Merge pull request #5 from junior/zero-six-zero

Zero six zero

VERSION

@@ -1 +1 @@
-0.5.0
+0.6.0

module-cluster-tools.tf

@@ -6,20 +6,31 @@ module "cluster-tools" {
   source = "./modules/cluster-tools"
 
   # Oracle Cloud Infrastructure Tenancy and Compartment OCID
-  tenancy_ocid     = var.tenancy_ocid
-  compartment_ocid = var.compartment_ocid
-  region           = var.region
+  tenancy_ocid = var.tenancy_ocid
+  # compartment_ocid = var.compartment_ocid
+  region = var.region
+
+  # Deployment Tags + Freeform Tags + Defined Tags
+  oci_tag_values = local.oci_tag_values
 
   # Cluster Tools
   ## Namespace
   cluster_tools_namespace = "cluster-tools"
 
-  ## Ingress
+  ## Ingress Controller
   ingress_nginx_enabled                = var.ingress_nginx_enabled
   ingress_load_balancer_shape          = var.ingress_load_balancer_shape
   ingress_load_balancer_shape_flex_min = var.ingress_load_balancer_shape_flex_min
   ingress_load_balancer_shape_flex_max = var.ingress_load_balancer_shape_flex_max
 
+  ## Ingress
+  ingress_hosts                = var.ingress_hosts
+  ingress_tls                  = var.ingress_tls
+  ingress_cluster_issuer       = var.ingress_cluster_issuer
+  ingress_email_issuer         = var.ingress_email_issuer
+  ingress_hosts_include_nip_io = var.ingress_hosts_include_nip_io
+  nip_io_domain                = var.nip_io_domain
+
   ## Cert Manager
   cert_manager_enabled = var.cert_manager_enabled
 
@@ -36,7 +47,7 @@ module "cluster-tools" {
 }
 
 # Kubernetes Cluster Tools
-## Ingress/LoadBalancer
+## IngressController/LoadBalancer
 variable "ingress_nginx_enabled" {
   default     = true
   description = "Enable Ingress Nginx for Kubernetes Services (This option provision a Load Balancer)"
@@ -50,13 +61,38 @@ variable "ingress_load_balancer_shape_flex_min" {
   description = "Enter the minimum size of the flexible shape."
 }
 variable "ingress_load_balancer_shape_flex_max" {
-  default     = "100" # From 10 to 8000. Cannot be lower than flex_min
+  default     = "100" # From 10 to 8000. Cannot be lower than ingress_load_balancer_shape_flex_min
   description = "Enter the maximum size of the flexible shape (Should be bigger than minimum size). The maximum service limit is set by your tenancy limits."
 }
+## Ingresses
+variable "ingress_hosts" {
+  default     = ""
+  description = "Enter a valid full qualified domain name (FQDN). You will need to map the domain name to the EXTERNAL-IP address on your DNS provider (DNS Registry type - A). If you have multiple domain names, include separated by comma. e.g.: mushop.example.com,catshop.com"
+}
+variable "ingress_hosts_include_nip_io" {
+  default     = true
+  description = "Include app_name.HEXXX.nip.io on the ingress hosts. e.g.: mushop.HEXXX.nip.io"
+}
+variable "nip_io_domain" {
+  default     = "nip.io"
+  description = "Dynamic wildcard DNS for the application hostname. Should support hex notation. e.g.: nip.io"
+}
+variable "ingress_tls" {
+  default     = false
+  description = "If enabled, will generate SSL certificates to enable HTTPS for the ingress using the Certificate Issuer"
+}
+variable "ingress_cluster_issuer" {
+  default     = "letsencrypt-prod"
+  description = "Certificate issuer type. Currently supports the free Let's Encrypt and Self-Signed. Only *letsencrypt-prod* generates valid certificates"
+}
+variable "ingress_email_issuer" {
+  default     = "[email protected]"
+  description = "You must replace this email address with your own. The certificate provider will use this to contact you about expiring certificates, and issues related to your account."
+}
 
 ## Cert Manager
 variable "cert_manager_enabled" {
-  default     = false
+  default     = true
   description = "Enable x509 Certificate Management"
 }
 
@@ -74,12 +110,29 @@ variable "prometheus_enabled" {
 
 ## Grafana
 variable "grafana_enabled" {
-  default     = false
+  default     = true
   description = "Enable Grafana Dashboards. Includes example dashboards and Prometheus, OCI Logging and OCI Metrics datasources"
 }
 
 # Cluster Tools Outputs
+## grafana
 output "grafana_admin_password" {
   value     = module.cluster-tools.grafana_admin_password
   sensitive = true
-}
+}
+
+## Ingress Controller
+locals {
+  app_domain   = module.cluster-tools.ingress_controller_load_balancer_hostname
+  url_protocol = module.cluster-tools.url_protocol
+}
+
+output "grafana_url" {
+  value       = (var.grafana_enabled && var.ingress_nginx_enabled) ? format("${local.url_protocol}://%s/grafana", local.app_domain) : null
+  description = "Grafana Dashboards URL"
+}
+
+output "app_url" {
+  value       = (var.ingress_nginx_enabled) ? format("${local.url_protocol}://%s", local.app_domain) : null
+  description = "Application URL"
+}

module-oke.tf

@@ -13,8 +13,8 @@ module "vault" {
   # Oracle Cloud Infrastructure Tenancy and Compartment OCID
   tenancy_ocid = var.tenancy_ocid
 
-  # Deployment Tags + Freeform Tags
-  freeform_deployment_tags = local.freeform_deployment_tags
+  # Deployment Tags + Freeform Tags + Defined Tags
+  oci_tag_values = local.oci_tag_values
 
   # Encryption (OCI Vault/Key Management/KMS)
   use_encryption_from_oci_vault = var.use_encryption_from_oci_vault
@@ -43,8 +43,10 @@ module "oke" {
   compartment_ocid = local.oke_compartment_ocid
   region           = var.region
 
-  # Deployment Tags + Freeform Tags
-  freeform_deployment_tags = local.freeform_deployment_tags
+  # Deployment Tags + Freeform Tags + Defined Tags
+  cluster_tags        = local.oci_tag_values
+  load_balancers_tags = local.oci_tag_values
+  block_volumes_tags  = local.oci_tag_values
 
   # OKE Cluster
   ## create_new_oke_cluster
@@ -74,7 +76,8 @@ module "oke_node_pool" {
   source   = "./modules/oke-node-pool"
 
   # Deployment Tags + Freeform Tags
-  freeform_deployment_tags = local.freeform_deployment_tags
+  node_pools_tags   = local.oci_tag_values
+  worker_nodes_tags = local.oci_tag_values
 
   # Oracle Cloud Infrastructure Tenancy and Compartment OCID
   tenancy_ocid = var.tenancy_ocid
@@ -135,10 +138,6 @@ module "oke_cluster_autoscaler" {
 }
 
 ## OKE Cluster Details
-variable "app_name" {
-  default     = "K8s App"
-  description = "Application name. Will be used as prefix to identify resources, such as OKE, VCN, ATP, and others"
-}
 variable "create_new_oke_cluster" {
   default     = true
   description = "Creates a new OKE cluster, node pool and network resources"
@@ -293,7 +292,7 @@ resource "random_string" "deploy_id" {
 resource "oci_identity_compartment" "oke_compartment" {
   compartment_id = var.compartment_ocid
   name           = "${local.app_name_normalized}-${local.deploy_id}"
-  description    = "${var.app_name} ${var.oke_compartment_description} (Deployment ${local.deploy_id})"
+  description    = "${local.app_name} ${var.oke_compartment_description} (Deployment ${local.deploy_id})"
   enable_delete  = true
 
   count = var.create_new_compartment_for_oke ? 1 : 0
@@ -313,9 +312,15 @@ locals {
     "DeploymentID" = local.deploy_id,
     "AppName"      = var.app_name,
   "Quickstart" = "oke_base" }
-  freeform_deployment_tags = merge(var.tag_values.freeformTags, local.deploy_tags)
-  workers_public_ssh_key   = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.public_key_openssh : var.public_ssh_key
-  app_name_normalized      = substr(replace(lower(var.app_name), " ", "-"), 0, 6)
+  # freeform_deployment_tags = merge(var.tag_values.freeformTags, local.deploy_tags)
+  oci_tag_values = {
+    "freeformTags" = merge(var.tag_values.freeformTags, local.deploy_tags),
+    "definedTags"  = var.tag_values.definedTags
+  }
+  workers_public_ssh_key = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.public_key_openssh : var.public_ssh_key
+  app_name               = var.app_name
+  app_name_normalized    = substr(replace(lower(var.app_name), " ", "-"), 0, 6)
+  app_name_for_dns       = substr(lower(replace(var.app_name, "/\\W|_|\\s/", "")), 0, 6)
 }
 
 # OKE Outputs

modules/cluster-tools/cert-manager.tf

@@ -8,26 +8,14 @@ variable "cert_manager_enabled" {
   description = "Enable x509 Certificate Management"
 }
 
-# Cert Manager Helm chart
-## https://github.com/jetstack/cert-manager/blob/master/README.md
-## https://artifacthub.io/packages/helm/cert-manager/cert-manager
-resource "helm_release" "cert_manager" {
-  name       = "cert-manager"
-  repository = local.helm_repository.jetstack
-  chart      = "cert-manager"
-  version    = local.helm_repository.jetstack_version
-  namespace  = kubernetes_namespace.cluster_tools.id
-  wait       = true # wait to allow the webhook be properly configured
+module "cert-manager" {
+  source = "./modules/cert-manager"
 
-  set {
-    name  = "installCRDs"
-    value = true
-  }
-
-  set {
-    name  = "webhook.timeoutSeconds"
-    value = "30"
-  }
+  # Helm Release variables
+  chart_namespace      = kubernetes_namespace.cluster_tools.id
+  chart_repository     = local.helm_repository.jetstack
+  chart_version        = local.helm_repository.jetstack_version
+  ingress_email_issuer = var.ingress_email_issuer
 
   count = var.cert_manager_enabled ? 1 : 0
 }

modules/cluster-tools/cluster-tools.tf

@@ -13,11 +13,11 @@ locals {
   # Helm repos
   helm_repository = {
     ingress_nginx          = "https://kubernetes.github.io/ingress-nginx"
-    ingress_nginx_version  = "4.2.3"
+    ingress_nginx_version  = "4.2.5"
     jetstack               = "https://charts.jetstack.io" # cert-manager
     jetstack_version       = "1.9.1"                      # cert-manager
     grafana                = "https://grafana.github.io/helm-charts"
-    grafana_version        = "6.34.0"
+    grafana_version        = "6.38.0"
     prometheus             = "https://prometheus-community.github.io/helm-charts"
     prometheus_version     = "15.12.0"
     metrics_server         = "https://kubernetes-sigs.github.io/metrics-server"
@@ -27,7 +27,7 @@ locals {
 
 # OCI Provider
 variable "tenancy_ocid" {}
-variable "compartment_ocid" {}
+# variable "compartment_ocid" {}
 variable "region" {}
 
 # Namespace