`
`50`	`50`	`add_ons {`
`51`	`51`	`is_kubernetes_dashboard_enabled = var.cluster_options_add_ons_is_kubernetes_dashboard_enabled`
`52`	`52`	`is_tiller_enabled = false`
`53`	`53`	`}`
`54`	`54`
	`55`	`+ //TODO: remove this option when the relevant Kubernetes version (v1.25) is no longer supported by OKE`
`55`	`56`	`admission_controller_options {`
`56`		`- is_pod_security_policy_enabled = lookup(var.admission_controller_options,"PodSecurityPolicy",false)`
	`57`	`+ is_pod_security_policy_enabled = lookup(var.admission_controller_options, "PodSecurityPolicy", false)`
`57`	`58`	`}`
`58`	`59`
`59`	`60`	`kubernetes_network_config {`
`@@ -62,13 +63,13 @@ resource "oci_containerengine_cluster" "k8s_cluster" {`
`62`	`63`	`}`
`63`	`64`
`64`	`65`	`persistent_volume_config {`
`65`		`- freeform_tags = lookup(var.freeform_tags,"persistent_volume",{})`
`66`		`- defined_tags = lookup(var.defined_tags,"persistent_volume",{})`
	`66`	`+ freeform_tags = lookup(var.freeform_tags, "persistent_volume", {})`
	`67`	`+ defined_tags = lookup(var.defined_tags, "persistent_volume", {})`
`67`	`68`	`}`
`68`	`69`
`69`	`70`	`service_lb_config {`
`70`		`- freeform_tags = lookup(var.freeform_tags,"service_lb",{})`
`71`		`- defined_tags = lookup(var.defined_tags,"service_lb",{})`
	`71`	`+ freeform_tags = lookup(var.freeform_tags, "service_lb", {})`
	`72`	`+ defined_tags = lookup(var.defined_tags, "service_lb", {})`
`72`	`73`	`}`
`73`	`74`
`74`	`75`	`service_lb_subnet_ids = [var.cluster_subnets[local.lb_subnet]]`
Original file line number	Diff line number	Diff line change
`@@ -66,8 +66,8 @@ resource "oci_containerengine_node_pool" "nodepools" {`
`66`	`66`
`67`	`67`	`node_eviction_node_pool_settings {`
`68`	`68`	`#Optional`
`69`		`- eviction_grace_duration = format("PT%sM",lookup(each.value, "eviction_grace_duration", 0))`
`70`		`- is_force_delete_after_grace_duration = lookup(each.value, "force_node_delete", true)`
	`69`	`+ eviction_grace_duration = format("PT%sM", lookup(each.value, "eviction_grace_duration", 0))`
	`70`	`+ is_force_delete_after_grace_duration = tobool(lookup(each.value, "force_node_delete", true))`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`# setting shape`
Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,7 @@ variable "drg_display_name" {`
`174`	`174`	`default = "drg"`
`175`	`175`	`}`
`176`	`176`
`177`		`-variable "drg_id" {`
	`177`	`+variable "drg_id" {`
`178`	`178`	`description = "ID of an external created Dynamic Routing Gateway to be attached to the VCN"`
`179`	`179`	`type = string`
`180`	`180`	`default = null`
`@@ -694,7 +694,7 @@ variable "kubeproxy_mode" {`
`694`	`694`	`}`
`695`	`695`	`}`
`696`	`696`	`variable "node_pools" {`
`697`		`- default = {}`
	`697`	`+ default = {}`
`698`	`698`	`description = "Tuple of node pools. Each key maps to a node pool. Each value is a tuple of shape (string),ocpus(number) , node_pool_size(number) and boot_volume_size(number)"`
`699`	`699`	`type = any`
`700`	`700`	`}`
`@@ -936,7 +936,7 @@ variable "calico_mode" {`
`936`	`936`	`validation {`
`937`	`937`	`condition = contains(["policy-only", "canal", "vxlan", "ipip", "flannel-migration"], var.calico_mode)`
`938`	`938`	`error_message = "Accepted values are policy-only, canal, vxlan, ipip, or flannel-migration."`
`939`		`- }`
	`939`	`+ }`
`940`	`940`	`}`
`941`	`941`
`942`	`942`	`variable "calico_mtu" {`
`@@ -965,8 +965,8 @@ variable "typha_enabled" {`
`965`	`965`
`966`	`966`	`variable "typha_replicas" {`
`967`	`967`	`description = "The number of replicas for the Typha deployment (0 = auto)"`
`968`		`- default = 0`
`969`		`- type = number`
	`968`	`+ default = 0`
	`969`	`+ type = number`
`970`	`970`	`}`
`971`	`971`
`972`	`972`	`variable "calico_staging_dir" {`