Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OKE Workload Extension #113

Open
wants to merge 56 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
56 commits
Select commit Hold shift + click to select a range
7317c45
add oke
hrvolapeter Nov 8, 2024
92d8a15
Update readme.md
paolajuarezgomez Nov 12, 2024
f589d56
Update README.md
paolajuarezgomez Nov 12, 2024
9cf00c8
Update README.md
paolajuarezgomez Nov 12, 2024
cd588d3
Delete workload-extensions/oke/1_foundation/identity.auto.tfvars.json
paolajuarezgomez Nov 12, 2024
949855d
Delete workload-extensions/oke/1_foundation/network.auto.tfvars.json
paolajuarezgomez Nov 12, 2024
2dda63e
Update README.md
paolajuarezgomez Nov 12, 2024
de67ab7
Update README.md
paolajuarezgomez Nov 12, 2024
84cb06b
Update README.md
paolajuarezgomez Nov 12, 2024
d19a25a
Update README.md
paolajuarezgomez Nov 12, 2024
61bf05c
Add files via upload
paolajuarezgomez Nov 12, 2024
9457db9
Update README.md
paolajuarezgomez Nov 12, 2024
4b74dca
Update README.md
paolajuarezgomez Nov 12, 2024
73a3dd0
minor updates
paolajuarezgomez Nov 12, 2024
3b6f88d
add iam one-oe
paolajuarezgomez Nov 12, 2024
53309f9
add Nat gateways and minor changes
paolajuarezgomez Nov 13, 2024
6ce68f9
add changes
paolajuarezgomez Nov 13, 2024
0cfc109
update network diagram
paolajuarezgomez Nov 13, 2024
7f956bf
minor changes
paolajuarezgomez Nov 13, 2024
5ae2737
Update readme.md
paolajuarezgomez Nov 14, 2024
f42098c
Update readme.md
paolajuarezgomez Nov 14, 2024
19a8ffe
Update readme.md
paolajuarezgomez Nov 14, 2024
256b452
Update README.md
paolajuarezgomez Nov 14, 2024
5096533
Update README.md
paolajuarezgomez Nov 14, 2024
de1739f
add routing post operation
paolajuarezgomez Nov 15, 2024
de065e5
Update readme.md
paolajuarezgomez Nov 15, 2024
02e416b
Update readme.md
paolajuarezgomez Nov 15, 2024
3f2459b
Update oke.tf
paolajuarezgomez Nov 20, 2024
4d30f96
Update readme.md
paolajuarezgomez Nov 20, 2024
42efff6
Update readme.md
paolajuarezgomez Nov 20, 2024
37e482d
update oke json files
paolajuarezgomez Dec 13, 2024
2e03ac2
update readme
paolajuarezgomez Dec 30, 2024
745d052
update readme
paolajuarezgomez Dec 30, 2024
a825f9f
add magic button
paolajuarezgomez Dec 30, 2024
cf630a4
minor updates
paolajuarezgomez Dec 30, 2024
886b9c7
ORM steps
paolajuarezgomez Dec 30, 2024
6437dd9
add ORM Deployment page
paolajuarezgomez Dec 30, 2024
671a471
add orm changes
paolajuarezgomez Dec 30, 2024
ec4612b
minor changes
paolajuarezgomez Dec 30, 2024
9848dc4
update changes
paolajuarezgomez Dec 30, 2024
873059b
update json files
paolajuarezgomez Dec 30, 2024
a1af53b
update network.json
paolajuarezgomez Dec 30, 2024
608914c
update lz ext page
paolajuarezgomez Dec 31, 2024
9cfe3f8
add post updates steps
paolajuarezgomez Jan 2, 2025
494cd05
update diagrams
paolajuarezgomez Jan 2, 2025
cd84993
update links
paolajuarezgomez Jan 2, 2025
66286d6
minor changes
paolajuarezgomez Jan 2, 2025
21631a8
minor updates
paolajuarezgomez Jan 2, 2025
c47625d
minor updates
paolajuarezgomez Jan 2, 2025
3902b7a
add subnetting asset
paolajuarezgomez Jan 3, 2025
1bede94
multi-stack
hrvolapeter Jan 8, 2025
1b16104
single-stack
hrvolapeter Jan 8, 2025
2c8c1c2
single-stack
hrvolapeter Jan 8, 2025
0642cfc
minor updates diagramas
paolajuarezgomez Jan 10, 2025
fe844c4
minor updates
paolajuarezgomez Jan 10, 2025
ef6fe1d
update step 2
paolajuarezgomez Jan 23, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
add oke
Co-authored-by: Paola Juárez Gómez  <[email protected]>
  • Loading branch information
hrvolapeter and paolajuarezgomez committed Nov 11, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 7317c45ce92ecfbfc090f7ee5dfb7f8b3d116dc7
1 change: 1 addition & 0 deletions CODEOWNERS
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
/workload-extensions/ocvs/ @hrvolapeter
/workload-extensions/ebs/ @rphibbert
/workload-extensions/oke/ @paolajuarezgomez
/addons/oci-hub-models/ @vavardan
/addons/oci-sovereign-controls/ @vavardan @hrvolapeter @paolajuarezgomez
Binary file added commons/images/icon_oke.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
334 changes: 334 additions & 0 deletions workload-extensions/oke/1_foundation/README.md

Large diffs are not rendered by default.

196 changes: 196 additions & 0 deletions workload-extensions/oke/1_foundation/identity.auto.tfvars.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
{
"compartments_configuration": {
"enable_delete": "true",
"compartments": {
"CMP-LZP-PLATFORM-PROD-KEY": {
"name": "cmp-lzp-p-platform-oke",
"description": "Platform compartment for oke Prod related resources",
"parent_id": "CMP-LZP-P-PLATFORM-KEY",
"defined_tags": null,
"freeform_tags": null
},
"CMP-LZP-PLATFORM-PP-KEY": {
"name": "cmp-lzp-pp-platform-oke",
"description": "Platform compartment for oke Dev related resources",
"parent_id": "CMP-LZP-PP-PLATFORM-KEY",
"defined_tags": null,
"freeform_tags": null
},
"CMP-LZP-PLATFORM-MGT-KEY": {
"name": "cmp-lzp-m-platform-oke",
"description": "Platform compartment for shared oke mgt related resources",
"parent_id": "CMP-LZP-PLATFORM-KEY",
"defined_tags": null,
"freeform_tags": null
}
}
},
"groups_configuration": {
"default_defined_tags": null,
"default_freeform_tags": null,
"groups": {
"grp-lzp-p-platform-oke-admins": {
"name": "grp-lzp-p-platform-oke-admins",
"description": "Group responsible for administrating oke dev cluster"
},
"grp-lzp-p-platform-oke-viewer-role": {
"name": "grp-lzp-p-platform-oke-viewer-role",
"description": "OKE viewer role group"
},
"grp-lzp-p-platform-oke-admin-role": {
"name": "grp-lzp-p-platform-oke-admin-role",
"description": "OKE admin role group"
},
"grp-lzp-pp-platform-oke-admins": {
"name": "grp-lzn-pp-platform-oke-admins",
"description": "Group responsible for administrating oke dev cluster"
},
"grp-lzp-p-platform-oke-viewer-role": {
"name": "grp-lzp-p-platform-oke-viewer-role",
"description": "Group for prod rbal viewer role"
},
"grp-lzp-p-platform-oke-admin-role": {
"name": "grp-lzp-p-platform-oke-admin-role",
"description": "Group for prod rbal admin role"
},
"grp-lzp-pp-platform-oke-viewer-role": {
"name": "grp-lzp-pp-platform-oke-viewer-role",
"description": "Group for dev rbal viewer role"
},
"grp-lzp-pp-platform-oke-admin-role": {
"name": "grp-lzp-pp-platform-oke-admin-role",
"description": "Group for dev rbal admin role"
},
"grp-lzp-m-platform-oke-admins": {
"name": "grp-lzp-m-platform-oke-admins",
"description": "Group responsible for administrating oke mgt cluster"
}
}
},
"dynamic_groups_configuration": {
"default_defined_tags": null,
"default_freeform_tags": null,
"dynamic_groups": {
"DG-LZP-SEC-FUN": {
"name": "dg-lzp-sec-fun-dynamic-group",
"description": "dynamic group for security functions execution.",
"matching_rule": "ALL {resource.type = 'fnfun', resource.compartment.id = 'CMP-LZP-SECURITY-KEY'}"
},
"DG-LZP-PLATFORM-OKE-PROD": {
"name": "dg-lzp-p-platform-oke",
"description": "dynamic group authenticated all instance in Prod OKE cluster with OCI through InstancePrincipal.",
"matching_rule": "ALL {instance.compartment.id = 'CMP-LZP-PLATFORM-PROD-KEY'}"
}
}
},
"policies_configuration": {
"supplied_policies": {
"PCY-ROOT-OKE-ADMINS": {
"name": "pcy-root-oke-hybrid",
"description": "policy needed to use the OCI VCN-Native Pod Networking CNI plugin on top a LZ deployment, where a cluster's related resources are in a different compartment to the cluster itself",
"compartment_id": "TENANCY-ROOT",
"statements": [
"allow any-user to manage instances in tenancy where all { request.principal.type = 'cluster'}",
"allow any-user to use private-ips in tenancy where all { request.principal.type = 'cluster'}",
"allow any-user to use network-security-groups in tenancy where all { request.principal.type = 'cluster'}"
]
},
"PCY-P-OKE-SECRETS": {
"name": "pcy-root-oke-secrets",
"description": "policy to allow applications running on the cluster to be authenticated with OCI through InstancePrincipal ",
"compartment_id": "TENANCY-ROOT",
"statements": [
"allow dynamic-group dg-lzp-prod-platform-oke to use secret-family in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-security"
]
},
"PCY-P-PLATFORM-OKE-ADMINS": {
"name": "pcy-p-platform-oke-admins",
"description": "policy for grp-p-platform-oke-admins",
"compartment_id": "TENANCY-ROOT",
"statements": [
"Allow group grp-lzp-p-platform-oke-admins to read all-resources in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-platform:cmp-lzp-p-platform-oke",
"Allow group grp-lzp-p-platform-oke-admins to manage cluster-family in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-platform:cmp-lzp-p-platform-oke",
"Allow group grp-lzp-p-platform-oke-admins to manage instance-family in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-platform:cmp-lzp-p-platform-oke",
"Allow group grp-lzp-p-platform-oke-admins to use vnics in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-platform:cmp-lzp-p-platform-oke",
"Allow group grp-lzp-p-platform-oke-admins to inspect compartments in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-platform:cmp-lzp-p-platform-oke",
"Allow group grp-lzp-p-platform-oke-admins to read virtual-network-family in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-network",
"Allow group grp-lzp-p-platform-oke-admins to use subnets in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-network",
"Allow group grp-lzp-p-platform-oke-admins to use network-security-groups in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-network",
"Allow group grp-lzp-p-platform-oke-admins to use vnics in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-network",
"Allow group grp-lzp-p-platform-oke-admins to manage private-ips in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-network",
"Allow group grp-lzp-p-platform-oke-admins to read metrics in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-platform:cmp-lzp-p-platform-oke"

]
},
"PCY-PP-PLATFORM-OKE-ADMINS": {
"name": "pcy-pp-platform-oke-admins",
"description": "policy for grp-pp-platform-oke-admins",
"compartment_id": "TENANCY-ROOT",
"statements": [
"Allow group grp-lzp-pp-platform-oke-admins to read all-resources in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-platform:cmp-lzp-pp-platform-oke",
"Allow group grp-lzp-pp-platform-oke-admins to manage cluster-family in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-platform:cmp-lzp-pp-platform-oke",
"Allow group grp-lzp-pp-platform-oke-admins to manage instance-family in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-platform:cmp-lzp-pp-platform-oke",
"Allow group grp-lzp-p-platform-oke-admins to use vnics in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-platform:cmp-lzp-pp-platform-oke",
"Allow group grp-lzp-pp-platform-oke-admins to inspect compartments in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-platform:cmp-lzp-pp-platform-oke",
"Allow group grp-lzp-pp-platform-oke-admins to read virtual-network-family in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-network",
"Allow group grp-lzp-pp-platform-oke-admins to use subnets in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-network",
"Allow group grp-lzp-pp-platform-oke-admins to use network-security-groups in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-network",
"Allow group grp-lzp-pp-platform-oke-admins to use vnics in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-network",
"Allow group grp-lzp-pp-platform-oke-admins to manage private-ips in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-network",
"Allow group grp-lzp-pp-platform-oke-admins to read metrics in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-platform:cmp-lzp-pp-platform-oke"

]
},
"PCY-M-PLATFORM-OKE-ADMINS": {
"name": "pcy-m-platform-oke-admins",
"description": "policy for grp-m-platform-oke-admins",
"compartment_id": "TENANCY-ROOT",
"statements": [
"Allow group grp-lzp-m-platform-oke-admins to read all-resources in compartment cmp-landingzone-p:cmp-lzp-platform:cmp-lzp-m-platform-oke",
"Allow group grp-lzp-m-platform-oke-admins to manage cluster-family in compartment cmp-landingzone-p:cmp-lzp-platform:cmp-lzp-m-platform-oke",
"Allow group grp-lzp-m-platform-oke-admins to manage instance-family in compartment cmp-landingzone-p:cmp-lzp-platform:cmp-lzp-m-platform-oke",
"Allow group grp-lzp-p-platform-oke-admins to use vnics in compartment cmp-landingzone-p:cmp-lzp-platform:cmp-lzp-m-platform-oke",
"Allow group grp-lzp-m-platform-oke-admins to inspect compartments in compartment cmp-landingzone-p:cmp-lzp-platform:cmp-lzp-m-platform-oke",
"Allow group grp-lzp-m-platform-oke-admins to read virtual-network-family in compartment cmp-landingzone-p:cmp-lzp-network",
"Allow group grp-lzp-m-platform-oke-admins to use subnets in compartment cmp-landingzone-p:cmp-lzp-network",
"Allow group grp-lzp-m-platform-oke-admins to use network-security-groups in compartment cmp-landingzone-p:cmp-lzp-network",
"Allow group grp-lzp-m-platform-oke-admins to use vnics in compartment cmp-landingzone-p:cmp-lzp-network",
"Allow group grp-lzp-m-platform-oke-admins to manage private-ips in compartment cmp-landingzone-p:cmp-lzp-network",
"Allow group grp-lzp-m-platform-oke-admins to read metrics in compartment cmp-landingzone-p:cmp-lzp-platform:cmp-lzp-m-platform-oke"
]
},
"PCY-P-PLATFORM-OKE-RBAC-ADMIN-ROLE": {
"name": "pcy-p-platform-oke-rbac-admin-roles",
"description": "policy for grp-lzp-p-platform-oke-admin-role",
"compartment_id": "TENANCY-ROOT",
"statements": [
"Allow group grp-lzp-p-platform-oke-admin-role to use cluster in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-platform:cmp-lzp-p-platform-oke"
]
},
"PCY-P-PLATFORM-OKE-RBAC-VIEWER-ROLE": {
"name": "pcy-p-platform-oke-rbac-viewer-roles",
"description": "policy for grp-lzp-p-platform-oke-viewer-role",
"compartment_id": "TENANCY-ROOT",
"statements": [
"Allow group grp-lzp-p-platform-oke-viewer-role to use cluster in compartment cmp-landingzone-p:cmp-lzp-prod:cmp-lzp-p-platform:cmp-lzp-p-platform-oke"
]
},
"PCY-PP-PLATFORM-OKE-RBAC-ADMIN-ROLE": {
"name": "pcy-pp-platform-oke-rbac-admin-roles",
"description": "policy for grp-lzp-pp-platform-oke-admin-role",
"compartment_id": "TENANCY-ROOT",
"statements": [
"Allow group grp-lzp-p-platform-oke-admin-role to use cluster in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-platform:cmp-lzp-pp-platform-oke"
]
},
"PCY-PP-PLATFORM-OKE-RBAC-VIEWER-ROLE": {
"name": "pcy-pp-platform-oke-rbac-viewer-roles",
"description": "policy for grp-lzp-pp-platform-oke-viewer-role",
"compartment_id": "TENANCY-ROOT",
"statements": [
"Allow group grp-lzp-p-platform-oke-viewer-role to use cluster in compartment cmp-landingzone-p:cmp-lzp-dev:cmp-lzp-pp-platform:cmp-lzp-pp-platform-oke"
]
}
}
}
}
Loading