diff --git a/bashsource.tf b/bashsource.tf index e669e00..8a9c4b7 100644 --- a/bashsource.tf +++ b/bashsource.tf @@ -1,6 +1,6 @@ resource null_resource "build_source" { provisioner "local-exec" { - command = "echo \"export KUBECONFIG=${path.module}/generated/kubeconfig\" > source.sh " + command = "echo \"export KUBECONFIG=${path.root}/generated/kubeconfig\" > ${var.label_prefix}source.sh" } } @@ -17,7 +17,7 @@ resource null_resource "etcd-ad1" { } provisioner "local-exec" { - command = "echo 'alias ${var.label_prefix}etcdad1-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad1.instance_public_ips, count.index)}\"' >> source.sh" + command = "echo 'alias ${var.label_prefix}etcdad1-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad1.instance_public_ips, count.index)}\"' >> source.sh" } } @@ -34,7 +34,7 @@ resource null_resource "etcd-ad2" { } provisioner "local-exec" { - command = "echo 'alias ${var.label_prefix}etcdad2-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad2.instance_public_ips, count.index)}\"' >> source.sh" + command = "echo 'alias ${var.label_prefix}etcdad2-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad2.instance_public_ips, count.index)}\"' >> source.sh" } } @@ -51,7 +51,7 @@ resource null_resource "etcd-ad3" { } provisioner "local-exec" { - command = "echo 'alias ${var.label_prefix}etcad3-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad3.instance_public_ips, count.index)}\"' >> source.sh" + command = "echo 'alias ${var.label_prefix}etcad3-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad3.instance_public_ips, count.index)}\"' >> source.sh" } } @@ -71,7 +71,7 @@ resource null_resource "k8smaster-ad1" { } provisioner "local-exec" { - command = "echo 'alias ${var.label_prefix}masterad1-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad1.public_ips, count.index)}\"' >> source.sh" + command = "echo 'alias ${var.label_prefix}masterad1-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad1.public_ips, count.index)}\"' >> source.sh" } } @@ -87,7 +87,7 @@ resource null_resource "k8smaster-ad2" { } provisioner "local-exec" { - command = "echo 'alias ${var.label_prefix}masterad2-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad2.public_ips, count.index)}\"' >> source.sh" + command = "echo 'alias ${var.label_prefix}masterad2-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad2.public_ips, count.index)}\"' >> source.sh" } } @@ -104,7 +104,7 @@ resource null_resource "k8smaster-ad3" { } provisioner "local-exec" { - command = "echo 'alias ${var.label_prefix}masterad3-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad3.public_ips, count.index)}\"' >> source.sh" + command = "echo 'alias ${var.label_prefix}masterad3-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad3.public_ips, count.index)}\"' >> source.sh" } } @@ -112,7 +112,7 @@ resource null_resource "k8sworker-ad1" { count = "${var.k8sWorkerAd1Count}" depends_on = [ "module.instances-k8sworker-ad1", - ] + ] triggers { worker_id = "${element(module.instances-k8sworker-ad1.ids, count.index)}" @@ -120,7 +120,7 @@ resource null_resource "k8sworker-ad1" { } provisioner "local-exec" { - command = "echo 'alias ${var.label_prefix}workerad1-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad1.public_ips, count.index)}\"' >> source.sh" + command = "echo 'alias ${var.label_prefix}workerad1-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad1.public_ips, count.index)}\"' >> source.sh" } } @@ -136,7 +136,7 @@ resource null_resource "k8sworker-ad2" { } provisioner "local-exec" { - command = "echo 'alias ${var.label_prefix}workerad2-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad2.public_ips, count.index)}\"' >> source.sh" + command = "echo 'alias ${var.label_prefix}workerad2-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad2.public_ips, count.index)}\"' >> source.sh" } } @@ -153,7 +153,7 @@ resource null_resource "k8sworker-ad3" { } provisioner "local-exec" { - command = "echo 'alias ${var.label_prefix}workerad3-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad3.public_ips, count.index)}\"' >> source.sh" + command = "echo 'alias ${var.label_prefix}workerad3-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad3.public_ips, count.index)}\"' >> source.sh" } } diff --git a/docs/input-variables.md b/docs/input-variables.md index cf6f81e..ebf4515 100644 --- a/docs/input-variables.md +++ b/docs/input-variables.md @@ -15,6 +15,16 @@ region | us-phoenix-1 | String value of ## Optional Input Variables: +### VCN Configuration + +By deafult a VCN, an Internet Gateway and a public route table out this gatewat will be created and used. If you wish to use an existing VCN then set the following variables. When using an existing VCN you need to make sure that the subnet ranges and DNS labels specified in the variables 'network_cidrs' and 'network_subnet_dns' do not overlap with existing values. + +name | default | +------------------------------------|-------------------------|------------ +vcn_id | "" (Optional) | The VCN OCID to use to configure all subnets with +vcn_dhcp_options_id | "" (Optional) | The DCHP options of the VCN to use when creating subnets +public_routetable_id | "" (Optional) | The routetable OCID that has access to the public internet via a Internet Gateway + ### Compute Instance Configuration name | default | description ------------------------------------|-------------------------|------------ @@ -101,6 +111,7 @@ control_plane_subnet_access | public | Whether instances in the con k8s_master_lb_access | public | Whether the Kubernetes Master Load Balancer is launched in a public or private subnets etcd_lb_access | private | Whether the etcd Load Balancer is launched in a public or private subnets + #### _Public_ Network Access (default) ![](./images/public_cp_subnet_access.jpg) @@ -111,7 +122,9 @@ The following input variables are used to configure the inbound security rules o name | default | description ------------------------------------|-------------------------|------------ -network_cidrs | See map in variables.tf | A CIDR notation IP range of the VCN and its subnets. +vcn_cidr | 10.0.0.0/16 | The A CIDR notation IP range of the VCN +network_cidrs | See map in variables.tf | A CIDR notation IP range of the subnets within the VCN. +network_subnet_dns | See map in variables.tf | A DNS label for each of the subnets in the VCN (Max 15 characters) etcd_cluster_ingress | 10.0.0.0/16 (VCN only) | A CIDR notation IP range that is allowed to access the etcd cluster. Must be a subset of the VCN CIDR. etcd_ssh_ingress | 10.0.0.0/16 (VCN only) | A CIDR notation IP range that is allowed to SSH to etcd nodes. Must be a subset of the VCN CIDR. master_ssh_ingress | 10.0.0.0/16 (VCN only) | A CIDR notation IP range that is allowed to access the master(s). Must be a subset of the VCN CIDR. diff --git a/k8s-oci.tf b/k8s-oci.tf index 4560e86..22e37ab 100644 --- a/k8s-oci.tf +++ b/k8s-oci.tf @@ -1,19 +1,4 @@ -locals { - master_lb_ip = "${var.master_oci_lb_enabled == "true" ? element(concat(flatten(module.k8smaster-public-lb.ip_addresses), list("")), 0) : "127.0.0.1"}" - master_lb_address = "${format("https://%s:%s", local.master_lb_ip, var.master_oci_lb_enabled == "true" ? "443" : "6443")}" - - reverse_proxy_clount_init = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.clount_init}" - reverse_proxy_setup = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.setup}" - - etcd_endpoints = "${var.etcd_lb_enabled == "true" ? - join(",",formatlist("http://%s:2379", module.etcd-lb.ip_addresses)) : - join(",",formatlist("http://%s:2379", compact(concat( - module.instances-etcd-ad1.private_ips, - module.instances-etcd-ad2.private_ips, - module.instances-etcd-ad3.private_ips)))) }" -} - ### CA and Cluster Certificates module "k8s-tls" { @@ -31,10 +16,25 @@ module "k8s-tls" { ### Virtual Cloud Network module "vcn" { + create_vcn = "${var.vcn_id == "" ? "true" : "false"}" source = "./network/vcn" compartment_ocid = "${var.compartment_ocid}" label_prefix = "${var.label_prefix}" + vcn_dns_name = "${var.vcn_dns_name}" + vcn_cidr = "${var.vcn_cidr}" +} + + +module "subnets" { + source = "./network/subnets" + compartment_ocid = "${var.compartment_ocid}" + label_prefix = "${var.label_prefix}" tenancy_ocid = "${var.tenancy_ocid}" + + # Use a existing VCN and public route table and dhcp options + vcn_id = "${var.vcn_id == "" ? join(" ",module.vcn.vcn_id) : var.vcn_id}" + dhcp_options_id = "${var.vcn_id == "" ? join(" ",module.vcn.vcn_dhcp_options_id) : var.vcn_dhcp_options_id}" + public_routetable_id = "${var.vcn_id == "" ? join(" ",module.vcn.public_routetable_id) : var.public_routetable_id}" vcn_dns_name = "${var.vcn_dns_name}" additional_etcd_security_lists_ids = "${var.additional_etcd_security_lists_ids}" additional_k8smaster_security_lists_ids = "${var.additional_k8s_master_security_lists_ids}" @@ -61,6 +61,7 @@ module "vcn" { master_nodeport_ingress = "${var.master_nodeport_ingress}" external_icmp_ingress = "${var.external_icmp_ingress}" internal_icmp_ingress = "${var.internal_icmp_ingress}" + network_subnet_dns = "${var.network_subnet_dns}" } module "oci-cloud-controller" { @@ -77,14 +78,14 @@ module "oci-cloud-controller" { // var.cloud_controller_user_private_key_path has been provided but has an empty password cloud_controller_user_private_key_password = "${var.cloud_controller_user_private_key_path == "" ? var.private_key_password : var.cloud_controller_user_private_key_password}" - subnet1 = "${element(module.vcn.ccmlb_subnet_ad1_id,0)}" - subnet2 = "${element(module.vcn.ccmlb_subnet_ad2_id,0)}" + subnet1 = "${element(module.subnets.ccmlb_subnet_ad1_id,0)}" + subnet2 = "${element(module.subnets.ccmlb_subnet_ad2_id,0)}" } module "oci-flexvolume-driver" { source = "./kubernetes/oci-flexvolume-driver" tenancy = "${var.tenancy_ocid}" - vcn = "${module.vcn.id}" + vcn = "${module.subnets.id}" flexvolume_driver_user_ocid = "${var.flexvolume_driver_user_ocid == "" ? var.user_ocid : var.flexvolume_driver_user_ocid}" flexvolume_driver_user_fingerprint = "${var.flexvolume_driver_user_fingerprint == "" ? var.fingerprint : var.flexvolume_driver_user_fingerprint}" @@ -128,7 +129,7 @@ module "instances-etcd-ad1" { shape = "${var.etcdShape}" ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}" network_cidrs = "${var.network_cidrs}" - subnet_id = "${module.vcn.etcd_subnet_ad1_id}" + subnet_id = "${module.subnets.etcd_subnet_ad1_id}" subnet_name = "etcdSubnetAD1" tenancy_ocid = "${var.compartment_ocid}" etcd_docker_max_log_size = "${var.etcd_docker_max_log_size}" @@ -156,7 +157,7 @@ module "instances-etcd-ad2" { shape = "${var.etcdShape}" ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}" network_cidrs = "${var.network_cidrs}" - subnet_id = "${module.vcn.etcd_subnet_ad2_id}" + subnet_id = "${module.subnets.etcd_subnet_ad2_id}" subnet_name = "etcdSubnetAD2" tenancy_ocid = "${var.compartment_ocid}" etcd_docker_max_log_size = "${var.etcd_docker_max_log_size}" @@ -186,7 +187,7 @@ module "instances-etcd-ad3" { shape = "${var.etcdShape}" ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}" network_cidrs = "${var.network_cidrs}" - subnet_id = "${module.vcn.etcd_subnet_ad3_id}" + subnet_id = "${module.subnets.etcd_subnet_ad3_id}" subnet_name = "etcdSubnetAD3" tenancy_ocid = "${var.compartment_ocid}" etcd_docker_max_log_size = "${var.etcd_docker_max_log_size}" @@ -225,7 +226,7 @@ module "instances-k8smaster-ad1" { ssh_private_key = "${module.k8s-tls.ssh_private_key}" ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}" network_cidrs = "${var.network_cidrs}" - subnet_id = "${module.vcn.k8smaster_subnet_ad1_id}" + subnet_id = "${module.subnets.k8smaster_subnet_ad1_id}" subnet_name = "masterSubnetAD1" tenancy_ocid = "${var.compartment_ocid}" cloud_controller_version = "${var.cloud_controller_version}" @@ -267,7 +268,7 @@ module "instances-k8smaster-ad2" { ssh_private_key = "${module.k8s-tls.ssh_private_key}" ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}" network_cidrs = "${var.network_cidrs}" - subnet_id = "${module.vcn.k8smaster_subnet_ad2_id}" + subnet_id = "${module.subnets.k8smaster_subnet_ad2_id}" subnet_name = "masterSubnetAD2" tenancy_ocid = "${var.compartment_ocid}" cloud_controller_version = "${var.cloud_controller_version}" @@ -309,7 +310,7 @@ module "instances-k8smaster-ad3" { ssh_private_key = "${module.k8s-tls.ssh_private_key}" ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}" network_cidrs = "${var.network_cidrs}" - subnet_id = "${module.vcn.k8smaster_subnet_ad3_id}" + subnet_id = "${module.subnets.k8smaster_subnet_ad3_id}" subnet_name = "masterSubnetAD3" tenancy_ocid = "${var.compartment_ocid}" cloud_controller_version = "${var.cloud_controller_version}" @@ -350,7 +351,7 @@ module "instances-k8sworker-ad1" { shape = "${var.k8sWorkerShape}" ssh_private_key = "${module.k8s-tls.ssh_private_key}" ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}" - subnet_id = "${module.vcn.k8worker_subnet_ad1_id}" + subnet_id = "${module.subnets.k8worker_subnet_ad1_id}" tenancy_ocid = "${var.compartment_ocid}" flexvolume_driver_version = "${var.flexvolume_driver_version}" etcd_endpoints = "${local.etcd_endpoints}" @@ -387,7 +388,7 @@ module "instances-k8sworker-ad2" { shape = "${var.k8sWorkerShape}" ssh_private_key = "${module.k8s-tls.ssh_private_key}" ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}" - subnet_id = "${module.vcn.k8worker_subnet_ad2_id}" + subnet_id = "${module.subnets.k8worker_subnet_ad2_id}" tenancy_ocid = "${var.compartment_ocid}" flexvolume_driver_version = "${var.flexvolume_driver_version}" etcd_endpoints = "${local.etcd_endpoints}" @@ -424,7 +425,7 @@ module "instances-k8sworker-ad3" { shape = "${var.k8sWorkerShape}" ssh_private_key = "${module.k8s-tls.ssh_private_key}" ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}" - subnet_id = "${module.vcn.k8worker_subnet_ad3_id}" + subnet_id = "${module.subnets.k8worker_subnet_ad3_id}" tenancy_ocid = "${var.compartment_ocid}" flexvolume_driver_version = "${var.flexvolume_driver_version}" etcd_endpoints = "${local.etcd_endpoints}" @@ -442,8 +443,8 @@ module "etcd-lb" { is_private = "${var.etcd_lb_access == "private" ? "true": "false"}" # Handle case where var.etcd_lb_access=public, but var.control_plane_subnet_access=private - etcd_subnet_0_id = "${var.etcd_lb_access == "private" ? module.vcn.etcd_subnet_ad1_id: coalesce(join(" ", module.vcn.public_subnet_ad1_id), join(" ", list(module.vcn.etcd_subnet_ad1_id)))}" - etcd_subnet_1_id = "${var.etcd_lb_access == "private" ? "": coalesce(join(" ", module.vcn.public_subnet_ad2_id), join(" ", list(module.vcn.etcd_subnet_ad2_id)))}" + etcd_subnet_0_id = "${var.etcd_lb_access == "private" ? module.subnets.etcd_subnet_ad1_id: coalesce(join(" ", module.subnets.public_subnet_ad1_id), join(" ", list(module.subnets.etcd_subnet_ad1_id)))}" + etcd_subnet_1_id = "${var.etcd_lb_access == "private" ? "": coalesce(join(" ", module.subnets.public_subnet_ad2_id), join(" ", list(module.subnets.etcd_subnet_ad2_id)))}" etcd_ad1_private_ips = "${module.instances-etcd-ad1.private_ips}" etcd_ad2_private_ips = "${module.instances-etcd-ad2.private_ips}" etcd_ad3_private_ips = "${module.instances-etcd-ad3.private_ips}" @@ -461,8 +462,8 @@ module "k8smaster-public-lb" { is_private = "${var.k8s_master_lb_access == "private" ? "true": "false"}" # Handle case where var.k8s_master_lb_access=public, but var.control_plane_subnet_access=private - k8smaster_subnet_0_id = "${var.k8s_master_lb_access == "private" ? module.vcn.k8smaster_subnet_ad1_id: coalesce(join(" ", module.vcn.public_subnet_ad1_id), join(" ", list(module.vcn.k8smaster_subnet_ad1_id)))}" - k8smaster_subnet_1_id = "${var.k8s_master_lb_access == "private" ? "": coalesce(join(" ", module.vcn.public_subnet_ad2_id), join(" ", list(module.vcn.k8smaster_subnet_ad2_id)))}" + k8smaster_subnet_0_id = "${var.k8s_master_lb_access == "private" ? module.subnets.k8smaster_subnet_ad1_id: coalesce(join(" ", module.subnets.public_subnet_ad1_id), join(" ", list(module.subnets.k8smaster_subnet_ad1_id)))}" + k8smaster_subnet_1_id = "${var.k8s_master_lb_access == "private" ? "": coalesce(join(" ", module.subnets.public_subnet_ad2_id), join(" ", list(module.subnets.k8smaster_subnet_ad2_id)))}" k8smaster_ad1_private_ips = "${module.instances-k8smaster-ad1.private_ips}" k8smaster_ad2_private_ips = "${module.instances-k8smaster-ad2.private_ips}" k8smaster_ad3_private_ips = "${module.instances-k8smaster-ad3.private_ips}" @@ -484,3 +485,20 @@ module "kubeconfig" { api_server_cert_pem = "${module.k8s-tls.api_server_cert_pem}" k8s_master = "${var.master_oci_lb_enabled == "true" ? local.master_lb_address : format("https://%s:%s", element(coalescelist(module.instances-k8smaster-ad1.public_ips, module.instances-k8smaster-ad2.public_ips, module.instances-k8smaster-ad3.public_ips), 0), "443")}" } + + + +locals { + master_lb_ip = "${var.master_oci_lb_enabled == "true" ? element(concat(flatten(module.k8smaster-public-lb.ip_addresses), list("")), 0) : "127.0.0.1"}" + master_lb_address = "${format("https://%s:%s", local.master_lb_ip, var.master_oci_lb_enabled == "true" ? "443" : "6443")}" + + reverse_proxy_clount_init = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.clount_init}" + reverse_proxy_setup = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.setup}" + + etcd_endpoints = "${var.etcd_lb_enabled == "true" ? + join(",",formatlist("http://%s:2379", module.etcd-lb.ip_addresses)) : + join(",",formatlist("http://%s:2379", compact(concat( + module.instances-etcd-ad1.private_ips, + module.instances-etcd-ad2.private_ips, + module.instances-etcd-ad3.private_ips)))) }" +} diff --git a/network/vcn/cloud_init/bootstrap.template.yaml b/network/subnets/cloud_init/bootstrap.template.yaml similarity index 100% rename from network/vcn/cloud_init/bootstrap.template.yaml rename to network/subnets/cloud_init/bootstrap.template.yaml diff --git a/network/vcn/datasources.tf b/network/subnets/datasources.tf similarity index 100% rename from network/vcn/datasources.tf rename to network/subnets/datasources.tf diff --git a/network/vcn/natinstance.tf b/network/subnets/natinstance.tf similarity index 100% rename from network/vcn/natinstance.tf rename to network/subnets/natinstance.tf diff --git a/network/vcn/outputs.tf b/network/subnets/outputs.tf similarity index 90% rename from network/vcn/outputs.tf rename to network/subnets/outputs.tf index 0eb970b..c5c4c2a 100644 --- a/network/vcn/outputs.tf +++ b/network/subnets/outputs.tf @@ -1,5 +1,5 @@ output "id" { - value = "${oci_core_virtual_network.CompleteVCN.id}" + value = "${var.vcn_id}" } output "etcd_subnet_ad1_id" { @@ -104,10 +104,3 @@ output "control_plane_subnet_access" { value = "${var.control_plane_subnet_access}" } -output "route_for_complete_id" { - value = "${oci_core_route_table.PublicRouteTable.id}" -} - -output "dhcp_options_id" { - value = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" -} diff --git a/network/subnets/routes.tf b/network/subnets/routes.tf new file mode 100644 index 0000000..e1c0363 --- /dev/null +++ b/network/subnets/routes.tf @@ -0,0 +1,47 @@ +resource "oci_core_route_table" "NATInstanceAD1RouteTable" { + # Provisioned only when k8s instances in AD1 are in private subnets + count = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad1_enabled == "true") ? "1" : "0"}" + compartment_id = "${var.compartment_ocid}" + vcn_id = "${var.vcn_id}" + display_name = "NATInstanceAD1RouteTable" + + route_rules { + # All traffic leaving the subnet needs to go to route target. + cidr_block = "0.0.0.0/0" + + # Private IP route target for instances on private AD1 subnets + network_entity_id = "${data.oci_core_private_ips.NATInstanceAD1PrivateIPDatasource.private_ips.0.id}" + } +} + +resource "oci_core_route_table" "NATInstanceAD2RouteTable" { + # Provisioned only when k8s instances in AD2 are in private subnets + count = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad2_enabled == "true") ? "1" : "0"}" + compartment_id = "${var.compartment_ocid}" + vcn_id = "${var.vcn_id}" + display_name = "NATInstanceAD2RouteTable" + + route_rules { + # All traffic leaving the subnet needs to go to route target. + cidr_block = "0.0.0.0/0" + + # Private IP route target for instances on private AD2 subnets + network_entity_id = "${data.oci_core_private_ips.NATInstanceAD2PrivateIPDatasource.private_ips.0.id}" + } +} + +resource "oci_core_route_table" "NATInstanceAD3RouteTable" { + # Provisioned only when k8s instances in AD3 are in private subnets + count = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad3_enabled == "true") ? "1" : "0"}" + compartment_id = "${var.compartment_ocid}" + vcn_id = "${var.vcn_id}" + display_name = "NATInstanceAD3RouteTable" + + route_rules { + # All traffic leaving the subnet needs to go to route target. + cidr_block = "0.0.0.0/0" + + # Private IP route target for instances on private AD3 subnets + network_entity_id = "${data.oci_core_private_ips.NATInstanceAD3PrivateIPDatasource.private_ips.0.id}" + } +} diff --git a/network/vcn/securitylists.tf b/network/subnets/securitylists.tf similarity index 95% rename from network/vcn/securitylists.tf rename to network/subnets/securitylists.tf index fe67405..372a043 100644 --- a/network/vcn/securitylists.tf +++ b/network/subnets/securitylists.tf @@ -1,7 +1,7 @@ resource "oci_core_security_list" "EtcdSubnet" { compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}etcd_security_list" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" + vcn_id = "${var.vcn_id}" egress_security_rules = [ { @@ -70,7 +70,7 @@ resource "oci_core_security_list" "EtcdSubnet" { resource "oci_core_security_list" "K8SMasterSubnet" { compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}k8sMaster_security_list" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" + vcn_id = "${var.vcn_id}" egress_security_rules = [ { @@ -157,7 +157,7 @@ resource "oci_core_security_list" "K8SMasterSubnet" { resource "oci_core_security_list" "K8SWorkerSubnet" { compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}k8sWorker_security_list" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" + vcn_id = "${var.vcn_id}" egress_security_rules = [ { @@ -228,7 +228,7 @@ resource "oci_core_security_list" "PublicSecurityList" { count = "${var.control_plane_subnet_access == "private" ? "1" : "0"}" compartment_id = "${var.compartment_ocid}" display_name = "public_security_list" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" + vcn_id = "${var.vcn_id}" egress_security_rules = [{ protocol = "all" @@ -313,7 +313,7 @@ resource "oci_core_security_list" "NatSecurityList" { count = "${(var.control_plane_subnet_access == "private") && (var.dedicated_nat_subnets == "true") ? "1" : "0"}" compartment_id = "${var.compartment_ocid}" display_name = "nat_security_list" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" + vcn_id = "${var.vcn_id}" egress_security_rules = [{ protocol = "all" @@ -397,7 +397,7 @@ resource "oci_core_security_list" "NatSecurityList" { resource "oci_core_security_list" "K8SCCMLBSubnet" { compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}k8sCCM_security_list" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" + vcn_id = "${var.vcn_id}" egress_security_rules = [{ protocol = "all" destination = "0.0.0.0/0" diff --git a/network/vcn/subnets.tf b/network/subnets/subnets.tf similarity index 73% rename from network/vcn/subnets.tf rename to network/subnets/subnets.tf index 27ba6d6..bc4d819 100644 --- a/network/vcn/subnets.tf +++ b/network/subnets/subnets.tf @@ -7,10 +7,10 @@ resource "oci_core_subnet" "PublicSubnetAD1" { cidr_block = "${lookup(var.network_cidrs, "PublicSubnetAD1")}" display_name = "${var.label_prefix}publicSubnetAD1" compartment_id = "${var.compartment_ocid}" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${oci_core_route_table.PublicRouteTable.id}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.public_routetable_id}" security_list_ids = ["${concat(list(oci_core_security_list.PublicSecurityList.id), var.additional_public_security_lists_ids)}"] - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dhcp_options_id = "${var.dhcp_options_id}" } resource "oci_core_subnet" "PublicSubnetAD2" { @@ -19,10 +19,10 @@ resource "oci_core_subnet" "PublicSubnetAD2" { cidr_block = "${lookup(var.network_cidrs, "PublicSubnetAD2")}" display_name = "${var.label_prefix}publicSubnetAD2" compartment_id = "${var.compartment_ocid}" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${oci_core_route_table.PublicRouteTable.id}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.public_routetable_id}" security_list_ids = ["${concat(list(oci_core_security_list.PublicSecurityList.id), var.additional_public_security_lists_ids)}"] - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dhcp_options_id = "${var.dhcp_options_id}" } resource "oci_core_subnet" "PublicSubnetAD3" { @@ -31,10 +31,10 @@ resource "oci_core_subnet" "PublicSubnetAD3" { cidr_block = "${lookup(var.network_cidrs, "PublicSubnetAD3")}" display_name = "${var.label_prefix}publicSubnetAD3" compartment_id = "${var.compartment_ocid}" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${oci_core_route_table.PublicRouteTable.id}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.public_routetable_id}" security_list_ids = ["${concat(list(oci_core_security_list.PublicSecurityList.id), var.additional_public_security_lists_ids)}"] - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dhcp_options_id = "${var.dhcp_options_id}" } resource "oci_core_subnet" "NATSubnetAD1" { @@ -44,10 +44,10 @@ resource "oci_core_subnet" "NATSubnetAD1" { cidr_block = "${lookup(var.network_cidrs, "natSubnetAD1")}" display_name = "${var.label_prefix}publicNATSubnetAD1" compartment_id = "${var.compartment_ocid}" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${oci_core_route_table.PublicRouteTable.id}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.public_routetable_id}" security_list_ids = ["${concat(list(oci_core_security_list.NatSecurityList.id), var.additional_nat_security_lists_ids)}"] - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dhcp_options_id = "${var.dhcp_options_id}" } resource "oci_core_subnet" "NATSubnetAD2" { @@ -56,10 +56,10 @@ resource "oci_core_subnet" "NATSubnetAD2" { cidr_block = "${lookup(var.network_cidrs, "natSubnetAD2")}" display_name = "${var.label_prefix}publicNATSubnetAD2" compartment_id = "${var.compartment_ocid}" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${oci_core_route_table.PublicRouteTable.id}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.public_routetable_id}" security_list_ids = ["${concat(list(oci_core_security_list.NatSecurityList.id), var.additional_nat_security_lists_ids)}"] - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dhcp_options_id = "${var.dhcp_options_id}" } resource "oci_core_subnet" "NATSubnetAD3" { @@ -68,10 +68,10 @@ resource "oci_core_subnet" "NATSubnetAD3" { cidr_block = "${lookup(var.network_cidrs, "natSubnetAD3")}" display_name = "${var.label_prefix}publicNATSubnetAD3" compartment_id = "${var.compartment_ocid}" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${oci_core_route_table.PublicRouteTable.id}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.public_routetable_id}" security_list_ids = ["${concat(list(oci_core_security_list.NatSecurityList.id), var.additional_nat_security_lists_ids)}"] - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dhcp_options_id = "${var.dhcp_options_id}" } resource "oci_core_subnet" "etcdSubnetAD1" { @@ -79,12 +79,12 @@ resource "oci_core_subnet" "etcdSubnetAD1" { cidr_block = "${lookup(var.network_cidrs, "etcdSubnetAD1")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD1" - dns_label = "etcdsubnet1" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" + dns_label = "${lookup(var.network_subnet_dns, "etcdSubnetAD1")}" + vcn_id = "${var.vcn_id}" # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD1 first pick) - route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${concat(list(oci_core_security_list.EtcdSubnet.id), var.additional_etcd_security_lists_ids)}"] prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}" @@ -98,12 +98,13 @@ resource "oci_core_subnet" "etcdSubnetAD2" { cidr_block = "${lookup(var.network_cidrs, "etcdSubnetAD2")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD2" - dns_label = "etcdsubnet2" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" + dns_label = "${lookup(var.network_subnet_dns, "etcdSubnetAD2")}" + vcn_id = "${var.vcn_id}" + # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD2 first pick) - route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${concat(list(oci_core_security_list.EtcdSubnet.id), var.additional_etcd_security_lists_ids)}"] prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}" @@ -117,12 +118,12 @@ resource "oci_core_subnet" "etcdSubnetAD3" { cidr_block = "${lookup(var.network_cidrs, "etcdSubnetAD3")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD3" - dns_label = "etcdsubnet3" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" + dns_label = "${lookup(var.network_subnet_dns, "etcdSubnetAD3")}" + vcn_id = "${var.vcn_id}" # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD3 first pick) - route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${concat(list(oci_core_security_list.EtcdSubnet.id), var.additional_etcd_security_lists_ids)}"] prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}" @@ -136,10 +137,10 @@ resource "oci_core_subnet" "k8sMasterSubnetAD1" { cidr_block = "${lookup(var.network_cidrs, "masterSubnetAD1")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD1" - dns_label = "k8smasterad1" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dns_label = "${lookup(var.network_subnet_dns, "masterSubnetAD1")}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${concat(list(oci_core_security_list.K8SMasterSubnet.id), var.additional_k8smaster_security_lists_ids)}"] prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}" @@ -153,10 +154,10 @@ resource "oci_core_subnet" "k8sMasterSubnetAD2" { cidr_block = "${lookup(var.network_cidrs, "masterSubnetAD2")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD2" - dns_label = "k8smasterad2" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dns_label = "${lookup(var.network_subnet_dns, "masterSubnetAD2")}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${concat(list(oci_core_security_list.K8SMasterSubnet.id), var.additional_k8smaster_security_lists_ids)}"] prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}" @@ -170,10 +171,10 @@ resource "oci_core_subnet" "k8sMasterSubnetAD3" { cidr_block = "${lookup(var.network_cidrs, "masterSubnetAD3")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD3" - dns_label = "k8smasterad3" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dns_label = "${lookup(var.network_subnet_dns, "masterSubnetAD3")}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${concat(list(oci_core_security_list.K8SMasterSubnet.id), var.additional_k8smaster_security_lists_ids)}"] prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}" @@ -187,10 +188,10 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD1" { cidr_block = "${lookup(var.network_cidrs, "workerSubnetAD1")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD1" - dns_label = "k8sworkerad1" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dns_label = "${lookup(var.network_subnet_dns, "workerSubnetAD1")}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${concat(list(oci_core_security_list.K8SWorkerSubnet.id), var.additional_k8sworker_security_lists_ids)}"] prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}" @@ -204,10 +205,10 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD2" { cidr_block = "${lookup(var.network_cidrs, "workerSubnetAD2")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD2" - dns_label = "k8sworkerad2" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dns_label = "${lookup(var.network_subnet_dns, "workerSubnetAD2")}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${concat(list(oci_core_security_list.K8SWorkerSubnet.id), var.additional_k8sworker_security_lists_ids)}"] prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}" @@ -221,10 +222,10 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD3" { cidr_block = "${lookup(var.network_cidrs, "workerSubnetAD3")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD3" - dns_label = "k8sworkerad3" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dns_label = "${lookup(var.network_subnet_dns, "workerSubnetAD3")}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${concat(list(oci_core_security_list.K8SWorkerSubnet.id), var.additional_k8sworker_security_lists_ids)}"] prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}" @@ -241,10 +242,10 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD1" { cidr_block = "${lookup(var.network_cidrs, "k8sCCMLBSubnetAD1")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}PublicK8SCCMLBSubnetAD1" - dns_label = "k8sccmlbad1" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dns_label = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD1")}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${oci_core_security_list.K8SCCMLBSubnet.id}"] prohibit_public_ip_on_vnic = "false" @@ -258,10 +259,10 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD2" { cidr_block = "${lookup(var.network_cidrs, "k8sCCMLBSubnetAD2")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}PublicK8SCCMLBSubnetAD2" - dns_label = "k8sccmlbad2" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" + dns_label = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD2")}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" security_list_ids = ["${oci_core_security_list.K8SCCMLBSubnet.id}"] prohibit_public_ip_on_vnic = "false" @@ -275,11 +276,11 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD3" { cidr_block = "${lookup(var.network_cidrs, "k8sCCMLBSubnetAD3")}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}PublicK8SCCMLBSubnetAD3" - dns_label = "k8sccmlbad3" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - route_table_id = "${oci_core_route_table.PublicRouteTable.id}" - dhcp_options_id = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}" - security_list_ids = ["${oci_core_security_list.K8SCCMLBSubnet.id}"] + dns_label = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD3")}" + vcn_id = "${var.vcn_id}" + route_table_id = "${var.public_routetable_id}" + dhcp_options_id = "${var.dhcp_options_id}" + security_list_ids = ["${oci_core_security_list.K8SCCMLBSubnet.id}"] prohibit_public_ip_on_vnic = "false" provisioner "local-exec" { diff --git a/network/subnets/variables.tf b/network/subnets/variables.tf new file mode 100644 index 0000000..8a66833 --- /dev/null +++ b/network/subnets/variables.tf @@ -0,0 +1,179 @@ +variable "vcn_id" {} + +variable "public_routetable_id" {} + +variable "dhcp_options_id" {} + +variable "network_cidrs" { + type = "map" + + default = { + PublicSubnetAD1 = "10.0.10.0/24" + PublicSubnetAD2 = "10.0.11.0/24" + PublicSubnetAD3 = "10.0.12.0/24" + natSubnetAD1 = "10.0.13.0/24" + natSubnetAD2 = "10.0.14.0/24" + natSubnetAD3 = "10.0.15.0/24" + etcdSubnetAD1 = "10.0.20.0/24" + etcdSubnetAD2 = "10.0.21.0/24" + etcdSubnetAD3 = "10.0.22.0/24" + masterSubnetAD1 = "10.0.30.0/24" + masterSubnetAD2 = "10.0.31.0/24" + masterSubnetAD3 = "10.0.32.0/24" + workerSubnetAD1 = "10.0.40.0/24" + workerSubnetAD2 = "10.0.41.0/24" + workerSubnetAD3 = "10.0.42.0/24" + k8sCCMLBSubnetAD1 = "10.0.50.0/24" + k8sCCMLBSubnetAD2 = "10.0.51.0/24" + k8sCCMLBSubnetAD3 = "10.0.52.0/24" + } +} + +variable "network_subnet_dns" { + type = "map" + + default = { + etcdSubnetAD1 = "etcdsubnet1" + etcdSubnetAD2 = "etcdsubnet2" + etcdSubnetAD3 = "etcdsubnet3" + masterSubnetAD1 = "k8smasterad1" + masterSubnetAD2 = "k8smasterad2" + masterSubnetAD3 = "k8smasterad3" + workerSubnetAD1 = "k8sworkerad1" + workerSubnetAD2 = "k8sworkerad2" + workerSubnetAD3 = "k8sworkerad3" + k8sCCMLBSubnetAD1 = "k8sccmlbad1" + k8sCCMLBSubnetAD2 = "k8sccmlbad2" + k8sCCMLBSubnetAD3 = "k8sccmlbad3" + } +} + + +variable "tenancy_ocid" {} + +variable "control_plane_subnet_access" { + default = "public" +} + +variable "additional_etcd_security_lists_ids" { + type = "list" + default = [] +} + +variable "additional_k8smaster_security_lists_ids" { + type = "list" + default = [] +} + +variable "additional_k8sworker_security_lists_ids" { + type = "list" + default = [] +} + +variable "additional_public_security_lists_ids" { + type = "list" + default = [] +} + +variable "additional_nat_security_lists_ids" { + type = "list" + default = [] +} + +# VCN + +variable "label_prefix" { + type = "string" + default = "" +} + +variable "compartment_ocid" {} +variable "vcn_dns_name" {} + +# Security lists + +variable "bmc_ingress_cidrs" { + type = "map" + + default = { + LBAAS-PHOENIX-1-CIDR = "129.144.0.0/12" + LBAAS-ASHBURN-1-CIDR = "129.213.0.0/16" + VCN-CIDR = "10.0.0.0/16" + } +} + +variable "etcd_ssh_ingress" { + default = "10.0.0.0/16" +} + +variable "etcd_cluster_ingress" { + default = "10.0.0.0/16" +} + +variable "master_ssh_ingress" { + default = "10.0.0.0/16" +} + +variable "master_https_ingress" { + default = "10.0.0.0/16" +} + +variable "worker_ssh_ingress" { + default = "10.0.0.0/16" +} + +variable "worker_nodeport_ingress" { + default = "10.0.0.0/16" +} + +variable "master_nodeport_ingress" { + default = "10.0.0.0/16" +} + +# For optional NAT instance (when control_plane_subnet_access = "private") + +variable "public_subnet_ssh_ingress" { + default = "0.0.0.0/0" +} + +variable "public_subnet_http_ingress" { + default = "0.0.0.0/0" +} + +variable "public_subnet_https_ingress" { + default = "0.0.0.0/0" +} + +variable "external_icmp_ingress" { + default = "0.0.0.0/0" +} + +variable "internal_icmp_ingress" { + default = "10.0.0.0/16" +} + +variable "nat_instance_ssh_public_key_openssh" {} + +variable "nat_instance_oracle_linux_image_name" { + default = "Oracle-Linux-7.4-2018.01.20-0" +} + +variable "nat_instance_shape" { + default = "VM.Standard1.2" +} + +variable nat_instance_ad1_enabled { + default = "false" +} + +variable nat_instance_ad2_enabled { + default = "true" +} + +variable nat_instance_ad3_enabled { + default = "false" +} + +variable dedicated_nat_subnets { + default = "false" +} diff --git a/network/vcn/output.tf b/network/vcn/output.tf new file mode 100644 index 0000000..c9e8153 --- /dev/null +++ b/network/vcn/output.tf @@ -0,0 +1,12 @@ +output "vcn_id" { + value = "${oci_core_virtual_network.CompleteVCN.*.id}" +} + +output "public_routetable_id" { + value ="${oci_core_route_table.PublicRouteTable.*.id}" +} + +output "vcn_dhcp_options_id" { + value ="${oci_core_virtual_network.CompleteVCN.*.default_dhcp_options_id}" +} + diff --git a/network/vcn/variables.tf b/network/vcn/variables.tf index 4a7cfaa..e8fe2e7 100644 --- a/network/vcn/variables.tf +++ b/network/vcn/variables.tf @@ -1,154 +1,13 @@ -variable "network_cidrs" { - type = "map" - - default = { - VCN-CIDR = "10.0.0.0/16" - PublicSubnetAD1 = "10.0.10.0/24" - PublicSubnetAD2 = "10.0.11.0/24" - PublicSubnetAD3 = "10.0.12.0/24" - natSubnetAD1 = "10.0.13.0/24" - natSubnetAD2 = "10.0.14.0/24" - natSubnetAD3 = "10.0.15.0/24" - etcdSubnetAD1 = "10.0.20.0/24" - etcdSubnetAD2 = "10.0.21.0/24" - etcdSubnetAD3 = "10.0.22.0/24" - masterSubnetAD1 = "10.0.30.0/24" - masterSubnetAD2 = "10.0.31.0/24" - masterSubnetAD3 = "10.0.32.0/24" - workerSubnetAD1 = "10.0.40.0/24" - workerSubnetAD2 = "10.0.41.0/24" - workerSubnetAD3 = "10.0.42.0/24" - k8sCCMLBSubnetAD1 = "10.0.50.0/24" - k8sCCMLBSubnetAD2 = "10.0.51.0/24" - k8sCCMLBSubnetAD3 = "10.0.52.0/24" - } -} - -variable "tenancy_ocid" {} - -variable "control_plane_subnet_access" { - default = "public" -} - -variable "additional_etcd_security_lists_ids" { - type = "list" - default = [] -} - -variable "additional_k8smaster_security_lists_ids" { - type = "list" - default = [] -} - -variable "additional_k8sworker_security_lists_ids" { - type = "list" - default = [] -} - -variable "additional_public_security_lists_ids" { - type = "list" - default = [] -} - -variable "additional_nat_security_lists_ids" { - type = "list" - default = [] -} - -# VCN - -variable "label_prefix" { - type = "string" - default = "" -} - -variable "compartment_ocid" {} -variable "vcn_dns_name" {} - -# Security lists - -variable "bmc_ingress_cidrs" { - type = "map" - - default = { - LBAAS-PHOENIX-1-CIDR = "129.144.0.0/12" - LBAAS-ASHBURN-1-CIDR = "129.213.0.0/16" - VCN-CIDR = "10.0.0.0/16" - } -} - -variable "etcd_ssh_ingress" { - default = "10.0.0.0/16" -} - -variable "etcd_cluster_ingress" { - default = "10.0.0.0/16" -} - -variable "master_ssh_ingress" { - default = "10.0.0.0/16" +variable "vcn_dns_name" { + default = "k8sbmcs" } -variable "master_https_ingress" { - default = "10.0.0.0/16" -} - -variable "worker_ssh_ingress" { - default = "10.0.0.0/16" -} - -variable "worker_nodeport_ingress" { - default = "10.0.0.0/16" -} - -variable "master_nodeport_ingress" { - default = "10.0.0.0/16" -} - -# For optional NAT instance (when control_plane_subnet_access = "private") - -variable "public_subnet_ssh_ingress" { - default = "0.0.0.0/0" -} - -variable "public_subnet_http_ingress" { - default = "0.0.0.0/0" -} +variable "create_vcn" {} -variable "public_subnet_https_ingress" { - default = "0.0.0.0/0" -} - -variable "external_icmp_ingress" { - default = "0.0.0.0/0" -} - -variable "internal_icmp_ingress" { +variable "vcn_cidr" { default = "10.0.0.0/16" } -variable "nat_instance_ssh_public_key_openssh" {} - -variable "nat_instance_oracle_linux_image_name" { - default = "Oracle-Linux-7.4-2018.01.20-0" -} - -variable "nat_instance_shape" { - default = "VM.Standard1.2" -} - -variable nat_instance_ad1_enabled { - default = "false" -} - -variable nat_instance_ad2_enabled { - default = "true" -} - -variable nat_instance_ad3_enabled { - default = "false" -} +variable "compartment_ocid" {} -variable dedicated_nat_subnets { - default = "false" -} +variable "label_prefix" {} diff --git a/network/vcn/vcn.tf b/network/vcn/vcn.tf index 47278b9..6b6b64d 100644 --- a/network/vcn/vcn.tf +++ b/network/vcn/vcn.tf @@ -1,17 +1,20 @@ resource "oci_core_virtual_network" "CompleteVCN" { - cidr_block = "${lookup(var.network_cidrs, "VCN-CIDR")}" + count = "${var.create_vcn == "true" ? 1 : 0}" + cidr_block = "${var.vcn_cidr}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}${var.vcn_dns_name}" dns_label = "${var.vcn_dns_name}" } resource "oci_core_internet_gateway" "PublicIG" { + count = "${var.create_vcn == "true" ? 1 : 0}" compartment_id = "${var.compartment_ocid}" display_name = "${var.label_prefix}PublicIG" vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" } resource "oci_core_route_table" "PublicRouteTable" { + count = "${var.create_vcn == "true" ? 1 : 0}" compartment_id = "${var.compartment_ocid}" vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" display_name = "${var.label_prefix}RouteTableForComplete" @@ -24,50 +27,3 @@ resource "oci_core_route_table" "PublicRouteTable" { } } -resource "oci_core_route_table" "NATInstanceAD1RouteTable" { - # Provisioned only when k8s instances in AD1 are in private subnets - count = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad1_enabled == "true") ? "1" : "0"}" - compartment_id = "${var.compartment_ocid}" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - display_name = "NATInstanceAD1RouteTable" - - route_rules { - # All traffic leaving the subnet needs to go to route target. - cidr_block = "0.0.0.0/0" - - # Private IP route target for instances on private AD1 subnets - network_entity_id = "${data.oci_core_private_ips.NATInstanceAD1PrivateIPDatasource.private_ips.0.id}" - } -} - -resource "oci_core_route_table" "NATInstanceAD2RouteTable" { - # Provisioned only when k8s instances in AD2 are in private subnets - count = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad2_enabled == "true") ? "1" : "0"}" - compartment_id = "${var.compartment_ocid}" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - display_name = "NATInstanceAD2RouteTable" - - route_rules { - # All traffic leaving the subnet needs to go to route target. - cidr_block = "0.0.0.0/0" - - # Private IP route target for instances on private AD2 subnets - network_entity_id = "${data.oci_core_private_ips.NATInstanceAD2PrivateIPDatasource.private_ips.0.id}" - } -} - -resource "oci_core_route_table" "NATInstanceAD3RouteTable" { - # Provisioned only when k8s instances in AD3 are in private subnets - count = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad3_enabled == "true") ? "1" : "0"}" - compartment_id = "${var.compartment_ocid}" - vcn_id = "${oci_core_virtual_network.CompleteVCN.id}" - display_name = "NATInstanceAD3RouteTable" - - route_rules { - # All traffic leaving the subnet needs to go to route target. - cidr_block = "0.0.0.0/0" - - # Private IP route target for instances on private AD3 subnets - network_entity_id = "${data.oci_core_private_ips.NATInstanceAD3PrivateIPDatasource.private_ips.0.id}" - } -} diff --git a/outputs.tf b/outputs.tf index 87baaea..d227730 100644 --- a/outputs.tf +++ b/outputs.tf @@ -27,35 +27,41 @@ output "etcd_lb_backendset_2380_name" { } output "vcn_id" { - value = "${module.vcn.id}" + value = "${var.vcn_id == "" ? join(" ",module.vcn.vcn_id) : var.vcn_id}" } +# Same as below but kept for backwards compatability output "vcn_route_for_complete_id" { - value = "${module.vcn.route_for_complete_id}" + value = "${var.vcn_id == "" ? join(" ",module.vcn.public_routetable_id) : var.public_routetable_id}" } +output "public_routetable_id" { + value = "${var.vcn_id == "" ? join(" ",module.vcn.public_routetable_id) : var.public_routetable_id}" +} + + output "vcn_dhcp_options_id" { - value = "${module.vcn.dhcp_options_id}" + value = "${var.vcn_id == "" ? join(" ",module.vcn.vcn_dhcp_options_id) : var.vcn_dhcp_options_id}" } output "etcd_subnet_ids" { - value = ["${module.vcn.etcd_subnet_ad1_id}", "${module.vcn.etcd_subnet_ad2_id}", "${module.vcn.etcd_subnet_ad3_id}"] + value = ["${module.subnets.etcd_subnet_ad1_id}", "${module.subnets.etcd_subnet_ad2_id}", "${module.subnets.etcd_subnet_ad3_id}"] } output "worker_subnet_ids" { - value = ["${module.vcn.k8worker_subnet_ad1_id}", "${module.vcn.k8worker_subnet_ad2_id}", "${module.vcn.k8worker_subnet_ad3_id}"] + value = ["${module.subnets.k8worker_subnet_ad1_id}", "${module.subnets.k8worker_subnet_ad2_id}", "${module.subnets.k8worker_subnet_ad3_id}"] } output "master_subnet_ids" { - value = ["${module.vcn.k8smaster_subnet_ad1_id}", "${module.vcn.k8smaster_subnet_ad2_id}", "${module.vcn.k8smaster_subnet_ad3_id}"] + value = ["${module.subnets.k8smaster_subnet_ad1_id}", "${module.subnets.k8smaster_subnet_ad2_id}", "${module.subnets.k8smaster_subnet_ad3_id}"] } output "public_subnet_ids" { - value = ["${module.vcn.public_subnet_ad1_id}", "${module.vcn.public_subnet_ad2_id}", "${module.vcn.public_subnet_ad3_id}", ""] + value = ["${module.subnets.public_subnet_ad1_id}", "${module.subnets.public_subnet_ad2_id}", "${module.subnets.public_subnet_ad3_id}", ""] } output "nat_subnet_ids" { - value = ["${module.vcn.nat_subnet_ad1_id}", "${module.vcn.nat_subnet_ad2_id}", "${module.vcn.nat_subnet_ad3_id}", ""] + value = ["${module.subnets.nat_subnet_ad1_id}", "${module.subnets.nat_subnet_ad2_id}", "${module.subnets.nat_subnet_ad3_id}", ""] } output "worker_ssh_ingress_cidr" { @@ -146,15 +152,15 @@ output "worker_private_ips" { } output "nat_instance_public_ips" { - value = "${compact(concat(module.vcn.nat_instance_ad1_public_ips,module.vcn.nat_instance_ad2_public_ips,module.vcn.nat_instance_ad3_public_ips))}" + value = "${compact(concat(module.subnets.nat_instance_ad1_public_ips,module.subnets.nat_instance_ad2_public_ips,module.subnets.nat_instance_ad3_public_ips))}" } output "nat_instance_private_ips" { - value = "${compact(concat(module.vcn.nat_instance_ad1_private_ips,module.vcn.nat_instance_ad2_private_ips,module.vcn.nat_instance_ad3_private_ips))}" + value = "${compact(concat(module.subnets.nat_instance_ad1_private_ips,module.subnets.nat_instance_ad2_private_ips,module.subnets.nat_instance_ad3_private_ips))}" } output "control_plane_subnet_access" { - value = "${module.vcn.control_plane_subnet_access}" + value = "${module.subnets.control_plane_subnet_access}" } output "kubeconfig" { diff --git a/terraform.example.tfvars b/terraform.example.tfvars index 87f0fa5..3f27060 100644 --- a/terraform.example.tfvars +++ b/terraform.example.tfvars @@ -5,6 +5,11 @@ #private_key_path = "/tmp/bmcs_api_key.pem" #user_ocid = "ocid1.user.oc1..aaaaaaaa5fy2l5aki6z2bzff5yrrmlahiif44vzodeetygxmpulq3mbnckya" +# VCN +#vcn_id = "ocid1.vcn.oc1.phx.aaaaaaaa545hjqe26s77xpiiuyznb6baxym5ff6lnx5asgggnptwfcg3t7na" +#vcn_dhcp_options_id = "ocid1.dhcpoptions.oc1.phx.aaaaaaaat27e4e6li545u4tnymwk7452gpxvqcszg6jbflpfqvtr7vkxjqnq" +#public_routetable_id = "ocid1.routetable.oc1.phx.aaaaaaaab5obbsciewyf73r4ggm26uvmykqbyhwphwqiuvqpune3bosoyey + # CCM user #cloud_controller_user_ocid = "ocid1.tenancy.oc1..aaaaaaaa763cu5f3m7qpzwnvr2shs3o26ftrn7fkgz55cpzgxmglgtui3v7q" #cloud_controller_user_fingerprint = "ed:51:83:3b:d2:04:f4:af:9d:7b:17:96:dd:8a:99:bc" diff --git a/tests/resources/configs/public-cluster.tfvars b/tests/resources/configs/public-cluster.tfvars index 7fcb4d8..5efde5c 100755 --- a/tests/resources/configs/public-cluster.tfvars +++ b/tests/resources/configs/public-cluster.tfvars @@ -7,6 +7,7 @@ vcn_dns_name = "k8soci" domain_name = "k8soci.oraclevcn.com" control_plane_subnet_access = "public" k8s_master_lb_access = "public" +master_oci_lb_enabled = "false" etcd_lb_enabled = "false" etcdShape = "VM.Standard1.8" k8sMasterShape = "VM.Standard1.8" diff --git a/variables.tf b/variables.tf index 39d9177..8b1f00f 100644 --- a/variables.tf +++ b/variables.tf @@ -3,11 +3,25 @@ variable "tenancy_ocid" {} variable "compartment_ocid" {} +# VCN config if this is set the no VCN is created and instead these 3 varables are use +variable "vcn_id" { + default = "" +} + +variable "public_routetable_id" { + default = "" +} + +variable "vcn_dhcp_options_id" { + default = "" +} + + + variable "network_cidrs" { type = "map" default = { - VCN-CIDR = "10.0.0.0/16" PublicSubnetAD1 = "10.0.10.0/24" PublicSubnetAD2 = "10.0.11.0/24" PublicSubnetAD3 = "10.0.12.0/24" @@ -29,6 +43,26 @@ variable "network_cidrs" { } } +variable "network_subnet_dns" { + type = "map" + + default = { + etcdSubnetAD1 = "etcdsubnet1" + etcdSubnetAD2 = "etcdsubnet2" + etcdSubnetAD3 = "etcdsubnet3" + masterSubnetAD1 = "k8smasterad1" + masterSubnetAD2 = "k8smasterad2" + masterSubnetAD3 = "k8smasterad3" + workerSubnetAD1 = "k8sworkerad1" + workerSubnetAD2 = "k8sworkerad2" + workerSubnetAD3 = "k8sworkerad3" + k8sCCMLBSubnetAD1 = "k8sccmlbad1" + k8sCCMLBSubnetAD2 = "k8sccmlbad2" + k8sCCMLBSubnetAD3 = "k8sccmlbad3" + } +} + + variable "domain_name" { default = "k8sbmcs.oraclevcn.com" } @@ -45,6 +79,10 @@ variable "vcn_dns_name" { default = "k8sbmcs" } +variable "vcn_cidr" { + default = "10.0.0.0/16" +} + variable "disable_auto_retries" { default = "false" }