Merge pull request #30 from junior/5G-NF-Infra-w-calico-example

5G Infra example vnic tuning

README.md

@@ -9,15 +9,17 @@ $${\color{red}OKE \space Cluster \space deployment \space yet.}$$
 ---
 
 [![Stack Release](https://img.shields.io/github/v/release/oracle-quickstart/terraform-oci-oke-quickstart.svg)](https://github.com/oracle-quickstart/terraform-oci-oke-quickstart/releases)
-[![Stack Build](https://img.shields.io/github/workflow/status/oracle-quickstart/terraform-oci-oke-quickstart/Generate%20stacks%20and%20publish%20release?label=stack&logo=oracle&logoColor=red)][magic_oke_stack]
-![AquaSec TFSec](https://img.shields.io/github/workflow/status/oracle-quickstart/terraform-oci-oke-quickstart/tfsec?label=tfsec&logo=aqua)
+[![Stack Build](https://img.shields.io/github/actions/workflow/status/oracle-quickstart/terraform-oci-oke-quickstart/stack.yml?branch=main&label=stack&logo=oracle&logoColor=red)][magic_oke_stack]
+![AquaSec TFSec](https://img.shields.io/github/actions/workflow/status/oracle-quickstart/terraform-oci-oke-quickstart/tfsec.yml?branch=main&label=tfsec&logo=aqua)
 ![Terraform](https://img.shields.io/badge/terraform->%3D%201.1-%235835CC.svg?logo=terraform)
 ![Stack License](https://img.shields.io/github/license/oracle-quickstart/terraform-oci-oke-quickstart)
 ![Stack Downloads](https://img.shields.io/github/downloads/oracle-quickstart/terraform-oci-oke-quickstart/total?logo=terraform)
 [![GitHub issues](https://img.shields.io/github/issues/oracle-quickstart/terraform-oci-oke-quickstart.svg)](https://github.com/oracle-quickstart/terraform-oci-oke-quickstart/issues)
 
 This module handles opinionated Oracle Container Engine for [Kubernetes][kubernetes_101] ([OKE][oke]) cluster creation on Oracle Cloud Infrastructure ([OCI][oci]). This module is designed to be used with the [OCI Resource Manager][oci_rm] to deploy a cluster in a single step. The module can also be used with the [OCI Terraform Provider][oci_tf_provider] to deploy a cluster using local or CloudShell Terraform cli.
 
+>Note: This project is an alternative to easily create an OKE cluster without the need to use external workarounds and do not need to create compute bastions or jump servers, even if deploying using private endpoints. This is a __NO__(`null_resource` ,`remote_exec`, `operator instance`, `bastion_or_jump_server`, `out_of_tf_state_sh_scripts`) project
+
 Sub modules are provided to create a cluster with a single node pool, or a cluster with multiple node pools. Enables Cluster Autoscaler, OCI Vault(KMS) for customer-managed encryption keys for secrets, block volumes. The module also provides a sub module to create a cluster with a single node pool and a private endpoint to Oracle Resource Manager (ORM).
 
 This repo also includes the modules for deploying the following cluster components on the OKE cluster:

examples/5G-NF-Infra/networking.tf

@@ -301,6 +301,7 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5gc_signalling" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5GC-Signalling" }
   }
+  display_name  = "5GC-Signalling vnic Attachment"
   instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 }
 resource "oci_core_vnic_attachment" "vnic_attachment_5gc_oam" {
@@ -312,6 +313,7 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5gc_oam" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5GC-OAM" }
   }
+  display_name  = "5GC-OAM vnic Attachment"
   instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5gc_signalling]
@@ -325,6 +327,7 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5g_ran" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5G RAN" }
   }
+  display_name  = "5G RAN vnic Attachment"
   instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5gc_oam]
@@ -338,6 +341,7 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5g_legal_intercept" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5G Legal Intercept" }
   }
+  display_name  = "5G Legal Intercept vnic Attachment"
   instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5g_ran]
@@ -351,6 +355,7 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5g_epc" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5G-EPC" }
   }
+  display_name  = "5G-EPC vnic Attachment"
   instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5g_legal_intercept]

examples/5G-NF-Infra/oke.tf

@@ -39,16 +39,32 @@ module "oke-quickstart" {
 #cloud-config
 
 write_files:
+  - path: "/etc/systemd/system/secondary_vnic_all_configure.timer"
+    permissions: "0644"
+    content: |
+      [Unit]
+      Description=Wait to execute secondary VNICs configure
+      After=network.target
+      Requires=secondary_vnic_all_configure.service
+
+      [Timer]
+      Unit=secondary_vnic_all_configure.service
+      OnBootSec=120sec
+
+      [Install]
+      WantedBy=timers.target
   - path: "/etc/systemd/system/secondary_vnic_all_configure.service"
     permissions: "0644"
     content: |
       [Unit]
       Description=Configure secondary VNICs at boot
       After=network.target
+      Wants=secondary_vnic_all_configure.timer
 
       [Service]
       Type=oneshot
       ExecStart=/usr/local/sbin/secondary_vnic_all_configure.sh -c
+      ExecStart=sysctl -w net.ipv4.conf.all.rp_filter=2
 
       [Install]
       WantedBy=multi-user.target
@@ -57,6 +73,8 @@ runcmd:
  - echo "Preparing Nodes for 5G-NF-Infra..."
  - echo 'sctp' | tee -a /etc/modules-load.d/sctp.conf
  - modprobe sctp
+ - sysctl -w net.ipv4.conf.default.rp_filter=2
+ - echo 'net.ipv4.conf.all.rp_filter=2' >> /etc/sysctl.conf
  - sysctl -w kernel.core_pattern=/var/crash/core.%p
  - echo "Finished prep nodes."
  - echo "Configuring secondary VNICs..."