From c43688a92cfd7ee89a3a03050514dc4bfa767713 Mon Sep 17 00:00:00 2001
From: junior <junior@users.noreply.github.com>
Date: Fri, 6 Jan 2023 15:17:40 -0600
Subject: [PATCH] 5G Infra example vnic tuning

Signed-off-by: junior <junior@users.noreply.github.com>
---
 README.md                          |  6 ++++--
 examples/5G-NF-Infra/networking.tf |  5 +++++
 examples/5G-NF-Infra/oke.tf        | 18 ++++++++++++++++++
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 23dd9df..1f20dc7 100644
--- a/README.md
+++ b/README.md
@@ -9,8 +9,8 @@ $${\color{red}OKE \space Cluster \space deployment \space yet.}$$
 ---
 
 [![Stack Release](https://img.shields.io/github/v/release/oracle-quickstart/terraform-oci-oke-quickstart.svg)](https://github.com/oracle-quickstart/terraform-oci-oke-quickstart/releases)
-[![Stack Build](https://img.shields.io/github/workflow/status/oracle-quickstart/terraform-oci-oke-quickstart/Generate%20stacks%20and%20publish%20release?label=stack&logo=oracle&logoColor=red)][magic_oke_stack]
-![AquaSec TFSec](https://img.shields.io/github/workflow/status/oracle-quickstart/terraform-oci-oke-quickstart/tfsec?label=tfsec&logo=aqua)
+[![Stack Build](https://img.shields.io/github/actions/workflow/status/oracle-quickstart/terraform-oci-oke-quickstart/stack.yml?branch=main&label=stack&logo=oracle&logoColor=red)][magic_oke_stack]
+![AquaSec TFSec](https://img.shields.io/github/actions/workflow/status/oracle-quickstart/terraform-oci-oke-quickstart/tfsec.yml?branch=main&label=tfsec&logo=aqua)
 ![Terraform](https://img.shields.io/badge/terraform->%3D%201.1-%235835CC.svg?logo=terraform)
 ![Stack License](https://img.shields.io/github/license/oracle-quickstart/terraform-oci-oke-quickstart)
 ![Stack Downloads](https://img.shields.io/github/downloads/oracle-quickstart/terraform-oci-oke-quickstart/total?logo=terraform)
@@ -18,6 +18,8 @@ $${\color{red}OKE \space Cluster \space deployment \space yet.}$$
 
 This module handles opinionated Oracle Container Engine for [Kubernetes][kubernetes_101] ([OKE][oke]) cluster creation on Oracle Cloud Infrastructure ([OCI][oci]). This module is designed to be used with the [OCI Resource Manager][oci_rm] to deploy a cluster in a single step. The module can also be used with the [OCI Terraform Provider][oci_tf_provider] to deploy a cluster using local or CloudShell Terraform cli.
 
+>Note: This project is an alternative to easily create an OKE cluster without the need to use external workarounds and do not need to create compute bastions or jump servers, even if deploying using private endpoints. This is a __NO__(`null_resource` ,`remote_exec`, `operator instance`, `bastion_or_jump_server`, `out_of_tf_state_sh_scripts`) project
+
 Sub modules are provided to create a cluster with a single node pool, or a cluster with multiple node pools. Enables Cluster Autoscaler, OCI Vault(KMS) for customer-managed encryption keys for secrets, block volumes. The module also provides a sub module to create a cluster with a single node pool and a private endpoint to Oracle Resource Manager (ORM).
 
 This repo also includes the modules for deploying the following cluster components on the OKE cluster:
diff --git a/examples/5G-NF-Infra/networking.tf b/examples/5G-NF-Infra/networking.tf
index 7302644..eccf5f6 100644
--- a/examples/5G-NF-Infra/networking.tf
+++ b/examples/5G-NF-Infra/networking.tf
@@ -301,6 +301,7 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5gc_signalling" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5GC-Signalling" }
   }
+  display_name  = "5GC-Signalling vnic Attachment"
   instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 }
 resource "oci_core_vnic_attachment" "vnic_attachment_5gc_oam" {
@@ -312,6 +313,7 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5gc_oam" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5GC-OAM" }
   }
+  display_name  = "5GC-OAM vnic Attachment"
   instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5gc_signalling]
@@ -325,6 +327,7 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5g_ran" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5G RAN" }
   }
+  display_name  = "5G RAN vnic Attachment"
   instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5gc_oam]
@@ -338,6 +341,7 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5g_legal_intercept" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5G Legal Intercept" }
   }
+  display_name  = "5G Legal Intercept vnic Attachment"
   instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5g_ran]
@@ -351,6 +355,7 @@ resource "oci_core_vnic_attachment" "vnic_attachment_5g_epc" {
     defined_tags  = {}
     freeform_tags = { "Network" : "5G-EPC" }
   }
+  display_name  = "5G-EPC vnic Attachment"
   instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id
 
   depends_on = [oci_core_vnic_attachment.vnic_attachment_5g_legal_intercept]
diff --git a/examples/5G-NF-Infra/oke.tf b/examples/5G-NF-Infra/oke.tf
index f63da59..3ff1ed2 100644
--- a/examples/5G-NF-Infra/oke.tf
+++ b/examples/5G-NF-Infra/oke.tf
@@ -39,16 +39,32 @@ module "oke-quickstart" {
 #cloud-config
 
 write_files:
+  - path: "/etc/systemd/system/secondary_vnic_all_configure.timer"
+    permissions: "0644"
+    content: |
+      [Unit]
+      Description=Wait to execute secondary VNICs configure
+      After=network.target
+      Requires=secondary_vnic_all_configure.service
+
+      [Timer]
+      Unit=secondary_vnic_all_configure.service
+      OnBootSec=120sec
+
+      [Install]
+      WantedBy=timers.target
   - path: "/etc/systemd/system/secondary_vnic_all_configure.service"
     permissions: "0644"
     content: |
       [Unit]
       Description=Configure secondary VNICs at boot
       After=network.target
+      Wants=secondary_vnic_all_configure.timer
 
       [Service]
       Type=oneshot
       ExecStart=/usr/local/sbin/secondary_vnic_all_configure.sh -c
+      ExecStart=sysctl -w net.ipv4.conf.all.rp_filter=2
 
       [Install]
       WantedBy=multi-user.target
@@ -57,6 +73,8 @@ runcmd:
  - echo "Preparing Nodes for 5G-NF-Infra..."
  - echo 'sctp' | tee -a /etc/modules-load.d/sctp.conf
  - modprobe sctp
+ - sysctl -w net.ipv4.conf.default.rp_filter=2
+ - echo 'net.ipv4.conf.all.rp_filter=2' >> /etc/sysctl.conf
  - sysctl -w kernel.core_pattern=/var/crash/core.%p
  - echo "Finished prep nodes."
  - echo "Configuring secondary VNICs..."