added example of terraform scripts config files to create OKE cluster

Author: marinakog

kubernetes/samples/README.md

@@ -14,6 +14,7 @@ While these samples may be useful and usable as is, it is intended that you woul
 * [Sample for creating a WebLogic domain home inside a Docker image](scripts/create-weblogic-domain/domain-home-in-image/README.md), and the domain resource YAML file for deploying the generated WebLogic domain.
 * [Sample for configuring the Elasticsearch and Kibana](scripts/elasticsearch-and-kibana/README.md) deployments and services for the operator's logs.
 * [Sample for generating a self-signed certificate and private key](scripts/rest/README.md) that can be used for the operator's external REST API.
+* [Sample for generating OKE cluster using Terraform](scripts/terraform/README.md).
 
 ## Sample Helm charts
 

kubernetes/samples/scripts/terraform/README.md

@@ -0,0 +1,49 @@
+# Sample to create OKE cluster using Terraform scripts
+
+The provided sample will create:
+
+	A new Virtual Cloud Network (VCN) for the cluster
+
+	2 LoadBalancer subnets with seclists
+
+	3 Worker subnets with seclists
+
+	A Kubernetes Cluster with one NodePool
+
+	A kubeconfig file to allow access using kubectl
+
+Nodes and network settings will be configured to allow SSH access, and the cluster Networking policies will allow NodePort services to be exposed.
+
+By default all OCI Container Engine for Kubernetes Cluster masters are Highly Available (HA) and fronted by load balancers.
+
+
+
+Prerequisites
+
+To use these Terraform scripts, you will need fulfill the following prerequisites:
+
+	Have an existing tenancy with enough compute and networking resources available for the desired cluster
+
+	Have an OCI Container Engine for Kubernetes policy in place within that tenancy to allow the OCI Container Engine for Kubernetes service to manage tenancy resources
+
+	Install Terraform with the OCI plugin as described here.
+
+	Have a user defined within that tenancy
+
+	Have an API key defined for use with the OCI API, as documented here
+
+	Have an SSH key pair with file permission 600 ready for configuring SSH access to the nodes in the cluster
+
+
+Copy provided oci.props.template file to oci.props and add all required values.
+
+The syntax of the script is:
+```
+$ kubernetes/samples/scripts/terraform/oke.create.sh oci.props
+```
+The scripts collects the values from oci.props file and performs the following steps:
+Create a new tfvars file based on the values from the provided oci.props file.
+Downloads and installs all needed binaries for Terraform, Terraform OCI Provider and Go, based on OS system ( Mac or Linux)
+Apply the configuration and creates OKE Cluster using Terraform
+
+

kubernetes/samples/scripts/terraform/cluster.tf

@@ -0,0 +1,75 @@
+variable "cluster_kubernetes_version" { default = "v1.10.3" }
+variable "cluster_name" { default = "tfTestCluster" }
+variable "cluster_options_add_ons_is_kubernetes_dashboard_enabled" { default = true }
+variable "cluster_options_add_ons_is_tiller_enabled" { default = true }
+variable "cluster_options_kubernetes_network_config_pods_cidr" { default = "10.1.0.0/16" }
+variable "cluster_options_kubernetes_network_config_services_cidr" { default = "10.2.0.0/16" }
+variable "node_pool_initial_node_labels_key" { default = "key" }
+variable "node_pool_initial_node_labels_value" { default = "value" }
+variable "node_pool_kubernetes_version" { default = "v1.10.3" }
+variable "node_pool_name" { default = "tfTestCluster_workers" }
+variable "node_pool_node_image_name" { default = "Oracle-Linux-7.4" }
+variable "node_pool_node_shape" { default = "VM.Standard1.1" }
+variable "node_pool_quantity_per_subnet" { default = 2 }
+variable "node_pool_ssh_public_key" { }
+
+data "oci_identity_availability_domains" "test_availability_domains" {
+  compartment_id = "${var.compartment_ocid}"
+}
+
+// Defined in oke.tf
+/*resource "oci_core_virtual_network" "oke-vcn" {
+  cidr_block = "${var.vcn_cidr}"
+  compartment_id = "${var.compartment_ocid}"
+  display_name = "${var.cluster_name}_vcn"
+}*/
+
+resource "oci_containerengine_cluster" "test_cluster" {
+  #Required
+  compartment_id = "${var.compartment_ocid}"
+  kubernetes_version = "${var.cluster_kubernetes_version}"
+  name = "${var.cluster_name}"
+  vcn_id = "${oci_core_virtual_network.oke-vcn.id}"
+
+  #Optional
+  options {
+    service_lb_subnet_ids = ["${oci_core_subnet.oke-subnet-loadbalancer-1.id}", "${oci_core_subnet.oke-subnet-loadbalancer-2.id}"]
+
+    #Optional
+    add_ons {
+      #Optional
+      is_kubernetes_dashboard_enabled = "${var.cluster_options_add_ons_is_kubernetes_dashboard_enabled}"
+      is_tiller_enabled = "${var.cluster_options_add_ons_is_tiller_enabled}"
+    }
+    #kubernetes_network_config {
+      #Optional
+      #pods_cidr = "${var.cluster_options_kubernetes_network_config_pods_cidr}"
+      #services_cidr = "${var.cluster_options_kubernetes_network_config_services_cidr}"
+    #}
+  }
+}
+
+resource "oci_containerengine_node_pool" "test_node_pool" {
+	#Required
+	cluster_id = "${oci_containerengine_cluster.test_cluster.id}"
+	compartment_id = "${var.compartment_ocid}"
+	kubernetes_version = "${var.node_pool_kubernetes_version}"
+	name = "${var.node_pool_name}"
+	node_image_name = "${var.node_pool_node_image_name}"
+	node_shape = "${var.node_pool_node_shape}"
+        subnet_ids = ["${oci_core_subnet.oke-subnet-worker-1.id}", "${oci_core_subnet.oke-subnet-worker-2.id}","${oci_core_subnet.oke-subnet-worker-3.id}"]
+
+	#Optional
+	#initial_node_labels {
+
+		#Optional
+	#	key = "${var.node_pool_initial_node_labels_key}"
+	#	value = "${var.node_pool_initial_node_labels_value}"
+	#}
+	quantity_per_subnet = "${var.node_pool_quantity_per_subnet}"
+	ssh_public_key = "${var.node_pool_ssh_public_key}"
+}
+
+output "cluster_id" {
+  value = "${oci_containerengine_cluster.test_cluster.id}"
+}

kubernetes/samples/scripts/terraform/kube_config.tf

@@ -0,0 +1,16 @@
+variable "cluster_kube_config_expiration" { default = 2592000 }
+variable "cluster_kube_config_token_version" { default = "1.0.0" }
+
+data "oci_containerengine_cluster_kube_config" "test_cluster_kube_config" {
+  #Required
+  cluster_id = "${oci_containerengine_cluster.test_cluster.id}"
+
+  #Optional
+  #expiration = "${var.cluster_kube_config_expiration}"
+  #token_version = "${var.cluster_kube_config_token_version}"
+}
+
+resource "local_file" "test_cluster_kube_config_file" {
+  content     = "${data.oci_containerengine_cluster_kube_config.test_cluster_kube_config.content}"
+  filename = "${path.module}/${var.cluster_name}_kubeconfig"
+}

kubernetes/samples/scripts/terraform/oci.props.template

@@ -0,0 +1,16 @@
+user.ocid= 
+okeclustername=
+tfvars.filename=
+tenancy.ocid=
+compartment.ocid=
+compartment.name=
+ociapi.pubkey.fingerprint=
+ocipk.path=
+vcn.cidr.prefix=
+vcn.cidr=
+nodepool.shape=
+k8s.version=
+nodepool.ssh.pubkey=
+terraform.installdir=
+go.installdir=
+

kubernetes/samples/scripts/terraform/oke.create.sh

@@ -0,0 +1,126 @@
+#!/bin/bash
+# Copyright 2017, Oracle Corporation and/or its affiliates. All rights reserved.
+
+
+function prop {
+    grep "${1}" ${propsFile}|cut -d'=' -f2
+}
+function generateTFVarFile {
+
+tfVarsFiletfVarsFile=${terraformVarDir}/${clusterTFVarsFile}.tfvars
+rm -f ${tfVarsFiletfVarsFile}
+cp ${terraformVarDir}/template.tfvars $tfVarsFiletfVarsFile
+chmod 777 ${terraformVarDir}/template.tfvars $tfVarsFiletfVarsFile
+
+sed -i -e "s:@TENANCYOCID@:${tenancy_ocid}:g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@USEROCID@:${user_ocid}:g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@COMPARTMENTOCID@:${compartment_ocid}:g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@COMPARTMENTNAME@:${compartment_name}:g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@OKECLUSTERNAME@:${okeclustername}:g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@OCIAPIPUBKEYFINGERPRINT@:"${ociapi_pubkey_fingerprint}":g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@OCIPRIVATEKEYPATH@:${ocipk_path}:g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@VCNCIDRPREFIX@:${vcn_cidr_prefix}:g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@VCNCIDR@:${vcn_cidr_prefix}.0.0/16:g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@OKEK8SVERSION@:${k8s_version}:g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@NODEPOOLSHAPE@:${nodepool_shape}:g" ${tfVarsFiletfVarsFile}
+sed -i -e "s:@NODEPOOLSSHPUBKEY@:${nodepool_ssh_pubkey}:g" ${tfVarsFiletfVarsFile}
+echo "Generated TFVars file [${tfVarsFiletfVarsFile}]"
+
+}
+
+function setupTerraform () {
+mkdir ${terraformDir}
+cd ${terraformDir}
+if [[ "${OSTYPE}" == "darwin"* ]]; then
+  curl -O https://releases.hashicorp.com/terraform/0.11.10/terraform_0.11.10_darwin_amd64.zip
+  unzip terraform_0.11.10_darwin_amd64.zip
+elif [[ "${OSTYPE}" == "linux"* ]]; then
+   curl -O https://releases.hashicorp.com/terraform/0.11.8/terraform_0.11.8_linux_amd64.zip
+   unzip terraform_0.11.8_linux_amd64.zip
+else
+   echo "Unsupported OS"
+fi
+chmod 777 ${terraformDir}/terraform
+export PATH=${PATH}:${terraformDir}
+
+}
+
+function buildTerraformOCIProvider() {
+mkdir -p ${goDir}/go/src/github.com/terraform-providers; cd ${goDir}/go/src/github.com/terraform-providers
+git clone https://github.com/terraform-providers/terraform-provider-oci.git
+cd ${goDir}/go/src/github.com/terraform-providers/terraform-provider-oci
+#somehow it does not build first time need to run gofmt and rebuild
+make gofmt
+make fmt
+make build
+if ! [ -d ~/.terraform.d ]; then
+echo "Creating terraform plugins dir"
+mkdir ~/.terraform.d
+fi
+if ! [ -d ~/.terraform.d/plugins ]; then
+mkdir ~/.terraform.d/plugins
+fi
+cp ${goDir}/go/bin/terraform-provider-oci ~/.terraform.d/plugins/
+if [ -e ~/.terraformrc ]; then
+  rm ~/.terraformrc
+fi
+cat ${terraformVarDir}/terraformrc >> ~/.terraformrc
+}
+
+function createCluster () {
+cd ${terraformVarDir}
+echo "terraform init -var-file=${terraformVarDir}/${clusterTFVarsFile}.tfvars"
+terraform init -var-file=${terraformVarDir}/${clusterTFVarsFile}.tfvars
+terraform plan -var-file=${terraformVarDir}/${clusterTFVarsFile}.tfvars
+terraform apply -auto-approve -var-file=${terraformVarDir}/${clusterTFVarsFile}.tfvars
+}
+
+function setupGo () {
+mkdir ${goDir}
+cd ${goDir}
+if [[ "${OSTYPE}" == "darwin"* ]]; then
+  curl -O https://dl.google.com/go/go1.11.2.darwin-amd64.tar.gz
+  tar -xvf go1.11.2.darwin-amd64.tar.gz
+elif [[ "${OSTYPE}" == "linux"* ]]; then
+   curl -O https://dl.google.com/go/go1.11.linux-amd64.tar.gz
+   tar -xvf go1.11.linux-amd64.tar.gz
+else
+   echo "Unsupported OS"
+fi
+chmod 777 ${goDir}/go/bin
+export PATH=${PATH}:${goDir}/go/bin
+
+}
+
+
+
+#MAIN 
+terraformVarDir=${2:-$PWD}
+propsFile=${1:-$PWD/oci.props}
+
+
+clusterTFVarsFile=$(prop 'tfvars.filename')
+tenancy_ocid=$(prop 'tenancy.ocid')
+user_ocid=$(prop 'user.ocid')
+compartment_ocid=$(prop 'compartment.ocid')
+compartment_name=$(prop 'compartment.name')
+okeclustername=$(prop 'okeclustername')
+ociapi_pubkey_fingerprint=$(prop 'ociapi.pubkey.fingerprint')
+ocipk_path=$(prop 'ocipk.path')
+vcn_cidr_prefix=$(prop 'vcn.cidr.prefix')
+k8s_version=$(prop 'k8s.version')
+nodepool_shape=$(prop 'nodepool.shape')
+nodepool_ssh_pubkey=$(prop 'nodepool.ssh.pubkey')
+terraformDir=$(prop 'terraform.installdir')
+goDir=$(prop 'go.installdir')
+generateTFVarFile
+rm -rf ${goDir} ${terraformDir}
+setupTerraform
+setupGo
+buildTerraformOCIProvider
+chmod 600 ${ocipk_path}
+createCluster
+export KUBECONFIG=${terraformVarDir}/${okeclustername}_kubeconfig
+
+
+

kubernetes/samples/scripts/terraform/provider.tf

@@ -0,0 +1,18 @@
+/*
+ * This example file shows how to configure the oci provider to target the a single region.
+ */
+
+// These variables would commonly be defined as environment variables or sourced in a .env file
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "region" { default = "us-phoenix-1" }
+
+provider "oci" {
+  region = "${var.region}"
+  tenancy_ocid = "${var.tenancy_ocid}"
+  user_ocid = "${var.user_ocid}"
+  fingerprint = "${var.fingerprint}"
+  private_key_path = "${var.private_key_path}"
+}

kubernetes/samples/scripts/terraform/template.tfvars

@@ -0,0 +1,47 @@
+# Example TF variables file for cluster creation
+# 
+# Clone this and upate it with your own info as needed
+#
+
+#
+# User-specific vars - you can get these easily from the OCI console from your user page
+#
+
+# OCID can be obtained from the user info page in the OCI console
+user_ocid="@USEROCID@"
+# API key fingerprint and private key location, needed for API access -- you should have added a public API key through the OCI console first
+fingerprint="@OCIAPIPUBKEYFINGERPRINT@" 
+private_key_path="@OCIPRIVATEKEYPATH@"
+
+# Required tenancy vars
+tenancy_ocid="@TENANCYOCID@"
+compartment_ocid="@COMPARTMENTOCID@"
+compartment_name="@COMPARTMENTNAME@"
+
+#
+# Cluster-specific vars
+#
+
+# VCN CIDR -- must be unique within the compartment in the tenancy
+# - assuming 1:1 cluster:vcn 
+# - this can be obtained either through OCI console, or from the Otto clusters page https://confluence.oraclecorp.com/confluence/display/ODX/Otto+OKE+Clusters
+#
+# BE SURE TO SET BOTH VARS -- the first 2 octets for each variable have to match
+vcn_cidr_prefix="@VCNCIDRPREFIX@"
+vcn_cidr="@VCNCIDR@"
+
+# Cluster name and k8s version
+cluster_kubernetes_version="@OKEK8SVERSION@"
+cluster_name="@OKECLUSTERNAME@"
+
+# Node pool info
+node_pool_kubernetes_version="@OKEK8SVERSION@"
+node_pool_name="@OKECLUSTERNAME@_workers"
+node_pool_node_shape="@NODEPOOLSHAPE@"
+node_pool_quantity_per_subnet=1
+
+# SSH public key, for SSH access to nodes in the cluster
+node_pool_ssh_public_key="@NODEPOOLSSHPUBKEY@"
+
+
+

kubernetes/samples/scripts/terraform/terraformrc

@@ -0,0 +1,4 @@
+# Example of terraform plugin file
+providers {
+ oci = "${HOME}/.terraform.d/plugins/terraform-provider-oci"
+}