artificialwisdomai · sdake · Aug 15, 2024 · Aug 15, 2024 · Aug 15, 2024 · sdake
@@ -0,0 +1,2 @@
+# Configure OCI
+
@@ -0,0 +1,13 @@
+# https://docs.oracle.com/en-us/iaas/developer-tutorials/tutorials/tf-provider/01-summary.htm
+mkdir $HOME/.oci
+chmod 700 $HOME/.oci
+openssl genrsa -out $HOME/.oci/steve_private.pem 2048
+chmod 600 $HOME/.oci/steve_private.pem
+openssl rsa -pubout -in $HOME/.oci/steve_private.pem -out $HOME/.oci/steve_public.pem
+cat $HOME/.oci/steve_public.pem
+
+# Configure OCI cloud
+oci setup config
+
+# manually copy config variables to 01_kubernetes/terraform.tfvars
+echo configure 01_kubernetes/terraform.tfvars
@@ -0,0 +1,27 @@
+# Using compartments
+
+Compartments are the fundamental IAM feature used by Oracle Cloud to isolate cloud resources. Compartments
+can have children in a tree structure, or be simpler with a depth of one. We use the `engineering` compartment
+to house all engineering work.
+
+Anything in production is housed in `production`.
+
+During development, compartments are an awesome way to start over. Simply delete the compartment you were working
+in, and all resources within the compartment are deleted.
+
+# Create a compartmnet
+
+This will create a compartment for you within the `engineering`.
+
+```console
+parent_compartment=$(oci iam compartment list --query 'data[?name==`"engineering"`].{compartment_id: "id"}' --output json | jq -r '.[0].compartment_id')
+oci iam compartment create --name $(whoami)-$(date +%Y%m%d) --description "development compartment" --compartment-id ${parent_compartment}
+```
+
+# Delete a compartment
+
+Replace the OCID with the compartment id you wish to delete. Never delete `engineering`.
+
+```console
+oci iam compartment delete --compartment-id ocid1.compartment.oc1..aaaaaaaayh4wcewcyj4ns3no4eu6eyfwj3ncaexs73mz2c35cfdwv4xfeejq
+```
@@ -0,0 +1,33 @@
+
+# Deploy and use Kubernetes
+
+Initialize terraform:
+
+```
+terraform init
+```
+
+Create a Kubernetes deployment:
+
+```
+terraform apply
+```
+
+Destroy the Kubernetes deployment:
+
+```
+terraform destroy
+```
+
+When you create the Kubernetes deployment, an `ocid.cluster....` is printed.
+
+Set the OCID cluster enviornment variable:
+```
+CLUSTER_OCID="value from terraform apply"
+```
+
+Setup `kubectl` via `$HOME/.kube/config`
+
+```
+oci ce cluster create-kubeconfig --cluster-id "${CLUSTER_OCID}" --file $HOME/.kube/config --region us-phoenix-1 --token-version 2.0.0  --kube-endpoint PUBLIC_ENDPOINT
+```
@@ -0,0 +1,70 @@
+locals {
+
+    ###
+    #
+    # Networking Configuration
+
+    cni_type                     = "flannel"
+    kubeproxy_mode               = "iptables"
+    create_drg                   = true
+
+
+    ###
+    #
+    # Kubernetes Control Plane Configuration
+
+    create_cluster                    = true
+    cluster_type                      = "basic"
+    oke_control_plane                 = "public"
+    control_plane_allowed_cidrs       = ["0.0.0.0/0"]
+    control_plane_is_public           = true
+    assign_public_ip_to_control_plane = true
+    create_iam_resources              = true
+
+
+    ###
+    #
+    # Kubernetes Worker Nodes Configuration
+
+    worker_image_type       = "oke"
+    worker_pool_mode        = "node-pool"
+    allow_worker_ssh_access = false
+    worker_pools            = {
+        np1 = {
+            create           = true,
+            size             = var.worker_nodes,
+            shape            = "VM.Standard.E4.Flex",
+            ocpus            = var.worker_cpu,
+            memory           = var.worker_memory,
+         }
+    }
+
+    worker_cloud_init = [
+        {
+            content      = <<-EOT
+            runcmd:
+            - 'echo "Kernel module configuration for Istio and worker node initialization"'
+            - 'modprobe br_netfilter'
+            - 'modprobe nf_nat'
+            - 'modprobe xt_REDIRECT'
+            - 'modprobe xt_owner'
+            - 'modprobe iptable_nat'
+            - 'modprobe iptable_mangle'
+            - 'modprobe iptable_filter'
+            - '/usr/libexec/oci-growfs -y'
+            - 'timedatectl set-timezone Australia/Sydney'
+            - 'curl --fail -H "Authorization: Bearer Oracle" -L0 http://169.254.169.254/opc/v2/instance/metadata/oke_init_script | base64 --decode >/var/run/oke-init.sh'
+            - 'bash -x /var/run/oke-init.sh'
+            EOT
+              content_type = "text/cloud-config",
+        }
+    ]
+
+    ###
+    #
+    # Extras
+
+    create_bastion = false
+    create_service_account = true
+    create_operator = false
+}
@@ -0,0 +1,54 @@
+module "kubernetes" {
+    source = "git::https://github.com/oracle-terraform-modules/terraform-oci-oke"
+    providers = {
+        oci.home = oci
+    }
+
+    api_fingerprint      = var.api_fingerprint
+    api_private_key_path = var.api_private_key_path
+    tenancy_id           = var.tenancy_id
+    compartment_id       = var.compartment_id
+    user_id              = var.user_id
+    vcn_cidrs            = var.vcn_cidrs
+    region               = var.region
+    kubernetes_version   = var.kubernetes_version
+    pods_cidr            = var.pods_cidr
+    services_cidr        = var.services_cidr
+
+    ###
+    #
+    # Networking Configuration
+
+    cni_type = local.cni_type
+    kubeproxy_mode               = local.kubeproxy_mode
+    create_drg                   = local.create_drg
+
+
+    ###
+    #
+    # Kubernetes Control Plane Configuration
+
+    create_cluster = local.create_cluster
+    cluster_type = local.cluster_type
+    control_plane_allowed_cidrs = local.control_plane_allowed_cidrs
+    control_plane_is_public = local.control_plane_is_public
+    assign_public_ip_to_control_plane = local.assign_public_ip_to_control_plane
+    #create_iam_resources = local.create_iam_resources
+
+    ###
+    #
+    # Kubernetes Worker Nodes Configuration
+
+    create_iam_resources = local.create_iam_resources
+    worker_pool_mode = local.worker_pool_mode
+    allow_worker_ssh_access = local.allow_worker_ssh_access
+    worker_pools = local.worker_pools
+    worker_cloud_init = local.worker_cloud_init
+
+    ###
+    #
+    # Extra nodes
+
+    create_bastion = local.create_bastion
+    create_operator = local.create_operator
+}
@@ -0,0 +1,3 @@
+output "cluster_ocid" {
+    value = module.kubernetes.cluster_id
+}
@@ -0,0 +1,13 @@
+# Copyright (c) 2024 Oracle Corporation and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+
+provider "oci" {
+  fingerprint         = var.api_fingerprint
+  private_key_path    = var.api_private_key_path
+  region              = var.region
+  compartment_ocid    = var.compartment_id
+  tenancy_ocid        = var.tenancy_id
+  user_ocid           = var.user_id
+  alias               = "home"
+  ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"]
+}
@@ -0,0 +1,35 @@
+###
+#
+# Authentication
+
+api_fingerprint      = "c6:1d:a5:54:c2:d2:67:26:6a:81:b8:e0:d2:f5:f7:a7"
+api_private_key_path = "/hoem/sdake/.oci/oci_api_key.pem"
+
+
+###
+#
+# Identity Management
+
+tenancy_id     = "ocid1.tenancy.oc1..aaaaaaaa6vyjrctvv5ax3lzuah3ldtlnrvni6hxcqdzcfoxjw5stgu4vz32q"
+compartment_id = "ocid1.compartment.oc1..aaaaaaaaq6xqdldlmtkmkpypkhsjymplonmuvbfpdqfii7ezu6b23utwqtba"
+user_id        = "ocid1.user.oc1..aaaaaaaa64i4tqgymgevje33u6tx7ejxgh2dipggg42lwikdr4f2ouwids5a"
+
+
+###
+#
+# Networking Configuration
+
+vcn_cidrs     = ["10.1.0.0/16"]
+
+
+###
+#
+# Kubernetes Configuration
+
+region             = "us-phoenix-1"
+kubernetes_version = "v1.30.1"
+worker_nodes       = 2
+worker_cpu         = 2
+worker_memory      = 8
+pods_cidr          = "10.201.0.0/16"
+services_cidr      = "10.101.0.0/16"
@@ -0,0 +1,101 @@
+###
+#
+# Authentication
+
+variable "api_fingerprint" {
+  description = "Fingerprint of the API private key to use with OCI API."
+  type        = string
+}
+
+variable "api_private_key_path" {
+  description = "The path to the OCI API private key pem file."
+  type        = string
+}
+
+#variable "ssh_private_key_path" {
+#  description = "The path to ssh private key."
+#  type        = string
+#}
+
+#variable "ssh_public_key_path" {
+#  description = "The path to ssh public key."
+#  type        = string
+#}
+
+###
+#
+# Identity Management
+
+variable "user_id" {
+  description = "The id of the user that Terraform will use to create the resources."
+  type        = string
+}
+variable "tenancy_id" {
+  description = "The tenancy id of the OCI Cloud Account in which to create the resources."
+  type        = string
+}
+
+variable "compartment_id" {
+  description = "The compartment id where to create all resources."
+  type        = string
+}
+
+# this may not be needed
+#variable "home_region" {
+#  description = "The home region for this compartment."
+#  type        = string
+#}
+
+
+###
+#
+# Cluster Networking Configuration
+
+# It would be cool to enhance this such that an array of clusters could be created.
+variable "vcn_cidrs" {
+    description = "VCN CIDRs. I don't know how this is used"
+    type        = list
+}
+variable "pods_cidr" {
+    description = "Network CIDR associated with PODs. Must be a /16 that does not overlap with other networks."
+    type        = string
+}
+
+variable "services_cidr" {
+    description = "Services CIDR associated with Services. Must be a /16 tha does not overlap with other networks."
+    type        = string
+}
+
+# It would be cool to enhance this such that an array of clusters could be created.
+###
+#
+# Kubernetes Control Plane Configuration
+
+variable "region" {
+  description = "Create Kubernetes in this region."
+  type        = string
+}
+
+variable "kubernetes_version" {
+  default     = "v1.30.1"
+  description = "Create Kubernetes using this version."
+  type        = string
+}
+
+variable "worker_nodes" {
+  default     = "3"
+  description = "Create Kubernetes with this worker node count."
+  type        = number
+}
+
+variable "worker_memory" {
+  default     = "16"
+  description = "Create each worker with this much memory in gigabytes."
+  type        = number
+}
+
+variable "worker_cpu" {
+  default     = "4"
+  description = "Create each worker with this many virtual CPUs."
+  type        = number
+}
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    oci = {
+      source = "oracle/oci"
+    }
+  }
+  required_version = ">= 1.0.0"
+}