WIP: added sample terraform scripts to create OKE (#807)

* added example of terraform scripts config files to create OKE cluster

* removed code for building terraform oci provider, added copiright info, corrected typos

*  corrected format

*  corrected format

Author: marinakog

kubernetes/samples/README.md

@@ -14,6 +14,7 @@ While these samples may be useful and usable as is, it is intended that you woul
 * [Sample for creating a WebLogic domain home inside a Docker image](scripts/create-weblogic-domain/domain-home-in-image/README.md), and the domain resource YAML file for deploying the generated WebLogic domain.
 * [Sample for configuring the Elasticsearch and Kibana](scripts/elasticsearch-and-kibana/README.md) deployments and services for the operator's logs.
 * [Sample for generating a self-signed certificate and private key](scripts/rest/README.md) that can be used for the operator's external REST API.
+* [Sample for creating an OKE cluster using Terraform](scripts/terraform/README.md).
 
 ## Sample Helm charts
 

kubernetes/samples/scripts/terraform/README.md

@@ -0,0 +1,52 @@
+# Sample to create an OKE cluster using Terraform scripts
+
+The provided sample will create:
+
+* A new Virtual Cloud Network (VCN) for the cluster
+* Two LoadBalancer subnets with security lists
+* Three Worker subnets with security lists
+* A Kubernetes Cluster with one Node Pool
+* A `kubeconfig` file to allow access using `kubectl`
+
+Nodes and network settings will be configured to allow SSH access, and the cluster networking policies will allow `NodePort` services to be exposed. This cluster can be used for testing and development purposes only. The provided samples of Terraform scripts should not be considered for creating production clusters, without more of a review.
+
+All OCI Container Engine masters are Highly Available (HA) and fronted by load balancers.
+
+
+
+## Prerequisites
+
+To use these Terraform scripts, you will need fulfill the following prerequisites:
+* Have an existing tenancy with enough compute and networking resources available for the desired cluster.
+* Have an [Identity and Access Management](https://docs.cloud.oracle.com/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#PolicyPrerequisitesService) policy in place within that tenancy to allow the OCI Container Engine for Kubernetes service to manage tenancy resources.
+* Have a user defined within that tenancy.
+* Have an API key defined for use with the OCI API, as documented [here](https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingcredentials.htm).
+* Have an [SSH key pair](https://docs.oracle.com/en/cloud/iaas/compute-iaas-cloud/stcsg/generating-ssh-key-pair.html) for configuring SSH access to the nodes in the cluster.
+
+Copy provided `oci.props.template` file to `oci.props` and add all required values:
+* `user.ocid` - OCID for the tenancy user - can be obtained from the user settings in the OCI console.
+* `tfvars.filename` - File name for generated tfvar file.
+* `okeclustername` - The name for OCI Container Engine for Kubernetes cluster.
+* `tenancy.ocid` - OCID for the target tenancy.
+* `region` - name of region in the target tenancy.
+* `compartment.ocid` - OCID for the target compartment.
+* `compartment.name` - Name for the target compartment.
+* `ociapi.pubkey.fingerprint` - Fingerprint of the OCI user's public key.
+* `ocipk.path` - API Private Key -- local path to the private key for the API key pair.
+* `vcn.cidr.prefix` - Prefix for VCN CIDR, used when creating subnets -- you should examine the target compartment find a CIDR that is available.
+* `vcn.cidr` - Full CIDR for the VCN, must be unique within the compartment, first 2 octets should match the vcn_cidr_prefix.
+* `nodepool.shape` - A valid OCI VM Shape for the cluster nodes.
+* `k8s.version` - SSH public key (key contents as a string).
+* `nodepool.imagename` - A valid image name for Node Pool creation.
+* `terraform.installdir` - Location to install Terraform binaries.
+
+To run the script, use the command:
+```
+$ kubernetes/samples/scripts/terraform/oke.create.sh oci.props
+```
+The script collects the values from `oci.props` file and performs the following steps:
+* Creates a new tfvars file based on the values from the provided `oci.props` file.
+* Downloads and installs all needed binaries for Terraform, Terraform OCI Provider, based on OS system (macOS or Linux)
+* Applies the configuration and creates OKE Cluster using Terraform
+
+

kubernetes/samples/scripts/terraform/cluster.tf

@@ -0,0 +1,62 @@
+/*
+# Copyright 2018, 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+*/
+variable "cluster_kubernetes_version" { default = "v1.11.5" }
+variable "cluster_name" { default = "tfTestCluster" }
+variable "cluster_options_add_ons_is_kubernetes_dashboard_enabled" { default = true }
+variable "cluster_options_add_ons_is_tiller_enabled" { default = true }
+variable "cluster_options_kubernetes_network_config_pods_cidr" { default = "10.1.0.0/16" }
+variable "cluster_options_kubernetes_network_config_services_cidr" { default = "10.2.0.0/16" }
+variable "node_pool_initial_node_labels_key" { default = "key" }
+variable "node_pool_initial_node_labels_value" { default = "value" }
+variable "node_pool_kubernetes_version" { default = "v1.11.5" }
+variable "node_pool_name" { default = "tfTestCluster_workers" }
+variable "node_pool_node_image_name" { default = "Oracle-Linux-7.4" }
+variable "node_pool_node_shape" { default = "VM.Standard2.1" }
+variable "node_pool_quantity_per_subnet" { default = 2 }
+variable "node_pool_ssh_public_key" { }
+
+data "oci_identity_availability_domains" "tfsample_availability_domains" {
+  compartment_id = "${var.compartment_ocid}"
+}
+
+
+resource "oci_containerengine_cluster" "tfsample_cluster" {
+  #Required
+  compartment_id = "${var.compartment_ocid}"
+  kubernetes_version = "${var.cluster_kubernetes_version}"
+  name = "${var.cluster_name}"
+  vcn_id = "${oci_core_virtual_network.oke-vcn.id}"
+
+  #Optional
+  options {
+    service_lb_subnet_ids = ["${oci_core_subnet.oke-subnet-loadbalancer-1.id}", "${oci_core_subnet.oke-subnet-loadbalancer-2.id}"]
+
+    #Optional
+    add_ons {
+      #Optional
+      is_kubernetes_dashboard_enabled = "${var.cluster_options_add_ons_is_kubernetes_dashboard_enabled}"
+      is_tiller_enabled = "${var.cluster_options_add_ons_is_tiller_enabled}"
+    }
+  }
+}
+
+resource "oci_containerengine_node_pool" "tfsample_node_pool" {
+	#Required
+	cluster_id = "${oci_containerengine_cluster.tfsample_cluster.id}"
+	compartment_id = "${var.compartment_ocid}"
+	kubernetes_version = "${var.node_pool_kubernetes_version}"
+	name = "${var.node_pool_name}"
+	node_image_name = "${var.node_pool_node_image_name}"
+	node_shape = "${var.node_pool_node_shape}"
+        subnet_ids = ["${oci_core_subnet.oke-subnet-worker-1.id}", "${oci_core_subnet.oke-subnet-worker-2.id}","${oci_core_subnet.oke-subnet-worker-3.id}"]
+
+	#Optional
+	quantity_per_subnet = "${var.node_pool_quantity_per_subnet}"
+	ssh_public_key = "${var.node_pool_ssh_public_key}"
+}
+
+output "cluster_id" {
+  value = "${oci_containerengine_cluster.tfsample_cluster.id}"
+}

kubernetes/samples/scripts/terraform/kube_config.tf

@@ -0,0 +1,17 @@
+/*
+# Copyright 2018, 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+*/
+
+variable "cluster_kube_config_expiration" { default = 2592000 }
+variable "cluster_kube_config_token_version" { default = "1.0.0" }
+
+data "oci_containerengine_cluster_kube_config" "tfsample_cluster_kube_config" {
+  #Required
+  cluster_id = "${oci_containerengine_cluster.tfsample_cluster.id}"
+}
+
+resource "local_file" "tfsample_cluster_kube_config_file" {
+  content     = "${data.oci_containerengine_cluster_kube_config.tfsample_cluster_kube_config.content}"
+  filename = "${path.module}/${var.cluster_name}_kubeconfig"
+}

kubernetes/samples/scripts/terraform/oci.props.example

@@ -0,0 +1,17 @@
+user.ocid=ocid1.user.oc1..aaaaaaaast7s6jdho6mh2dqvyqcychofaiv5lhztkx7u5jlr5wwuhhmewq
+okeclustername=myokecluster
+tfvars.filename=myokeclustertf
+region=us-phoenix-1
+tenancy.ocid=ocid1.tenancy.oc1..aaaaaahmcbb5mp2h6toh4vj7ax526xtmihrneoumyat557rvlolsx63imq
+compartment.ocid=ocid1.compartment.oc1..aaaaaaaaxzwkinzejhkncuvfy67pmb6wb46ifrixtuikkrgnnrp4wswsu4xq
+compartment.name=QualityAssurance
+ociapi.pubkey.fingerprint=c8\:b2\:da\:b2\:e8\:96\:7e\:bf\:ac\:ee\:ce\:bc\:a8\:7f\:07\:c5
+ocipk.path=/scratch/mkogan/.oci/oci_api_key.pem
+vcn.cidr.prefix=10.1
+vcn.cidr=10.1.0.0/16
+nodepool.shape=VM.Standard2.1
+nodepool.imagename=Oracle-Linux-7.4
+k8s.version=v1.10.11
+nodepool.ssh.pubkey=ssh-rsa AAAAB3NzaC1yc2EAAAAQABAAABAQC9FSfGdjjL+EZre2p5yLTAgtLsnp49AUVX1yY9V8guaXHol6UkvJWnyFHhL7s0qvWj2M2BYo6WAROVc0/054UFtmbd9zb2oZtGVk82VbT6aS74cMlqlY91H/rt9/t51Om9Sp5AvbJEzN0mkI4ndeG/5p12AUyg9m5XOdkgI2n4J8KFnDAI33YSGjxXb7UrkWSGl6XZBGUdeaExo3t2Ow8Kpl9T0Tq19qI+IncOecsCFj1tbM5voD8IWE2l0SW7V6oIqFJDMecq4IZusXdO+bPc+TKak7g82RUZd8PARpvYB5/7EOfVadxsXGRirGAKPjlXDuhwJYVRj1+IjZ+5Suxz mkogan@slc13kef
+terraform.installdir=/scratch/mkogan/myterraformtest
+

kubernetes/samples/scripts/terraform/oci.props.template

@@ -0,0 +1,45 @@
+# Copyright 2018, 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+
+# Properties to generate TF variables file for cluster creation from property file oci.props
+#
+# Copy this file to oci.props and update it with your own info, see oci.props.example as sample for values
+#
+
+# OCID can be obtained from the user info page in the OCI console
+user.ocid= 
+
+# name of OKE cluster
+okeclustername=
+
+# name of tfvars file (no extention) to generate
+tfvars.filename=
+
+# Required tenancy info
+tenancy.ocid=
+compartment.ocid=
+compartment.name=
+region=
+
+# API key fingerprint and private key location, needed for API access -- you should have added a public API key through the OCI console first, add escape backslash \ for each colon signt
+ociapi.pubkey.fingerprint=
+
+# path to private OCI API key
+ocipk.path=
+
+# VCN CIDR -- must be unique within the compartment in the tenancy
+# - assuming 1:1 cluster:vcn
+# BE SURE TO SET BOTH VARS -- the first 2 octets for each variable have to match
+vcn.cidr.prefix=
+vcn.cidr=
+
+# Node pool info
+nodepool.shape=
+nodepool.ssh.pubkey=
+nodepool.imagename=
+
+# K8S version
+k8s.version=
+
+#location for terraform installation
+terraform.installdir=

kubernetes/samples/scripts/terraform/oke.create.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+# Copyright 2018, 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+
+function prop {
+    grep "${1}" ${propsFile}|cut -d'=' -f2
+}
+
+function generateTFVarFile {
+    tfVarsFiletfVarsFile=${terraformVarDir}/${clusterTFVarsFile}.tfvars
+    rm -f ${tfVarsFiletfVarsFile}
+    cp ${terraformVarDir}/template.tfvars $tfVarsFiletfVarsFile
+    chmod 777 ${terraformVarDir}/template.tfvars $tfVarsFiletfVarsFile
+
+    sed -i -e "s:@TENANCYOCID@:${tenancy_ocid}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@USEROCID@:${user_ocid}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@COMPARTMENTOCID@:${compartment_ocid}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@COMPARTMENTNAME@:${compartment_name}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@OKECLUSTERNAME@:${okeclustername}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@OCIAPIPUBKEYFINGERPRINT@:"${ociapi_pubkey_fingerprint}":g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@OCIPRIVATEKEYPATH@:${ocipk_path}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@VCNCIDRPREFIX@:${vcn_cidr_prefix}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@VCNCIDR@:${vcn_cidr_prefix}.0.0/16:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@OKEK8SVERSION@:${k8s_version}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@NODEPOOLSHAPE@:${nodepool_shape}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@NODEPOOLIMAGENAME@:${nodepool_imagename}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@NODEPOOLSSHPUBKEY@:${nodepool_ssh_pubkey}:g" ${tfVarsFiletfVarsFile}
+    sed -i -e "s:@REGION@:${region}:g" ${tfVarsFiletfVarsFile}
+    echo "Generated TFVars file [${tfVarsFiletfVarsFile}]"
+
+}
+
+function setupTerraform () {
+    mkdir ${terraformDir}
+    cd ${terraformDir}
+    if [[ "${OSTYPE}" == "darwin"* ]]; then
+      curl -O https://releases.hashicorp.com/terraform/0.11.10/terraform_0.11.10_darwin_amd64.zip
+      unzip terraform_0.11.10_darwin_amd64.zip
+    elif [[ "${OSTYPE}" == "linux"* ]]; then
+       curl -O https://releases.hashicorp.com/terraform/0.11.8/terraform_0.11.8_linux_amd64.zip
+       unzip terraform_0.11.8_linux_amd64.zip
+    else
+       echo "Unsupported OS"
+    fi
+    chmod 777 ${terraformDir}/terraform
+    export PATH=${terraformDir}:${PATH}
+
+}
+
+function deleteOlderVersionTerraformOCIProvider() {
+    if [ -d ~/.terraform.d/plugins ]; then
+        echo "Deleting older version of terraform plugins dir"
+        rm -rf ~/.terraform.d/plugins
+    fi
+    if [ -d ${terraformVarDir}/.terraform ]; then
+        rm -rf ${terraformVarDir}/.terraform
+    fi
+    if [ -e ~/.terraformrc ]; then
+      rm ~/.terraformrc
+    fi
+}
+
+function createCluster () {
+    cd ${terraformVarDir}
+    echo "terraform init -var-file=${terraformVarDir}/${clusterTFVarsFile}.tfvars"
+    terraform init -var-file=${terraformVarDir}/${clusterTFVarsFile}.tfvars
+    terraform plan -var-file=${terraformVarDir}/${clusterTFVarsFile}.tfvars
+    terraform apply -auto-approve -var-file=${terraformVarDir}/${clusterTFVarsFile}.tfvars
+}
+
+#MAIN
+propsFile=${1:-$PWD/oci.props}
+terraformVarDir=${2:-$PWD}
+
+#grep props's values from oci.props file
+
+clusterTFVarsFile=$(prop 'tfvars.filename')
+tenancy_ocid=$(prop 'tenancy.ocid')
+user_ocid=$(prop 'user.ocid')
+compartment_ocid=$(prop 'compartment.ocid')
+compartment_name=$(prop 'compartment.name')
+okeclustername=$(prop 'okeclustername')
+ociapi_pubkey_fingerprint=$(prop 'ociapi.pubkey.fingerprint')
+ocipk_path=$(prop 'ocipk.path')
+vcn_cidr_prefix=$(prop 'vcn.cidr.prefix')
+k8s_version=$(prop 'k8s.version')
+nodepool_shape=$(prop 'nodepool.shape')
+nodepool_imagename=$(prop 'nodepool.imagename')
+nodepool_ssh_pubkey=$(prop 'nodepool.ssh.pubkey')
+region=$(prop 'region')
+terraformDir=$(prop 'terraform.installdir')
+
+# generate terraform configuration file with name $(clusterTFVarsFile).tfvar
+generateTFVarFile
+
+# cleanup previously installed terraform binaries
+rm -rf ${terraformDir}
+
+# download terraform binaries into ${terraformDir}
+setupTerraform
+
+# clean previous versions of terraform oci provider
+deleteOlderVersionTerraformOCIProvider
+
+chmod 600 ${ocipk_path}
+
+# run terraform init,plan,apply to create OKE cluster based on the provided tfvar file ${clusterTFVarsFile).tfvar
+createCluster
+export KUBECONFIG=${terraformVarDir}/${okeclustername}_kubeconfig

kubernetes/samples/scripts/terraform/provider.tf

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2018, 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
+ * Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+ * This example file shows how to configure the oci provider to target the a single region.
+*/
+
+// These variables would commonly be defined as environment variables or sourced in a .env file
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "region" { default = "us-phoenix-1" }
+
+provider "oci" {
+  version          = ">= 3.0.0"
+  region = "${var.region}"
+  tenancy_ocid = "${var.tenancy_ocid}"
+  user_ocid = "${var.user_ocid}"
+  fingerprint = "${var.fingerprint}"
+  private_key_path = "${var.private_key_path}"
+}

kubernetes/samples/scripts/terraform/template.tfvars

@@ -0,0 +1,46 @@
+# Copyright 2018, 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+
+# Template to generate TF variables file for cluster creation from property file oci.props
+# 
+# User-specific vars - you can get these easily from the OCI console from your user page
+#
+
+# OCID can be obtained from the user info page in the OCI console
+user_ocid="@USEROCID@"
+# API key fingerprint and private key location, needed for API access -- you should have added a public API key through the OCI console first
+fingerprint="@OCIAPIPUBKEYFINGERPRINT@" 
+private_key_path="@OCIPRIVATEKEYPATH@"
+
+# Required tenancy vars
+tenancy_ocid="@TENANCYOCID@"
+compartment_ocid="@COMPARTMENTOCID@"
+compartment_name="@COMPARTMENTNAME@"
+region="@REGION@"
+
+#
+# Cluster-specific vars
+#
+
+# VCN CIDR -- must be unique within the compartment in the tenancy
+# - assuming 1:1 cluster:vcn 
+# BE SURE TO SET BOTH VARS -- the first 2 octets for each variable have to match
+vcn_cidr_prefix="@VCNCIDRPREFIX@"
+vcn_cidr="@VCNCIDR@"
+
+# Cluster name and k8s version
+cluster_kubernetes_version="@OKEK8SVERSION@"
+cluster_name="@OKECLUSTERNAME@"
+
+# Node pool info
+node_pool_kubernetes_version="@OKEK8SVERSION@"
+node_pool_name="@OKECLUSTERNAME@_workers"
+node_pool_node_shape="@NODEPOOLSHAPE@"
+node_pool_node_image_name="@NODEPOOLIMAGENAME@"
+node_pool_quantity_per_subnet=1
+
+# SSH public key, for SSH access to nodes in the cluster
+node_pool_ssh_public_key="@NODEPOOLSSHPUBKEY@"
+
+
+