-
Notifications
You must be signed in to change notification settings - Fork 17
/
main.tf
173 lines (160 loc) · 8.17 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
# Copyright (c) 2023 Oracle Corporation and/or affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
resource "null_resource" "variable_validation" {
lifecycle {
postcondition {
condition = (contains(local.provision_modes_values_list, var.provision_mode))
error_message = "Invalid provision mode: ${var.provision_mode}. Valid provision modes are: ${join(", ", local.provision_modes_values_list)}"
}
postcondition {
condition = (!var.deploy_networking || var.enable_bastion)
error_message = "enable_bastion must be true if deploy_networking is true"
}
postcondition {
condition = (!var.enable_bastion || (var.enable_bastion && var.bastion_private_key_path != ""))
error_message = "bastion_private_key_path must be set if enable_bastion is true"
}
}
}
data "external" "ocne_config" {
program = ["sh", "${path.module}/modules/ocne-provision/files/config-read.sh"]
query = {
path = var.config_file_path
ov = var.ocne_version
en = var.environment_name
kn = var.kubernetes_name
}
}
resource "null_resource" "ocne_config_validation" {
depends_on = [data.external.ocne_config]
lifecycle {
postcondition {
condition = (length(data.external.ocne_config.result.error) == 0)
error_message = data.external.ocne_config.result.error
}
}
}
module "oci-ocne-network" {
source = "./modules/oci-ocne-network"
count = (var.deploy_networking && var.enable_bastion) || var.enable_bastion ? 1 : 0
compartment_id = var.compartment_id
ssh_public_key_path = var.ssh_public_key_path
prefix = var.prefix
deploy_networking = var.deploy_networking
enable_bastion = var.enable_bastion
vcn_id = var.vcn_id
ig_route_id = var.ig_route_id
nat_route_id = var.nat_route_id
freeform_tags = var.freeform_tags
}
module "bastion" {
source = "./modules/terraform-oci-bastion"
count = var.enable_bastion ? 1 : 0
bastion_shape = var.bastion_shape
tenancy_id = var.tenancy_id
compartment_id = var.compartment_id
ig_route_id = var.deploy_networking ? module.oci-ocne-network[0].ig_route_id : var.ig_route_id
vcn_id = var.deploy_networking ? module.oci-ocne-network[0].vcn_id : var.vcn_id
prefix = var.prefix
ssh_public_key_path = var.ssh_public_key_path
enable_notification = var.enable_notification
freeform_tags = var.freeform_tags
}
module "infrastructure" {
depends_on = [null_resource.variable_validation]
source = "./modules/terraform-oci-ocne-infrastructure"
availability_domain_id = var.availability_domain_id
compartment_id = var.compartment_id
prefix = var.prefix
subnet_id = var.deploy_networking ? module.oci-ocne-network[0].private_subnet_id.*.id[0] : var.subnet_id
instance_shape = var.instance_shape
image_ocid = var.image_ocid
os_version = var.os_version
kernel_version = var.kernel_version
load_balancer_shape = var.load_balancer_shape
ssh_public_key_path = var.ssh_public_key_path
ssh_private_key_path = var.ssh_private_key_path
control_plane_node_count = var.control_plane_node_count
worker_node_count = var.worker_node_count
standalone_api_server = var.standalone_api_server
yum_repo_url = var.yum_repo_url
ocne_version = data.external.ocne_config.result.version
enable_bastion = var.enable_bastion
bastion_public_ip = var.enable_bastion ? module.bastion[0].bastion_public_ip : var.bastion_public_ip
bastion_user = var.bastion_user
bastion_private_key_path = var.enable_bastion || var.bastion_public_ip != "" ? var.bastion_private_key_path : ""
compute_user = var.compute_user
freeform_tags = var.freeform_tags
virtual_ip = var.virtual_ip
}
module "vault" {
source = "./modules/terraform-oci-vault"
count = var.use_vault ? 1 : 0
user_id = var.user_id
region = var.region
tenancy_id = var.tenancy_id
fingerprint = var.fingerprint
api_private_key_path = var.api_private_key_path
private_key_password = var.private_key_password
availability_domain_id = var.availability_domain_id
compartment_id = var.compartment_id
prefix = "${var.prefix}-vault"
subnet_id = var.deploy_networking ? module.oci-ocne-network[0].private_subnet_id.*.id[0] : var.subnet_id
instance_shape = var.instance_shape
ssh_public_key_path = var.ssh_public_key_path
ssh_private_key_path = var.ssh_private_key_path
load_balancer_port = "8200"
proxy = var.proxy
vault_ocid = var.vault_ocid
key_ocid = var.key_ocid
vault_namespace = var.vault_namespace
load_balancer_ocid = module.infrastructure.load_balancer_ocid
create_load_balancer = false
load_balancer_ip = module.infrastructure.load_balancer_ip
pool_size = var.vault_pool_size
secret_name = local.secret_name
ocne_secret_name = local.ocne_secret_name
load_balancer_shape = var.load_balancer_shape
enable_bastion = var.enable_bastion
bastion_public_ip = var.enable_bastion ? module.bastion[0].bastion_public_ip : var.bastion_public_ip
bastion_user = var.bastion_user
bastion_private_key_path = var.enable_bastion || var.bastion_public_ip != "" ? var.bastion_private_key_path : ""
compute_user = var.compute_user
freeform_tags = var.freeform_tags
}
module "ocne-provision" {
depends_on = [module.infrastructure]
source = "./modules/ocne-provision"
count = var.provision_mode == lookup(local.provision_modes_map, "provision_mode_ocne", "") ? 1 : 0
ssh_public_key_path = var.ssh_public_key_path
ssh_private_key_path = var.ssh_private_key_path
os_version = var.os_version
proxy = var.proxy
no_proxy = var.no_proxy
use_vault = var.use_vault
control_plane_node_count = var.control_plane_node_count
worker_node_count = var.worker_node_count
control_plane_nodes = module.infrastructure.control_plane_nodes
worker_nodes = module.infrastructure.worker_nodes
apiserver_ip = module.infrastructure.apiserver_ip
vault_uri = var.use_vault ? module.vault[0].uri : ""
ocne_version = data.external.ocne_config.result.version
environment_name = data.external.ocne_config.result.environment_name
kubernetes_name = data.external.ocne_config.result.kubernetes_name
kube_apiserver_port = var.kube_apiserver_port
kube_apiserver_ip = var.virtual_ip ? module.infrastructure.kube_apiserver_virtual_ip : module.infrastructure.load_balancer_ip
virtual_ip = var.virtual_ip
container_registry = var.container_registry
certificate_signing_token = var.use_vault ? module.vault[0].vault_ocne_client_token : ""
enable_bastion = var.enable_bastion
bastion_public_ip = var.enable_bastion ? module.bastion[0].bastion_public_ip : var.bastion_public_ip
bastion_user = var.bastion_user
bastion_private_key_path = var.enable_bastion || var.bastion_public_ip != "" ? var.bastion_private_key_path : ""
node_ocids = module.infrastructure.node_ocids
compute_user = var.compute_user
debug = var.debug
restrict_service_externalip_cidrs = var.restrict_service_externalip_cidrs
config_file_path = var.config_file_path
oci_api_key_path = data.external.ocne_config.result.oci_api_key_path
kubevirt_config = data.external.ocne_config.result.kubevirt_config
}