+5

Makefile

reviewed

··· 1 1 + .POSIX: 2 2 + 3 3 + .PHONY: infra 4 4 + infra: 5 5 + make -C infra

+1 -1

infra/Makefile

reviewed

··· 1 1 - default: init apply 1 1 + default: init plan 2 2 3 3 init: 4 4 terraform init

+16 -3

infra/main.tf

reviewed

··· 1 1 + # TODO The private key generated by this resource will be stored unencrypted in your Terraform state file. 2 2 + # Generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run instead. 3 3 + resource "tls_private_key" "ssh" { 4 4 + algorithm = "ECDSA" 5 5 + ecdsa_curve = "P256" 6 6 + } 7 7 + 8 8 + module "network" { 9 9 + source = "./modules/network" 10 10 + } 11 11 + 1 12 module "k3s_cluster" { 2 2 - source = "./modules/k3s-cluster" 3 3 - server_count = 1 4 4 - agent_count = 3 13 13 + source = "./modules/k3s-cluster" 14 14 + server_count = 1 15 15 + agent_count = 3 16 16 + ssh_public_key = tls_private_key.ssh.public_key_openssh 17 17 + subnet_id = module.network.subnet_id 5 18 }

+27 -6

infra/modules/k3s-cluster/main.tf

reviewed

··· 1 1 - module "server_pool" { 2 2 - source = "../k3s-node-pool" 3 3 - node_count = var.server_count 1 1 + # module "server_pool" { 2 2 + # count = var.server_count 3 3 + # source = "../virtual-machine" 4 4 + # subnet_id = var.subnet_id 5 5 + # ssh_public_key = var.ssh_public_key 6 6 + # } 7 7 + 8 8 + # module "agent_pool" { 9 9 + # count = var.agent_count 10 10 + # source = "../virtual-machine" 11 11 + # subnet_id = var.subnet_id 12 12 + # ssh_public_key = var.ssh_public_key 13 13 + # } 14 14 + 15 15 + resource "oci_core_instance_configuration" "test_instance_configuration" { 16 16 + compartment_id = var.compartment_id 4 17 } 5 18 6 6 - module "agent_pool" { 7 7 - source = "../k3s-node-pool" 8 8 - node_count = var.agent_count 19 19 + resource "oci_core_instance_pool" "agent_pool" { 20 20 + #Required 21 21 + compartment_id = var.compartment_id 22 22 + instance_configuration_id = oci_core_instance_configuration.test_instance_configuration.id 23 23 + placement_configurations { 24 24 + #Required 25 25 + availability_domain = "gHLA:US-SANJOSE-1-AD-1" 26 26 + primary_subnet_id = var.subnet_id 27 27 + 28 28 + } 29 29 + size = var.agent_count 9 30 }

+13 -1

infra/modules/k3s-cluster/variables.tf

reviewed

··· 3 3 } 4 4 5 5 variable "agent_count" { 6 6 - description = "Number of agent nodes" 6 6 + description = "Number of agent (worker) nodes" 7 7 + } 8 8 + 9 9 + variable "subnet_id" { 7 10 } 11 11 + 12 12 + variable "ssh_public_key" { 13 13 + description = "SSH public key to add to all nodes" 14 14 + } 15 15 + 16 16 + variable "compartment_id" { 17 17 + default = "ocid1.compartment.oc1..aaaaaaaasvkl7yw6gj2pytybimo6ax7fg2jq7m4t5aueig3xrnfxwo7xwulq" 18 18 + } 19 19 +

-4

infra/modules/k3s-node-pool/main.tf

reviewed

··· 1 1 - module "virtual_machine" { 2 2 - count = var.node_count 3 3 - source = "../virtual-machine" 4 4 - }

-3

infra/modules/k3s-node-pool/variables.tf

reviewed

··· 1 1 - variable "node_count" { 2 2 - description = "Number of node in the pool" 3 3 - }

+86

infra/modules/network/main.tf

reviewed

··· 1 1 + resource "oci_core_vcn" "vcn" { 2 2 + cidr_blocks = var.vcn_cidr_blocks 3 3 + compartment_id = var.compartment_id 4 4 + } 5 5 + 6 6 + resource "oci_core_security_list" "security_list" { 7 7 + compartment_id = var.compartment_id 8 8 + vcn_id = oci_core_vcn.vcn.id 9 9 + 10 10 + ingress_security_rules { 11 11 + description = "Wireguard" 12 12 + protocol = "17" # UDP 13 13 + source = "0.0.0.0/0" 14 14 + stateless = false 15 15 + 16 16 + udp_options { 17 17 + source_port_range { 18 18 + min = 1 19 19 + max = 65535 20 20 + } 21 21 + 22 22 + min = 51820 23 23 + max = 51820 24 24 + } 25 25 + } 26 26 + 27 27 + ingress_security_rules { 28 28 + description = "HTTP" 29 29 + protocol = "6" # TCP 30 30 + source = "0.0.0.0/0" 31 31 + stateless = false 32 32 + 33 33 + tcp_options { 34 34 + source_port_range { 35 35 + min = 1 36 36 + max = 65535 37 37 + } 38 38 + 39 39 + min = 80 40 40 + max = 80 41 41 + } 42 42 + } 43 43 + 44 44 + ingress_security_rules { 45 45 + description = "HTTPS" 46 46 + protocol = "6" # TCP 47 47 + source = "0.0.0.0/0" 48 48 + stateless = false 49 49 + 50 50 + tcp_options { 51 51 + source_port_range { 52 52 + min = 1 53 53 + max = 65535 54 54 + } 55 55 + 56 56 + min = 443 57 57 + max = 443 58 58 + } 59 59 + } 60 60 + } 61 61 + 62 62 + resource "oci_core_subnet" "subnet" { 63 63 + cidr_block = var.subnet_cidr_block 64 64 + compartment_id = var.compartment_id 65 65 + route_table_id = oci_core_vcn.vcn.default_route_table_id 66 66 + vcn_id = oci_core_vcn.vcn.id 67 67 + 68 68 + security_list_ids = [ 69 69 + oci_core_vcn.vcn.default_security_list_id, 70 70 + oci_core_security_list.security_list.id 71 71 + ] 72 72 + } 73 73 + 74 74 + resource "oci_core_internet_gateway" "internet_gateway" { 75 75 + compartment_id = var.compartment_id 76 76 + vcn_id = oci_core_vcn.vcn.id 77 77 + } 78 78 + 79 79 + resource "oci_core_default_route_table" "default_route_table" { 80 80 + route_rules { 81 81 + destination = "0.0.0.0/0" 82 82 + destination_type = "CIDR_BLOCK" 83 83 + network_entity_id = oci_core_internet_gateway.internet_gateway.id 84 84 + } 85 85 + manage_default_resource_id = oci_core_vcn.vcn.default_route_table_id 86 86 + }

+3

infra/modules/network/outputs.tf

reviewed

··· 1 1 + output "subnet_id" { 2 2 + value = oci_core_subnet.subnet.id 3 3 + }

+13

infra/modules/network/variables.tf

reviewed

··· 1 1 + variable "compartment_id" { 2 2 + default = "ocid1.compartment.oc1..aaaaaaaasvkl7yw6gj2pytybimo6ax7fg2jq7m4t5aueig3xrnfxwo7xwulq" 3 3 + } 4 4 + 5 5 + variable "vcn_cidr_blocks" { 6 6 + default = [ 7 7 + "10.0.0.0/16" 8 8 + ] 9 9 + } 10 10 + 11 11 + variable "subnet_cidr_block" { 12 12 + default = "10.0.0.0/24" 13 13 + }

infra/modules/virtual-cloud-network/main.tf

reviewed

This is a binary file and will not be displayed.

+2 -100

infra/modules/virtual-machine/main.tf

reviewed

··· 1 1 - resource "tls_private_key" "ssh" { 2 2 - algorithm = "ECDSA" 3 3 - ecdsa_curve = "P256" 4 4 - } 5 5 - 6 6 - resource "local_file" "ssh_private_key" { 7 7 - content = tls_private_key.ssh.private_key_pem 8 8 - filename = "${path.module}/private.pem" 9 9 - file_permission = "0600" 10 10 - } 11 11 - 12 1 resource "oci_core_instance" "instance" { 13 2 availability_domain = "gHLA:US-SANJOSE-1-AD-1" # TODO 14 3 compartment_id = var.compartment_id ··· 20 9 21 10 create_vnic_details { 22 11 assign_public_ip = "true" 23 23 - subnet_id = oci_core_subnet.subnet.id 12 12 + subnet_id = var.subnet_id 24 13 } 25 14 26 15 source_details { ··· 29 18 } 30 19 31 20 metadata = { 32 32 - ssh_authorized_keys = tls_private_key.ssh.public_key_openssh 21 21 + ssh_authorized_keys = var.ssh_public_key 33 22 user_data = filebase64("${path.module}/cloud-init.yaml") 34 23 } 35 24 } 36 36 - 37 37 - resource "oci_core_vcn" "vcn" { 38 38 - cidr_block = var.vcn_cidr_blocks[0] # TODO deprecated, use cidr_blocks instead 39 39 - compartment_id = var.compartment_id 40 40 - } 41 41 - 42 42 - resource "oci_core_security_list" "security_list" { 43 43 - compartment_id = var.compartment_id 44 44 - vcn_id = oci_core_vcn.vcn.id 45 45 - 46 46 - ingress_security_rules { 47 47 - description = "Wireguard" 48 48 - protocol = "17" # UDP 49 49 - source = "0.0.0.0/0" 50 50 - stateless = false 51 51 - 52 52 - udp_options { 53 53 - source_port_range { 54 54 - min = 1 55 55 - max = 65535 56 56 - } 57 57 - 58 58 - min = 51820 59 59 - max = 51820 60 60 - } 61 61 - } 62 62 - 63 63 - ingress_security_rules { 64 64 - description = "HTTP" 65 65 - protocol = "6" # TCP 66 66 - source = "0.0.0.0/0" 67 67 - stateless = false 68 68 - 69 69 - tcp_options { 70 70 - source_port_range { 71 71 - min = 1 72 72 - max = 65535 73 73 - } 74 74 - 75 75 - min = 80 76 76 - max = 80 77 77 - } 78 78 - } 79 79 - 80 80 - ingress_security_rules { 81 81 - description = "HTTPS" 82 82 - protocol = "6" # TCP 83 83 - source = "0.0.0.0/0" 84 84 - stateless = false 85 85 - 86 86 - tcp_options { 87 87 - source_port_range { 88 88 - min = 1 89 89 - max = 65535 90 90 - } 91 91 - 92 92 - min = 443 93 93 - max = 443 94 94 - } 95 95 - } 96 96 - } 97 97 - 98 98 - resource "oci_core_subnet" "subnet" { 99 99 - cidr_block = var.subnet_cidr_block 100 100 - compartment_id = var.compartment_id 101 101 - route_table_id = oci_core_vcn.vcn.default_route_table_id 102 102 - vcn_id = oci_core_vcn.vcn.id 103 103 - 104 104 - security_list_ids = [ 105 105 - oci_core_vcn.vcn.default_security_list_id, 106 106 - oci_core_security_list.security_list.id 107 107 - ] 108 108 - } 109 109 - 110 110 - resource "oci_core_internet_gateway" "internet_gateway" { 111 111 - compartment_id = var.compartment_id 112 112 - vcn_id = oci_core_vcn.vcn.id 113 113 - } 114 114 - 115 115 - resource "oci_core_default_route_table" "default_route_table" { 116 116 - route_rules { 117 117 - destination = "0.0.0.0/0" 118 118 - destination_type = "CIDR_BLOCK" 119 119 - network_entity_id = oci_core_internet_gateway.internet_gateway.id 120 120 - } 121 121 - manage_default_resource_id = oci_core_vcn.vcn.default_route_table_id 122 122 - }

+4 -6

infra/modules/virtual-machine/variables.tf

reviewed

··· 10 10 default = "ocid1.image.oc1.us-sanjose-1.aaaaaaaan4g4q527bljtyczck6xrsutbzps6h7mut2xcfhnbzw66sbbsvwoq" 11 11 } 12 12 13 13 - variable "vcn_cidr_blocks" { 14 14 - default = [ 15 15 - "10.0.0.0/16" 16 16 - ] 13 13 + variable "subnet_id" { 14 14 + description = "ID of the subnet for the virtual machine" 17 15 } 18 16 19 19 - variable "subnet_cidr_block" { 20 20 - default = "10.0.0.0/24" 17 17 + variable "ssh_public_key" { 18 18 + description = "SSH public key to add to all nodes" 21 19 }