From 3a4f80eb71df99a5a9463a21721a5edf0d333207 Mon Sep 17 00:00:00 2001 From: junior Date: Sun, 11 Dec 2022 19:23:20 -0600 Subject: [PATCH 1/4] 5G NF Infra example: sctp seclist Signed-off-by: junior --- examples/5G-NF-Infra/networking.tf | 215 +++++++++++++++++------------ examples/5G-NF-Infra/oke.tf | 19 +-- 2 files changed, 137 insertions(+), 97 deletions(-) diff --git a/examples/5G-NF-Infra/networking.tf b/examples/5G-NF-Infra/networking.tf index a51feef..cbdb872 100644 --- a/examples/5G-NF-Infra/networking.tf +++ b/examples/5G-NF-Infra/networking.tf @@ -19,86 +19,122 @@ locals { # Extra Security Lists for the 5G NF locals { - extra_security_lists = [ - { - security_list_name = "5gc_oam_security_list" - display_name = "5GC OAM Security List" - ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules) - egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules) - }, - { - security_list_name = "5gc_signalling_security_list" - display_name = "5GC Signalling (SBI) Security List" - ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules) - egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules) - }, - { - security_list_name = "5g_ran_security_list" - display_name = "5G RAN Security List" - ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules) - egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules) - }, - { - security_list_name = "legal_intercept_security_list" - display_name = "Legal Intercept Security List" - ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules) - egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules) - }, - { - security_list_name = "5g_epc_security_list" - display_name = "5G EPC Security List" - ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules) - egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules) + extra_security_lists = [{ + security_list_name = "5gc_oam_security_list" + display_name = "5GC OAM Security List" + ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules) + egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules) + }, { + security_list_name = "5gc_signalling_security_list" + display_name = "5GC Signalling (SBI) Security List" + ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules) + egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules) + }, { + security_list_name = "5g_ran_security_list" + display_name = "5G RAN Security List" + ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules) + egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules) + }, { + security_list_name = "legal_intercept_security_list" + display_name = "Legal Intercept Security List" + ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules) + egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules) + }, { + security_list_name = "5g_epc_security_list" + display_name = "5G EPC Security List" + ingress_security_rules = concat(local.common_5g_security_list_ingress_rules, local.temp_all_vcn_security_list_ingress_rules) + egress_security_rules = concat(local.common_5g_security_list_egress_rules, local.temp_all_vcn_security_list_egress_rules) + }, { + security_list_name = "5g_for_pods_security_list" + display_name = "5G subnets x pods Security List" + ingress_security_rules = [{ + description = "Allow 5GC OAM to pod communication" + source = lookup(local.network_cidrs, "SUBNET-5GC-OAM-CIDR") + source_type = "CIDR_BLOCK" + protocol = local.security_list_ports.all_protocols + stateless = false + tcp_options = { max = -1, min = -1, source_port_range = null } + udp_options = { max = -1, min = -1, source_port_range = null } + icmp_options = null + }, { + description = "Allow 5GC Signalling (SBI) to pod communication" + source = lookup(local.network_cidrs, "SUBNET-5GC-SIGNALLING-CIDR") + source_type = "CIDR_BLOCK" + protocol = local.security_list_ports.all_protocols + stateless = false + tcp_options = { max = -1, min = -1, source_port_range = null } + udp_options = { max = -1, min = -1, source_port_range = null } + icmp_options = null }, { - security_list_name = "5g_for_pods_security_list" - display_name = "5G subnets x pods Security List" - ingress_security_rules = [{ - description = "Allow 5GC OAM to pod communication" - source = lookup(local.network_cidrs, "SUBNET-5GC-OAM-CIDR") - source_type = "CIDR_BLOCK" - protocol = local.security_list_ports.all_protocols - stateless = false - tcp_options = { max = -1, min = -1, source_port_range = null } - udp_options = { max = -1, min = -1, source_port_range = null } - icmp_options = null - }, { - description = "Allow 5GC Signalling (SBI) to pod communication" - source = lookup(local.network_cidrs, "SUBNET-5GC-SIGNALLING-CIDR") - source_type = "CIDR_BLOCK" - protocol = local.security_list_ports.all_protocols - stateless = false - tcp_options = { max = -1, min = -1, source_port_range = null } - udp_options = { max = -1, min = -1, source_port_range = null } - icmp_options = null - }, { - description = "Allow 5G RAN to pod communication" - source = lookup(local.network_cidrs, "SUBNET-5G-RAN-CIDR") - source_type = "CIDR_BLOCK" - protocol = local.security_list_ports.all_protocols - stateless = false - tcp_options = { max = -1, min = -1, source_port_range = null } - udp_options = { max = -1, min = -1, source_port_range = null } - icmp_options = null - }, { - description = "Allow 5G Legal Intercept to pod communication" - source = lookup(local.network_cidrs, "SUBNET-LEGAL-INTERCEPT-CIDR") - source_type = "CIDR_BLOCK" - protocol = local.security_list_ports.all_protocols - stateless = false - tcp_options = { max = -1, min = -1, source_port_range = null } - udp_options = { max = -1, min = -1, source_port_range = null } - icmp_options = null - }, { - description = "Allow 5G EPC to pod communication" - source = lookup(local.network_cidrs, "SUBNET-5G-EPC-CIDR") - source_type = "CIDR_BLOCK" - protocol = local.security_list_ports.all_protocols - stateless = false - tcp_options = { max = -1, min = -1, source_port_range = null } - udp_options = { max = -1, min = -1, source_port_range = null } - icmp_options = null - }] - egress_security_rules = [] + description = "Allow 5G RAN to pod communication" + source = lookup(local.network_cidrs, "SUBNET-5G-RAN-CIDR") + source_type = "CIDR_BLOCK" + protocol = local.security_list_ports.all_protocols + stateless = false + tcp_options = { max = -1, min = -1, source_port_range = null } + udp_options = { max = -1, min = -1, source_port_range = null } + icmp_options = null + }, { + description = "Allow 5G Legal Intercept to pod communication" + source = lookup(local.network_cidrs, "SUBNET-LEGAL-INTERCEPT-CIDR") + source_type = "CIDR_BLOCK" + protocol = local.security_list_ports.all_protocols + stateless = false + tcp_options = { max = -1, min = -1, source_port_range = null } + udp_options = { max = -1, min = -1, source_port_range = null } + icmp_options = null + }, { + description = "Allow 5G EPC to pod communication" + source = lookup(local.network_cidrs, "SUBNET-5G-EPC-CIDR") + source_type = "CIDR_BLOCK" + protocol = local.security_list_ports.all_protocols + stateless = false + tcp_options = { max = -1, min = -1, source_port_range = null } + udp_options = { max = -1, min = -1, source_port_range = null } + icmp_options = null + }, { + description = "Stream Control Transmission Protocol (SCTP) Ingress" + source = lookup(local.network_cidrs, "ALL-CIDR") + source_type = "CIDR_BLOCK" + protocol = local.security_list_ports.sctp_protocol_number + stateless = false + tcp_options = { max = -1, min = -1, source_port_range = null } + udp_options = { max = -1, min = -1, source_port_range = null } + icmp_options = null + }, ] + egress_security_rules = [{ + description = "Stream Control Transmission Protocol (SCTP) Egress" + destination = lookup(local.network_cidrs, "ALL-CIDR") + destination_type = "CIDR_BLOCK" + protocol = local.security_list_ports.sctp_protocol_number + stateless = false + tcp_options = { max = -1, min = -1, source_port_range = null } + udp_options = { max = -1, min = -1, source_port_range = null } + icmp_options = null + }, ] + }, { + security_list_name = "5g_sctp_security_list" + display_name = "Enable SCTP Security List" + ingress_security_rules = [{ + description = "Stream Control Transmission Protocol (SCTP) Ingress" + source = lookup(local.network_cidrs, "ALL-CIDR") + source_type = "CIDR_BLOCK" + protocol = local.security_list_ports.sctp_protocol_number + stateless = false + tcp_options = { max = -1, min = -1, source_port_range = null } + udp_options = { max = -1, min = -1, source_port_range = null } + icmp_options = null + }] + egress_security_rules = [{ + description = "Stream Control Transmission Protocol (SCTP) Egress" + destination = lookup(local.network_cidrs, "ALL-CIDR") + destination_type = "CIDR_BLOCK" + protocol = local.security_list_ports.sctp_protocol_number + stateless = false + tcp_options = { max = -1, min = -1, source_port_range = null } + udp_options = { max = -1, min = -1, source_port_range = null } + icmp_options = null + }] }, ] common_5g_security_list_ingress_rules = [{ @@ -169,6 +205,7 @@ locals { tcp_protocol_number = "6" udp_protocol_number = "17" icmp_protocol_number = "1" + sctp_protocol_number = "132" all_protocols = "all" } } @@ -255,25 +292,25 @@ data "oci_containerengine_node_pool" "node_pool_1" { } # 5G NF VNICs attachments for each node in the node pool -resource "oci_core_vnic_attachment" "vnic_attachment_5gc_oam" { +resource "oci_core_vnic_attachment" "vnic_attachment_5gc_signalling" { count = var.node_pool_initial_num_worker_nodes_1 create_vnic_details { - display_name = "5GC-OAM vnic" - private_ip = [for hostnum in range(4, 15) : cidrhost(lookup(local.network_cidrs, "SUBNET-5GC-OAM-CIDR"), hostnum)][index(data.oci_containerengine_node_pool.node_pool_1.nodes.*.id, data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id)] - subnet_id = module.oke-quickstart.subnets["5GC_OAM_subnet"].subnet_id + display_name = "5GC-Signalling vnic" + private_ip = [for hostnum in range(4, 15) : cidrhost(lookup(local.network_cidrs, "SUBNET-5GC-SIGNALLING-CIDR"), hostnum)][index(data.oci_containerengine_node_pool.node_pool_1.nodes.*.id, data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id)] + subnet_id = module.oke-quickstart.subnets["5GC_Signalling_subnet"].subnet_id defined_tags = {} - freeform_tags = { "Network" : "5GC-OAM" } + freeform_tags = { "Network" : "5GC-Signalling" } } instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id } -resource "oci_core_vnic_attachment" "vnic_attachment_5gc_signalling" { +resource "oci_core_vnic_attachment" "vnic_attachment_5gc_oam" { count = var.node_pool_initial_num_worker_nodes_1 create_vnic_details { - display_name = "5GC-Signalling vnic" - private_ip = [for hostnum in range(4, 15) : cidrhost(lookup(local.network_cidrs, "SUBNET-5GC-SIGNALLING-CIDR"), hostnum)][index(data.oci_containerengine_node_pool.node_pool_1.nodes.*.id, data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id)] - subnet_id = module.oke-quickstart.subnets["5GC_Signalling_subnet"].subnet_id + display_name = "5GC-OAM vnic" + private_ip = [for hostnum in range(4, 15) : cidrhost(lookup(local.network_cidrs, "SUBNET-5GC-OAM-CIDR"), hostnum)][index(data.oci_containerengine_node_pool.node_pool_1.nodes.*.id, data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id)] + subnet_id = module.oke-quickstart.subnets["5GC_OAM_subnet"].subnet_id defined_tags = {} - freeform_tags = { "Network" : "5GC-Signalling" } + freeform_tags = { "Network" : "5GC-OAM" } } instance_id = data.oci_containerengine_node_pool.node_pool_1.nodes[count.index].id } diff --git a/examples/5G-NF-Infra/oke.tf b/examples/5G-NF-Infra/oke.tf index 18c47b9..228c537 100644 --- a/examples/5G-NF-Infra/oke.tf +++ b/examples/5G-NF-Infra/oke.tf @@ -26,14 +26,17 @@ module "oke-quickstart" { extra_subnets = local.extra_subnets # OKE Node Pool 1 arguments - node_pool_cni_type_1 = "OCI_VCN_IP_NATIVE" # Use "FLANNEL_OVERLAY" for overlay network or "OCI_VCN_IP_NATIVE" for VCN Native PODs Network. If the node pool 1 uses the OCI_VCN_IP_NATIVE, the cluster will also be configured with same cni - cluster_autoscaler_enabled = true - node_pool_name_1 = "pool1" - node_pool_initial_num_worker_nodes_1 = var.node_pool_initial_num_worker_nodes_1 # Minimum number of nodes in the node pool - node_pool_max_num_worker_nodes_1 = var.node_pool_max_num_worker_nodes_1 # Maximum number of nodes in the node pool - node_pool_instance_shape_1 = var.node_pool_instance_shape_1 - extra_security_list_name_for_nodes = "5g_for_pods_security_list" - extra_security_list_name_for_vcn_native_pod_networking = "5g_for_pods_security_list" + node_pool_cni_type_1 = "OCI_VCN_IP_NATIVE" # Use "FLANNEL_OVERLAY" for overlay network or "OCI_VCN_IP_NATIVE" for VCN Native PODs Network. If the node pool 1 uses the OCI_VCN_IP_NATIVE, the cluster will also be configured with same cni + cluster_autoscaler_enabled = true + node_pool_name_1 = "pool1" + node_pool_initial_num_worker_nodes_1 = var.node_pool_initial_num_worker_nodes_1 # Minimum number of nodes in the node pool + node_pool_max_num_worker_nodes_1 = var.node_pool_max_num_worker_nodes_1 # Maximum number of nodes in the node pool + node_pool_instance_shape_1 = var.node_pool_instance_shape_1 + extra_initial_node_labels_1 = [{ key = "cnf", value = "amf01" }] # Extra initial node labels for node pool 1. Example: "[{ key = "app.something/key1", value = "value1" }]" + + # Extra Security Lists + extra_security_list_name_for_nodes = "5g_for_pods_security_list" # ["5g_for_pods_security_list", "5g_sctp_security_list"] + extra_security_list_name_for_vcn_native_pod_networking = "5g_for_pods_security_list" # ["5g_for_pods_security_list", "5g_sctp_security_list"] # Cluster Tools # ingress_nginx_enabled = true From d0fed414ace31b2176b54e362f20ac2fdfefbc46 Mon Sep 17 00:00:00 2001 From: junior Date: Sun, 11 Dec 2022 19:23:57 -0600 Subject: [PATCH 2/4] Cloud init args and parts support for Node Pool Signed-off-by: junior --- main.tf | 4 ++++ modules/oke-node-pool/datasources.tf | 24 ++++++++++++++++++++++++ modules/oke-node-pool/main.tf | 11 ++++++++++- modules/oke-node-pool/variables.tf | 14 ++++++++++++++ 4 files changed, 52 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index f7de680..ff1bfa5 100644 --- a/main.tf +++ b/main.tf @@ -119,6 +119,8 @@ module "oke_node_pools" { node_pool_node_shape_config_ocpus = each.value.node_pool_node_shape_config_ocpus node_pool_node_shape_config_memory_in_gbs = each.value.node_pool_node_shape_config_memory_in_gbs existent_oke_nodepool_id_for_autoscaler = each.value.existent_oke_nodepool_id_for_autoscaler + node_pool_oke_init_params = each.value.node_pool_oke_init_params + node_pool_cloud_init_parts = each.value.node_pool_cloud_init_parts public_ssh_key = local.workers_public_ssh_key image_operating_system = each.value.image_operating_system image_operating_system_version = each.value.image_operating_system_version @@ -148,6 +150,8 @@ locals { node_pool_node_shape_config_memory_in_gbs = var.node_pool_instance_shape_1.memory node_pool_boot_volume_size_in_gbs = var.node_pool_boot_volume_size_in_gbs_1 existent_oke_nodepool_id_for_autoscaler = var.existent_oke_nodepool_id_for_autoscaler_1 + node_pool_oke_init_params = var.node_pool_oke_init_params_1 + node_pool_cloud_init_parts = var.node_pool_cloud_init_parts_1 node_pool_alternative_subnet = null image_operating_system = var.image_operating_system_1 image_operating_system_version = var.image_operating_system_version_1 diff --git a/modules/oke-node-pool/datasources.tf b/modules/oke-node-pool/datasources.tf index 9a8de2a..e471763 100644 --- a/modules/oke-node-pool/datasources.tf +++ b/modules/oke-node-pool/datasources.tf @@ -27,4 +27,28 @@ data "oci_identity_availability_domain" "specfic" { ad_number = var.node_pool_shape_specific_ad count = (var.node_pool_shape_specific_ad > 0) ? 1 : 0 +} + +# Prepare Cloud Unit for Node Pool nodes +data "cloudinit_config" "nodes" { + gzip = true + base64_encode = true + + part { + content_type = "text/x-shellscript" + content = </var/run/oke-init.sh +bash /var/run/oke-init.sh ${var.node_pool_oke_init_params} +EOF + } + + dynamic "part" { + for_each = var.node_pool_cloud_init_parts + content { + content_type = part.value["content_type"] + content = part.value["content"] + filename = part.value["filename"] + } + } } \ No newline at end of file diff --git a/modules/oke-node-pool/main.tf b/modules/oke-node-pool/main.tf index 9239294..b632280 100644 --- a/modules/oke-node-pool/main.tf +++ b/modules/oke-node-pool/main.tf @@ -53,7 +53,16 @@ resource "oci_containerengine_node_pool" "oke_node_pool" { # eviction_grace_duration = "PT1H" # is_force_delete_after_grace_duration = false # } - # node_metadata = {} + node_metadata = { + user_data = anytrue([var.node_pool_oke_init_params != "", var.node_pool_cloud_init_parts != []]) ? data.cloudinit_config.nodes.rendered : null + } + # dynamic "node_metadata" { + # for_each = alltrue([var.node_pool_oke_init_params != "", var.node_pool_cloud_init_parts != []]) ? [1] : [] + + # content { + # user_data = data.cloudinit_config.nodes.rendered + # } + # } initial_node_labels { key = "name" diff --git a/modules/oke-node-pool/variables.tf b/modules/oke-node-pool/variables.tf index b6acf20..1f87c93 100644 --- a/modules/oke-node-pool/variables.tf +++ b/modules/oke-node-pool/variables.tf @@ -85,6 +85,20 @@ variable "node_pool_boot_volume_size_in_gbs" { default = "50" description = "Specify a custom boot volume size (in GB)" } +variable "node_pool_oke_init_params" { + type = string + default = "" + description = "OKE Init params" +} +variable "node_pool_cloud_init_parts" { + type = list(object({ + content_type = string + content = string + filename = string + })) + default = [] + description = "Node Pool nodes Cloud init parts" +} variable "public_ssh_key" { default = "" description = "In order to access your private nodes with a public SSH key you will need to set up a bastion host (a.k.a. jump box). If using public nodes, bastion is not needed. Left blank to not import keys." From b80f75e5f04957229a71b38c0e8f281ccff89f8e Mon Sep 17 00:00:00 2001 From: junior Date: Sun, 11 Dec 2022 19:24:29 -0600 Subject: [PATCH 3/4] Version update 0.8.11 Signed-off-by: junior --- .terraform.lock.hcl | 62 +++++++++++++++++--------- VERSION | 2 +- modules/cluster-tools/cluster-tools.tf | 6 +-- variables.tf | 17 +++++++ 4 files changed, 63 insertions(+), 24 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index c99c938..907c85d 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -1,6 +1,28 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/hashicorp/cloudinit" { + version = "2.2.0" + hashes = [ + "h1:CUOSIT4XzkJXEpPp4dBL+rxxLgqamwiMvuhBVNHC7AI=", + "h1:Id6dDkpuSSLbGPTdbw49bVS/7XXHu/+d7CJoGDqtk5g=", + "h1:jjiYQ9lHpy5Ca9GoWbsXtuDr2HLgDQY8my1gIrp1lSo=", + "h1:siiI0wK6/jUDdA5P8ifTO0yc9YmXHml4hz5K9I9N+MA=", + "h1:tQLNREqesrdCQ/bIJnl0+yUK+XfdWzAG0wo4lp10LvM=", + "zh:76825122171f9ea2287fd27e23e80a7eb482f6491a4f41a096d77b666896ee96", + "zh:795a36dee548e30ca9c9d474af9ad6d29290e0a9816154ad38d55381cd0ab12d", + "zh:9200f02cb917fb99e44b40a68936fd60d338e4d30a718b7e2e48024a795a61b9", + "zh:a33cf255dc670c20678063aa84218e2c1b7a67d557f480d8ec0f68bc428ed472", + "zh:ba3c1b2cd0879286c1f531862c027ec04783ece81de67c9a3b97076f1ce7f58f", + "zh:bd575456394428a1a02191d2e46af0c00e41fd4f28cfe117d57b6aeb5154a0fb", + "zh:c68dd1db83d8437c36c92dc3fc11d71ced9def3483dd28c45f8640cfcd59de9a", + "zh:cbfe34a90852ed03cc074601527bb580a648127255c08589bc3ef4bf4f2e7e0c", + "zh:d6ffd7398c6d1f359b96f5b757e77b99b339fbb91df1b96ac974fe71bc87695c", + "zh:d9c15285f847d7a52df59e044184fb3ba1b7679fd0386291ed183782683d9517", + "zh:f7dd02f6d36844da23c9a27bb084503812c29c1aec4aba97237fec16860fdc8c", + ] +} + provider "registry.terraform.io/hashicorp/helm" { version = "2.7.1" constraints = "~> 2.0" @@ -122,28 +144,28 @@ provider "registry.terraform.io/hashicorp/tls" { } provider "registry.terraform.io/oracle/oci" { - version = "4.100.0" + version = "4.101.0" constraints = "~> 4.0, < 5.0.0" hashes = [ - "h1:+0Pm2WJJp0GQl4C9QDhTnSJBqGFXvhgMQ8WkWTu8QIY=", - "h1:3rtBfD9IPG9z7ydYWs08Txe1ZHYxqkxjyKSjstX2Bo0=", - "h1:BpM8YrOiZ3ajv6gvrXLxOUJwsE3eaXi2AC+bTn3i03Q=", - "h1:QS3APdB7If4HxMg5YbSNBJfUsqxWM5M5CaeCf/XSexY=", - "h1:f97kXEpp1oOhc+n4S9X2UvnEfekRdBxbTrs7J+UB60w=", - "zh:0dc0e910571ad00c471fedcbe68b791f34a764dc0df1ff871fe1a51e3d465ef1", - "zh:26257947e6cf3453e0d07833e233d96078b39037bfd6a2db3f6842f05caebad1", - "zh:2e036ab44819ad04974617aaf9bd8b016c0798493e4606585e2a8ad8f2052156", - "zh:32f6c96d2fbdba7cb6b2d850feea4d206ff61341e9c83500d3d44103efd55818", - "zh:3dc321dec2fe35871b205193c6527db505dcf28415a70026761c4ef10708312f", - "zh:49e758d8a11f0403bc64a8a30183d2ff0b96df911826a591c4319e2e50770034", - "zh:6185331207b765c7a92441a7eb32dccaa62de98669b18d0220ee0077196d2378", - "zh:6527596a7529bf4021a759d2049e438ae74e31e818434782b77a923c6d134613", - "zh:6885c165da75806dd829888f873f73a1ea5a7c5903eec64bd113560fd527a75f", - "zh:7102fabc7fdd00d6d22e7d8d178006e96e1b7a7dbb0f41f45c5686fa232d08d9", - "zh:81ed89eb1a9ff0626a3d060574d7536012c2266c7b3b3ef948b323c3e4c61331", + "h1:ECcsaXhPwZsZ0BUmmKia6nI2REp9sjBTfasg4Wud/3s=", + "h1:EiUMOLtXA2AT0A1ReOVLEtmaR8WSAlt6OHjc1mLHt6c=", + "h1:QqKbA6FhA3ZejqfFAaUmkqvM15wKP+sV9h7IcwJVu0E=", + "h1:TCmqAPXxdXGg1Mvu4SVLvzRYnTWgms8rIl6l3w1t2kQ=", + "h1:Y/9AApA1Jn9sOK9AcVeqiNezUfLLr5zFWDgYJPKeJIU=", + "zh:085310bdfa294767f6013d21c5fd63073864de55a6457f6091b94f7bf4511b13", + "zh:1dffc72da17000a6ad36654f7ac765177709d21d24c0bd5639c1da904dd35aac", + "zh:1f77446246f8e37ebeba3ca3664d2b922c7d46f980a4389a3b24549e79fd6b77", + "zh:3db94e7a24f23aa6feb1bbdbff2b431c0c40ebfea9d4a372292b58f9ffa0928e", + "zh:61b8bd1b89c44bd21ef5b8d7369dbd895fa8b1621ba105f22ff4f33b86a30478", + "zh:63884156bdaef184587605bd7497765bc31a4a0fb2dbcadb891763a407d99d10", + "zh:67ff1187e43d65baf8f594fb152b005983291d06b7c446c7fb7b5ddd96a72acf", + "zh:72f632251cd89343db794ab5687f3fac72819235a5fd0b4425326f9655cc4542", + "zh:835cca40de584d2cd8e67ab7303c448dbcc568e64e434f8a9349d569feabd8ec", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:c934f317d80cc04149f1eb52a1354406877f264632587b8ca006cfec53cbd4ba", - "zh:ce834b3686e8e87ec5e05716115434bc122f49d3c12b2c4ae279aa453992968c", - "zh:ee3c0043cec00189f49581b341984793996396302e8b8407faa97bb627fa3f1d", + "zh:bc70974bb4587b11cbf9bbacf6a516b2776fe0dc4901ec94cba3389bfd2e8e8e", + "zh:bd7964b9a1f788d8f73f0d14ee81db3fc0e8349aa5ba5e65043cf7b2ab74b1a5", + "zh:c367a8808ccee80fb1eaf575c5d52cce41289b755e2a7b5727f89e9c71f6f413", + "zh:e042cc6cc94a88a49ced0d42bfded50c164cc8080e15072298a0da1735453f95", + "zh:e9cba16806010a27f218f8878ca80dea2b132f2ddd2783c139d2bb93a0115ab8", ] } diff --git a/VERSION b/VERSION index e6663d4..b216b0e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.8.10 \ No newline at end of file +0.8.11 \ No newline at end of file diff --git a/modules/cluster-tools/cluster-tools.tf b/modules/cluster-tools/cluster-tools.tf index 9c4f520..13f11a0 100644 --- a/modules/cluster-tools/cluster-tools.tf +++ b/modules/cluster-tools/cluster-tools.tf @@ -19,11 +19,11 @@ locals { jetstack = "https://charts.jetstack.io" # cert-manager jetstack_version = "1.10.1" # cert-manager grafana = "https://grafana.github.io/helm-charts" - grafana_version = "6.45.0" + grafana_version = "6.47.1" prometheus = "https://prometheus-community.github.io/helm-charts" - prometheus_version = "18.4.0" + prometheus_version = "19.0.1" metrics_server = "https://kubernetes-sigs.github.io/metrics-server" - metrics_server_version = "3.8.2" + metrics_server_version = "3.8.3" } use_cluster_tools_namespace = anytrue([var.grafana_enabled, var.ingress_nginx_enabled, var.cert_manager_enabled, var.prometheus_enabled]) ? true : false } diff --git a/variables.tf b/variables.tf index cc02727..2570217 100644 --- a/variables.tf +++ b/variables.tf @@ -289,6 +289,20 @@ variable "image_operating_system_version_1" { default = "8" description = "The OS/image version installed on all nodes in the node pool." } +variable "node_pool_oke_init_params_1" { + type = string + default = "" + description = "OKE Init params" +} +variable "node_pool_cloud_init_parts_1" { + type = list(object({ + content_type = string + content = string + filename = string + })) + default = [] + description = "Node Pool nodes Cloud init parts" +} variable "generate_public_ssh_key" { default = true } @@ -296,6 +310,9 @@ variable "public_ssh_key" { default = "" description = "In order to access your private nodes with a public SSH key you will need to set up a bastion host (a.k.a. jump box). If using public nodes, bastion is not needed. Left blank to not import keys." } +################################################################################ +# Variables: OKE Extra Node Pools +################################################################################ variable "extra_node_pools" { default = [] description = "Extra node pools to be added to the cluster" From 247ee55355a48ed73c7a5eaa612a6322593e1bda Mon Sep 17 00:00:00 2001 From: junior Date: Sun, 11 Dec 2022 19:30:59 -0600 Subject: [PATCH 4/4] 5G NF Infra example: using cloud init Signed-off-by: junior --- examples/5G-NF-Infra/oke.tf | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/examples/5G-NF-Infra/oke.tf b/examples/5G-NF-Infra/oke.tf index 228c537..97abcec 100644 --- a/examples/5G-NF-Infra/oke.tf +++ b/examples/5G-NF-Infra/oke.tf @@ -6,7 +6,7 @@ # OKE Cluster ################################################################################ module "oke-quickstart" { - source = "github.com/oracle-quickstart/terraform-oci-oke-quickstart?ref=0.8.10" + source = "github.com/oracle-quickstart/terraform-oci-oke-quickstart?ref=0.8.11" # Oracle Cloud Infrastructure Tenancy and Compartment OCID tenancy_ocid = var.tenancy_ocid @@ -33,6 +33,20 @@ module "oke-quickstart" { node_pool_max_num_worker_nodes_1 = var.node_pool_max_num_worker_nodes_1 # Maximum number of nodes in the node pool node_pool_instance_shape_1 = var.node_pool_instance_shape_1 extra_initial_node_labels_1 = [{ key = "cnf", value = "amf01" }] # Extra initial node labels for node pool 1. Example: "[{ key = "app.something/key1", value = "value1" }]" + node_pool_cloud_init_parts_1 = [{ + content_type = "text/cloud-config" + content = <