-
Notifications
You must be signed in to change notification settings - Fork 0
/
c1.tf
114 lines (89 loc) · 3.58 KB
/
c1.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# Copyright (c) 2024 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
module "c1" {
source = "oracle-terraform-modules/oke/oci"
version = "5.1.1"
count = lookup(lookup(var.clusters, "c1"), "enabled") ? 1 : 0
home_region = lookup(local.regions, var.home_region)
region = lookup(local.regions, lookup(lookup(var.clusters, "c1"), "region"))
tenancy_id = var.tenancy_id
# general oci parameters
compartment_id = var.compartment_id
# ssh keys
ssh_private_key_path = var.ssh_private_key_path
ssh_public_key_path = var.ssh_public_key_path
# networking
create_drg = var.oke_control_plane == "private" ? true : false
drg_display_name = "c1"
remote_peering_connections = var.oke_control_plane == "private" ? {
for k, v in var.clusters : "rpc-to-${k}" => {} if k != "c1"
} : {}
nat_gateway_route_rules = var.oke_control_plane == "private" ? [
for k, v in var.clusters :
{
destination = lookup(v, "vcn")
destination_type = "CIDR_BLOCK"
network_entity_id = "drg"
description = "Routing to allow connectivity to ${title(k)} cluster"
} if k != "c1"
] : []
vcn_cidrs = [lookup(lookup(var.clusters, "c1"), "vcn")]
vcn_dns_label = "c1"
vcn_name = "c1"
#subnets
subnets = {
bastion = { newbits = 13, netnum = 0, dns_label = "bastion" }
operator = { newbits = 13, netnum = 1, dns_label = "operator" }
cp = { newbits = 13, netnum = 2, dns_label = "cp" }
int_lb = { newbits = 11, netnum = 16, dns_label = "ilb" }
pub_lb = { newbits = 11, netnum = 17, dns_label = "plb" }
workers = { newbits = 2, netnum = 1, dns_label = "workers" }
pods = { newbits = 2, netnum = 2, dns_label = "pods" }
}
# bastion host
create_bastion = true
bastion_allowed_cidrs = ["0.0.0.0/0"]
bastion_upgrade = false
# operator host
create_operator = true
operator_upgrade = false
create_iam_resources = true
create_iam_operator_policy = "always"
operator_install_k9s = true
# oke cluster options
cluster_name = "c1"
cluster_type = var.cluster_type
cni_type = var.preferred_cni
control_plane_is_public = var.oke_control_plane == "public"
control_plane_allowed_cidrs = [local.anywhere]
kubernetes_version = var.kubernetes_version
pods_cidr = lookup(lookup(var.clusters, "c1"), "pods")
services_cidr = lookup(lookup(var.clusters, "c1"), "services")
# node pools
allow_worker_ssh_access = true
kubeproxy_mode = "iptables"
worker_pool_mode = "node-pool"
worker_pools = var.nodepools
worker_cloud_init = local.worker_cloud_init
worker_image_type = "oke"
# oke load balancers
load_balancers = "both"
preferred_load_balancer = "public"
allow_rules_internal_lb = {
for p in local.service_mesh_ports :
format("Allow ingress to port %v", p) => {
protocol = local.tcp_protocol, port = p, source = lookup(lookup(var.clusters, "c2"), "vcn"), source_type = local.rule_type_cidr,
}
}
allow_rules_public_lb = {
for p in local.public_lb_allowed_ports :
format("Allow ingress to port %v", p) => {
protocol = local.tcp_protocol, port = p, source = "0.0.0.0/0", source_type = local.rule_type_cidr,
}
}
user_id = var.user_id
providers = {
oci = oci.c1
oci.home = oci.home
}
}