updated base module to use Autonomous platform image instead of marke… (#118)

* updated base module to use Autonomous platform image instead of marketplace. Also disabled kubernetes dashboard by default (#116)

Signed-off-by: Ali Mukadam <[email protected]>

* updated instructions

Signed-off-by: Ali Mukadam <[email protected]>

* base module pointing directly to terraform-oci-base, local copy removed, kubernetes dashboard disabled by default, changelog updated

Signed-off-by: Ali Mukadam <[email protected]>

* minor doc correction

Signed-off-by: Ali Mukadam <[email protected]>

Author: hyder

CHANGELOG.adoc

@@ -7,6 +7,28 @@ All notable changes to this project are documented in this file.
 
 The format is based on {uri-changelog}[Keep a Changelog].
 
+== v2.1.0 (January 17, 2019)
+* Base module now pointing directly to https://github.com/oracle-terraform-modules/terraform-oci-base v1.1.0
+* Local copy of base module removed
+* Disabled Kubernetes dashboard by default (#117)
+
+== v2.0.1 (January 16, 2019)
+* fixed issue with compartment id when using KMS #112
+* added ServiceAccount for CI/CD #113
+
+== v2.0.0 (November 28, 2019)
+* Use compartment id instead of compartment name for policies #86
+* Updated available list of Kubernetes versions in Terraform options #90
+* Added admin host for operations instead of using the bastion server. This is required because of changing to kubeconfig v2 #91
+* Installed Python3, oci-cli on admin host. oci-cli will require Python3 after January 2020 #91
+* Switched all operations from bastion to admin host #91
+* Switched from kubeconfig v1 to v2, generated by oci-cli instead of uploading #98
+* Helm upgraded to version 3.0.0 #100
+* incubator and jetstack helm repos removed as they can now be searched from helm hub #100
+* tiller disabled and option to enable it is removed #100
+* Fixed bug for empty tuple in data.oci_core_images.oracle_images when use_autonomous=true #103
+* Set minimum version of Terraform to 0.12.16
+
 == v2.0.0-beta.2 (November 21, 2019)
 * Helm upgraded to version 3.0.0 #100
 * incubator and jetstack helm repos removed as they can now be searched from helm hub #100

docs/instructions.adoc

@@ -48,18 +48,21 @@
 . link:#creating-the-oke-cluster[Creating the OKE Cluster]
 . link:#adding-the-bastion-host[Adding the bastion host]
 . link:#using-the-bastion-host[Using the bastion host]
-.. link:#enabling-instance_principal-on-the-bastion-host[Enabling instance_principal on the bastion host]
-.. link:#disabling-instance_principal-on-the-bastion-host[Disabling instance_principal on the bastion host]
+. link:#adding-the-admin-host[Adding the admin host]
+.. link:#upgrading-the-admin-host[Upgrading the admin host]
+. link:#using-the-admin-host[Using the admin host]
+.. link:#enabling-instance_principal-on-the-admin-host[Enabling instance_principal on the admin host]
+.. link:#disabling-instance_principal-on-the-admin-host[Disabling instance_principal on the admin host]
 .. link:#recommendations-for-using-instance_principal[Recommendations for using instance_principal]
-. link:#interacting-with-the-oke-cluster-locally[Interacting with the OKE Cluster locally]
+. link:#interacting-with-the-oke-cluster[Interacting with the OKE Cluster locally]
 . link:#creating-an-auth-token-for-ocir[Creating an auth token for OCIR]
 . link:#installing-helm[Installing helm]
 . link:#installing-calico[Installing Calico]
 . link:#installing-kubernetes-metrics-server[Installing Kubernetes Metrics Server]
-. link:#scaling-the-number-of-worker-nodes[Scaling the number of worker nodes]
 . link:#scaling-the-number-of-node-pools[Scaling the number of node pools]
 . link:#accessing-the-kubernetes-dashboard[Accessing the Kubernetes dashboard]
 . link:#destroying-the-cluster[Destroying the cluster]
+. link:#creating-a-service-account-for-cicd-tools[Creating a service account for CI/CD tools]
 
 === Assumptions
 
@@ -103,43 +106,28 @@ Use the parameter *cluster_name* to change the name of the cluster as per your n
 
 If you want to use bastion host, set the parameter *bastion_enabled* to *true* in terraform.tfvars. Refer to {uri-terraform-options}#bastion-host[Bastion Host] for other available bastion related parameters.
 
-==== bastion_package_upgrade
-
-There is 1 additional parameter for the bastion:
-
-* bastion_package_upgrade
-
-_bastion_package_upgrade_ will upgrade the bastion compute instance on first boot. 
-
-****
-N.B. It is good and recommended practice to upgrade your bastion host to the latest packages to minimize the possibility of vulnerabilities. However, it will also take slightly longer before the bastion host is available.
-****
 
 === Using the bastion host
 
 ****
 *Assumption: you have set the bastion_enabled parameter to true in terraform.tfvars*
 ****
 
-Once the terraform apply is successful you will get the bastion_public_ip as output and also a ssh command .You can also run the below command to get the output:
+Once the terraform apply is successful you will get the bastion_public_ip as output and also a ssh command. You can also run the below command to get the output:
 
 ----
 terraform output
 ----
 
-A utility script is also generated that contains the command to ssh to the bastion. You can run it directly:
-
-----
-scripts/tesseract.sh
-----
+You can then copy the ssh_to_bastion command, paste and run it in a terminal.
 
 === Adding the admin host
 
 The admin host is used to minimize local dependencies such as oci-cli, kubectl and so on. 
 
 If you want to use the admin host, set the parameter *admin_enabled* to *true* in terraform.tfvars. Refer to {uri-terraform-options}#admin-host[Admin Host] for other available bastion related parameters.
 
-==== admin_package_upgrade
+==== Upgrading the admin host
 
 There is 1 additional parameter for the admin:
 
@@ -157,12 +145,14 @@ N.B. It is good and recommended practice to upgrade your package host to the lat
 *Assumption: you have set the admin_enabled parameter to true in terraform.tfvars*
 ****
 
-Once the terraform apply is successful you will get the admin_private_ip as output and also a ssh command .You can also run the below command to get the output:
+Once the terraform apply is successful you will get the admin_private_ip as output and also a ssh command. You can also run the below command to get the output:
 
 ----
 terraform output
 ----
 
+You can then copy the ssh_to_admin command, paste and run it in a terminal.
+
 ==== Enabling instance_principal on the admin host
 {uri-oci-instance-principal}[instance_principal] is an IAM service feature that enables instances to be authorized actors (or principals) to perform actions on service resources. Each compute instance has its own identity, and it authenticates using the certificates that are added to it. These certificates are automatically created, assigned to instances and rotated, preventing the need for you to distribute credentials to your hosts and rotate them.
 
@@ -208,9 +198,15 @@ terraform apply
 . Enable instance_principal *_if and only if_* you are using link:#kms-integration[KMS Integration], calico, metricserver, helm or creating the OCIR secret.
 . Disable instance_principal once the cluster is created
 
-=== Interacting with the OKE Cluster locally
+=== Interacting with the OKE Cluster
+
+kubectl installed on the admin host by default and the kubeconfig file is set in the default location (~/.kube/config) so you don't need to set the KUBECONFIG environment variable every time you log in to the admin host. 
+
+****
+N.B. In order for kubeconfig to be created on the admin host, you need to link:#enabling-instance_principal-on-the-admin-host[enable instance_principal on the admin host].
+****
 
-kubectl installed in bastion host by default and the kubeconfig file is set in the default location (~/.kube/config) so you don't need to set the KUBECONFIG environment variable every time you log in to the bastion. An alias "*k*" will be created for kubectl on the bastion host. 
+An alias "*k*" will be created for kubectl on the admin host. 
 
 If you would like to use kubectl locally, {uri-install-kubectl}[install kubectl]. Then, set the KUBECONFIG to the config file path. The kubeconfig file will be saved generated locally under the folder *generated*:
 
@@ -228,11 +224,13 @@ export KUBECONFIG=generated/kubeconfig
 
 === Installing helm
 
-{uri-helm}[Helm] is a package manager for kubernetes.If you want to install helm, set the parameter *install_helm = true* in terraform.tfvars. By default, it is set to true. An alias "*h*" will be created for helm on the bastion host. For other available parameters, refer to {uri-terraform-options}#helm[Helm parameters].
+{uri-helm}[Helm] is a package manager for kubernetes. If you want to install helm on the admin host, set the parameter *install_helm = true* in terraform.tfvars. By default, it is set to false. 
+
+An alias "*h*" will be created for helm on the admin host. For other available parameters, refer to {uri-terraform-options}#helm[Helm parameters].
 
 === Installing Calico 
 
-Calico enables network policy in Kubernetes clusters across the cloud. To install calico set the parameter *install_calico = true* in terraform.tfvars. By default its set to false. Refer to {uri-terraform-options}#calico[Calico parameters] for other available parameters.
+Calico enables network policy in Kubernetes clusters. To install calico set the parameter *install_calico = true* in terraform.tfvars. By default its set to false. Refer to {uri-terraform-options}#calico[Calico parameters] for other available parameters.
 
 === Installing Kubernetes Metrics Server
 
@@ -249,6 +247,8 @@ Set the parameter *node_pools* to the desired quantities to scale the node pools
 
 === Accessing the Kubernetes dashboard
 
+By default, the Kubernetes dashboard is now disabled. To enable it, set the *dashboard_enabled = true* _before_ creating the cluster. The dashboard will then be deployed.
+
 In a terminal window, run the command:
 
 ----
@@ -267,4 +267,21 @@ terraform destroy
 
 ****
 *Only infrastructure created by terraform will get destroyed.*
-****
+****
+
+
+=== Creating a service account for CI/CD tools
+
+OKE now uses Kubeconfig v2 which means the default token has a limited lifespan. In order to allow CI/CD tools to deploy to OKE, a service account must be created.
+
+Set the *create_service_account = true* and you can name the other parameters as appropriate:
+
+----
+create_service_account = true
+
+service_account_name = "kubeconfigsa"
+
+service_account_namespace = "kube-system"
+
+service_account_cluster_role_binding = ""
+````

docs/terraformoptions.adoc

@@ -222,8 +222,8 @@ newbits = {
 
 |bastion_image_id
 |Custom image id for the bastion host
-|image_id or NONE. If the value is set to NONE, an Oracle Platform image will be used instead. Set use_autonomous to _false_ if you want to use your own image.
-|NONE
+|image_id or Autonomous. If the value is set to 'Autonomous', an Oracle Autonomous Linux Platform image will be used instead. If you want to use a custom image, set the image id instead.
+|Autonomous
 
 |bastion_notification_enabled
 |Whether to enable ONS notification for the bastion host.
@@ -260,11 +260,6 @@ newbits = {
 |
 |Australia/Sydney
 
-|bastion_use_autonomous
-|Whether to use Autonomous Linux or an Oracle Linux Platform image or custom image. Set to false if you want to use your own image id or Oracle Linux Platform image.
-|true/false
-|true
-
 |===
 
 == Admin Host
@@ -283,8 +278,8 @@ newbits = {
 
 |admin_image_id
 |Custom image id for the admin host
-|image_id or NONE. If the value is set to NONE, an Oracle Platform image will be used instead. Set use_autonomous to _false_ if you want to use your own image. For now, *do not use Autonomous for the admin host.*
-|NONE
+|image_id or Oracle. If the value is set to Oracle, an Oracle Platform image will be used instead.
+|Oracle
 
 |admin_instance_principal
 |Whether to enable instance_principal on the admin server. Refer to {uri-docs}/instructions.adoc/#enabling-instance_principal-on-the-admin-host[instance_principal]
@@ -326,11 +321,6 @@ newbits = {
 |
 |Australia/Sydney
 
-|admin_use_autonomous
-|Whether to use Autonomous Linux or an Oracle Linux Platform image or custom image. Set to false if you want to use your own image id or Oracle Linux Platform image. *Do not use autonomous for now*
-|true/false
-|false
-
 |===
 
 == Availability Domain
@@ -389,7 +379,7 @@ availability_domains = {
 |dashboard_enabled
 |Whether to create the default Kubernetes dashboard.
 |true/false
-|true
+|false
 
 |kubernetes_version
 |The version of Kubernetes to provision. This is based on the available versions in OKE. By default, the available versions will be queries and the latest version selected. To provision a specific version, choose from available versions and override the 'LATEST' value.

locals.tf

@@ -19,7 +19,7 @@ locals {
   oci_base_general = {
     label_prefix         = var.label_prefix
     region               = var.region
-    disable_auto_retries = var.disable_auto_retries
+    # disable_auto_retries = var.disable_auto_retries
   }
 
   oci_base_vcn = {
@@ -46,13 +46,13 @@ locals {
     ssh_private_key_path  = var.ssh_private_key_path
     ssh_public_key_path   = var.ssh_public_key_path
     timezone              = var.bastion_timezone
-    use_autonomous        = var.bastion_use_autonomous
+    # use_autonomous        = var.bastion_use_autonomous
   }
 
   oci_base_admin = {
     availability_domains      = var.availability_domains["admin"]
     admin_enabled             = var.admin_enabled
-    admin_image_id            = "NONE"
+    admin_image_id            = var.admin_image_id
     admin_shape               = var.admin_shape
     admin_upgrade             = var.admin_package_upgrade
     enable_instance_principal = var.admin_instance_principal
@@ -65,7 +65,7 @@ locals {
     ssh_private_key_path      = var.ssh_private_key_path
     ssh_public_key_path       = var.ssh_public_key_path
     timezone                  = var.admin_timezone
-    use_autonomous            = var.admin_use_autonomous
+    # use_autonomous            = var.admin_use_autonomous
   }
 
   ocir = {

main.tf

@@ -6,7 +6,7 @@ terraform {
 }
 
 module "base" {
-  source = "./modules/base"
+  source = "github.com/oracle-terraform-modules/terraform-oci-base?ref=v1.1.0"
 
   # identity
   oci_base_identity = local.oci_base_identity