-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce terraform #189
Open
sdake
wants to merge
3
commits into
artificialwisdomai:main
Choose a base branch
from
sdake:terraform/intro
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Introduce terraform #189
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# Configure OCI | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# https://docs.oracle.com/en-us/iaas/developer-tutorials/tutorials/tf-provider/01-summary.htm | ||
mkdir $HOME/.oci | ||
chmod 700 $HOME/.oci | ||
openssl genrsa -out $HOME/.oci/steve_private.pem 2048 | ||
chmod 600 $HOME/.oci/steve_private.pem | ||
openssl rsa -pubout -in $HOME/.oci/steve_private.pem -out $HOME/.oci/steve_public.pem | ||
cat $HOME/.oci/steve_public.pem | ||
|
||
# Configure OCI cloud | ||
oci setup config | ||
|
||
# manually copy config variables to 01_kubernetes/terraform.tfvars | ||
echo configure 01_kubernetes/terraform.tfvars |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Using compartments | ||
|
||
Compartments are the fundamental IAM feature used by Oracle Cloud to isolate cloud resources. Compartments | ||
can have children in a tree structure, or be simpler with a depth of one. We use the `engineering` compartment | ||
to house all engineering work. | ||
|
||
Anything in production is housed in `production`. | ||
|
||
During development, compartments are an awesome way to start over. Simply delete the compartment you were working | ||
in, and all resources within the compartment are deleted. | ||
|
||
# Create a compartmnet | ||
|
||
This will create a compartment for you within the `engineering`. | ||
|
||
```console | ||
parent_compartment=$(oci iam compartment list --query 'data[?name==`"engineering"`].{compartment_id: "id"}' --output json | jq -r '.[0].compartment_id') | ||
oci iam compartment create --name $(whoami)-$(date +%Y%m%d) --description "development compartment" --compartment-id ${parent_compartment} | ||
``` | ||
|
||
# Delete a compartment | ||
|
||
Replace the OCID with the compartment id you wish to delete. Never delete `engineering`. | ||
|
||
```console | ||
oci iam compartment delete --compartment-id ocid1.compartment.oc1..aaaaaaaayh4wcewcyj4ns3no4eu6eyfwj3ncaexs73mz2c35cfdwv4xfeejq | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
|
||
# Deploy and use Kubernetes | ||
|
||
Initialize terraform: | ||
|
||
``` | ||
terraform init | ||
``` | ||
|
||
Create a Kubernetes deployment: | ||
|
||
``` | ||
terraform apply | ||
``` | ||
|
||
Destroy the Kubernetes deployment: | ||
|
||
``` | ||
terraform destroy | ||
``` | ||
|
||
When you create the Kubernetes deployment, an `ocid.cluster....` is printed. | ||
|
||
Set the OCID cluster enviornment variable: | ||
``` | ||
CLUSTER_OCID="value from terraform apply" | ||
``` | ||
|
||
Setup `kubectl` via `$HOME/.kube/config` | ||
|
||
``` | ||
oci ce cluster create-kubeconfig --cluster-id "${CLUSTER_OCID}" --file $HOME/.kube/config --region us-phoenix-1 --token-version 2.0.0 --kube-endpoint PUBLIC_ENDPOINT | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
locals { | ||
|
||
### | ||
# | ||
# Networking Configuration | ||
|
||
cni_type = "flannel" | ||
kubeproxy_mode = "iptables" | ||
create_drg = true | ||
|
||
|
||
### | ||
# | ||
# Kubernetes Control Plane Configuration | ||
|
||
create_cluster = true | ||
cluster_type = "basic" | ||
oke_control_plane = "public" | ||
control_plane_allowed_cidrs = ["0.0.0.0/0"] | ||
control_plane_is_public = true | ||
assign_public_ip_to_control_plane = true | ||
create_iam_resources = true | ||
|
||
|
||
### | ||
# | ||
# Kubernetes Worker Nodes Configuration | ||
|
||
worker_image_type = "oke" | ||
worker_pool_mode = "node-pool" | ||
allow_worker_ssh_access = false | ||
worker_pools = { | ||
np1 = { | ||
create = true, | ||
size = var.worker_nodes, | ||
shape = "VM.Standard.E4.Flex", | ||
ocpus = var.worker_cpu, | ||
memory = var.worker_memory, | ||
} | ||
} | ||
|
||
worker_cloud_init = [ | ||
{ | ||
content = <<-EOT | ||
runcmd: | ||
- 'echo "Kernel module configuration for Istio and worker node initialization"' | ||
- 'modprobe br_netfilter' | ||
- 'modprobe nf_nat' | ||
- 'modprobe xt_REDIRECT' | ||
- 'modprobe xt_owner' | ||
- 'modprobe iptable_nat' | ||
- 'modprobe iptable_mangle' | ||
- 'modprobe iptable_filter' | ||
- '/usr/libexec/oci-growfs -y' | ||
- 'timedatectl set-timezone Australia/Sydney' | ||
- 'curl --fail -H "Authorization: Bearer Oracle" -L0 http://169.254.169.254/opc/v2/instance/metadata/oke_init_script | base64 --decode >/var/run/oke-init.sh' | ||
- 'bash -x /var/run/oke-init.sh' | ||
EOT | ||
content_type = "text/cloud-config", | ||
} | ||
] | ||
|
||
### | ||
# | ||
# Extras | ||
|
||
create_bastion = false | ||
create_service_account = true | ||
create_operator = false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
module "kubernetes" { | ||
source = "git::https://github.com/oracle-terraform-modules/terraform-oci-oke" | ||
providers = { | ||
oci.home = oci | ||
} | ||
|
||
api_fingerprint = var.api_fingerprint | ||
api_private_key_path = var.api_private_key_path | ||
tenancy_id = var.tenancy_id | ||
compartment_id = var.compartment_id | ||
user_id = var.user_id | ||
vcn_cidrs = var.vcn_cidrs | ||
region = var.region | ||
kubernetes_version = var.kubernetes_version | ||
pods_cidr = var.pods_cidr | ||
services_cidr = var.services_cidr | ||
|
||
### | ||
# | ||
# Networking Configuration | ||
|
||
cni_type = local.cni_type | ||
kubeproxy_mode = local.kubeproxy_mode | ||
create_drg = local.create_drg | ||
|
||
|
||
### | ||
# | ||
# Kubernetes Control Plane Configuration | ||
|
||
create_cluster = local.create_cluster | ||
cluster_type = local.cluster_type | ||
control_plane_allowed_cidrs = local.control_plane_allowed_cidrs | ||
control_plane_is_public = local.control_plane_is_public | ||
assign_public_ip_to_control_plane = local.assign_public_ip_to_control_plane | ||
#create_iam_resources = local.create_iam_resources | ||
|
||
### | ||
# | ||
# Kubernetes Worker Nodes Configuration | ||
|
||
create_iam_resources = local.create_iam_resources | ||
worker_pool_mode = local.worker_pool_mode | ||
allow_worker_ssh_access = local.allow_worker_ssh_access | ||
worker_pools = local.worker_pools | ||
worker_cloud_init = local.worker_cloud_init | ||
|
||
### | ||
# | ||
# Extra nodes | ||
|
||
create_bastion = local.create_bastion | ||
create_operator = local.create_operator | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
output "cluster_ocid" { | ||
value = module.kubernetes.cluster_id | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# Copyright (c) 2024 Oracle Corporation and/or its affiliates. | ||
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl | ||
|
||
provider "oci" { | ||
fingerprint = var.api_fingerprint | ||
private_key_path = var.api_private_key_path | ||
region = var.region | ||
compartment_ocid = var.compartment_id | ||
tenancy_ocid = var.tenancy_id | ||
user_ocid = var.user_id | ||
alias = "home" | ||
ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
### | ||
# | ||
# Authentication | ||
|
||
api_fingerprint = "c6:1d:a5:54:c2:d2:67:26:6a:81:b8:e0:d2:f5:f7:a7" | ||
api_private_key_path = "/hoem/sdake/.oci/oci_api_key.pem" | ||
|
||
|
||
### | ||
# | ||
# Identity Management | ||
|
||
tenancy_id = "ocid1.tenancy.oc1..aaaaaaaa6vyjrctvv5ax3lzuah3ldtlnrvni6hxcqdzcfoxjw5stgu4vz32q" | ||
compartment_id = "ocid1.compartment.oc1..aaaaaaaaq6xqdldlmtkmkpypkhsjymplonmuvbfpdqfii7ezu6b23utwqtba" | ||
user_id = "ocid1.user.oc1..aaaaaaaa64i4tqgymgevje33u6tx7ejxgh2dipggg42lwikdr4f2ouwids5a" | ||
|
||
|
||
### | ||
# | ||
# Networking Configuration | ||
|
||
vcn_cidrs = ["10.1.0.0/16"] | ||
|
||
|
||
### | ||
# | ||
# Kubernetes Configuration | ||
|
||
region = "us-phoenix-1" | ||
kubernetes_version = "v1.30.1" | ||
worker_nodes = 2 | ||
worker_cpu = 2 | ||
worker_memory = 8 | ||
pods_cidr = "10.201.0.0/16" | ||
services_cidr = "10.101.0.0/16" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
### | ||
# | ||
# Authentication | ||
|
||
variable "api_fingerprint" { | ||
description = "Fingerprint of the API private key to use with OCI API." | ||
type = string | ||
} | ||
|
||
variable "api_private_key_path" { | ||
description = "The path to the OCI API private key pem file." | ||
type = string | ||
} | ||
|
||
#variable "ssh_private_key_path" { | ||
# description = "The path to ssh private key." | ||
# type = string | ||
#} | ||
|
||
#variable "ssh_public_key_path" { | ||
# description = "The path to ssh public key." | ||
# type = string | ||
#} | ||
|
||
### | ||
# | ||
# Identity Management | ||
|
||
variable "user_id" { | ||
description = "The id of the user that Terraform will use to create the resources." | ||
type = string | ||
} | ||
variable "tenancy_id" { | ||
description = "The tenancy id of the OCI Cloud Account in which to create the resources." | ||
type = string | ||
} | ||
|
||
variable "compartment_id" { | ||
description = "The compartment id where to create all resources." | ||
type = string | ||
} | ||
|
||
# this may not be needed | ||
#variable "home_region" { | ||
# description = "The home region for this compartment." | ||
# type = string | ||
#} | ||
|
||
|
||
### | ||
# | ||
# Cluster Networking Configuration | ||
|
||
# It would be cool to enhance this such that an array of clusters could be created. | ||
variable "vcn_cidrs" { | ||
description = "VCN CIDRs. I don't know how this is used" | ||
type = list | ||
} | ||
variable "pods_cidr" { | ||
description = "Network CIDR associated with PODs. Must be a /16 that does not overlap with other networks." | ||
type = string | ||
} | ||
|
||
variable "services_cidr" { | ||
description = "Services CIDR associated with Services. Must be a /16 tha does not overlap with other networks." | ||
type = string | ||
} | ||
|
||
# It would be cool to enhance this such that an array of clusters could be created. | ||
### | ||
# | ||
# Kubernetes Control Plane Configuration | ||
|
||
variable "region" { | ||
description = "Create Kubernetes in this region." | ||
type = string | ||
} | ||
|
||
variable "kubernetes_version" { | ||
default = "v1.30.1" | ||
description = "Create Kubernetes using this version." | ||
type = string | ||
} | ||
|
||
variable "worker_nodes" { | ||
default = "3" | ||
description = "Create Kubernetes with this worker node count." | ||
type = number | ||
} | ||
|
||
variable "worker_memory" { | ||
default = "16" | ||
description = "Create each worker with this much memory in gigabytes." | ||
type = number | ||
} | ||
|
||
variable "worker_cpu" { | ||
default = "4" | ||
description = "Create each worker with this many virtual CPUs." | ||
type = number | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
terraform { | ||
required_providers { | ||
oci = { | ||
source = "oracle/oci" | ||
} | ||
} | ||
required_version = ">= 1.0.0" | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not clear if vcn_cidrs needs to be set, or if it has sanitary defautls. I am also not sure why its a list.