diff --git a/oracle/Makefile b/oracle/Makefile index a978cac..19e0f24 100644 --- a/oracle/Makefile +++ b/oracle/Makefile @@ -37,12 +37,16 @@ create-templates: @yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json +create-controlplane-bootstrap: + talosctl --talosconfig _cfgs/talosconfig config endpoint ${ENDPOINT} + talosctl --talosconfig _cfgs/talosconfig --nodes 172.16.1.11 bootstrap + create-controlplane: ## Bootstrap controlplane node terraform apply -auto-approve -target=oci_core_instance.controlplane create-kubeconfig: ## Download kubeconfig - talosctl --talosconfig _cfgs/talosconfig --nodes ${ENDPOINT} kubeconfig . - kubectl --kubeconfig=kubeconfig config set clusters.talos-k8s-openstack.server https://${ENDPOINT}:6443 + talosctl --talosconfig _cfgs/talosconfig --nodes 172.16.1.11 kubeconfig . + kubectl --kubeconfig=kubeconfig config set clusters.talos-k8s-oracle.server https://${ENDPOINT}:6443 kubectl --kubeconfig=kubeconfig config set-context --current --namespace=kube-system create-deployments: diff --git a/oracle/README.md b/oracle/README.md index eb90e0d..072da44 100644 --- a/oracle/README.md +++ b/oracle/README.md @@ -65,7 +65,7 @@ make create-config create-templates ```tf controlplane = { - count = 1, + count = 1 type = "VM.Standard.E4.Flex" ocpus = 1 memgb = 4 diff --git a/oracle/images/README.md b/oracle/images/README.md new file mode 100644 index 0000000..0743a5f --- /dev/null +++ b/oracle/images/README.md @@ -0,0 +1,16 @@ +# Upload images + +Create the config file **terraform.tfvars** and add params. + +```hcl +# Body of terraform.tfvars +``` + +```shell +wget https://github.com/siderolabs/talos/releases/download/v1.3.0/oracle-amd64.qcow2.xz +wget https://github.com/siderolabs/talos/releases/download/v1.3.0/oracle-arm64.qcow2.xz +xz -d oracle-amd64.qcow2.xz +xz -d oracle-arm64.qcow2.xz + +terraform init && terraform apply -auto-approve +``` diff --git a/oracle/images/auth.tf b/oracle/images/auth.tf index 1f2262d..7963a50 100644 --- a/oracle/images/auth.tf +++ b/oracle/images/auth.tf @@ -1,7 +1,7 @@ -# openssl genrsa -out ~/.oci/oci_api_key.pem 2048 -# chmod go-rwx ~/.oci/oci_api_key.pem -# openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem +# openssl genrsa -out ~/.oci/oci_main_terraform.pem 2048 +# chmod go-rwx ~/.oci/oci_main_terraform.pem +# openssl rsa -pubout -in ~/.oci/oci_main_terraform.pem -out ~/.oci/oci_main_terraform_public.pem provider "oci" { tenancy_ocid = var.tenancy_ocid diff --git a/oracle/images/bucket.tf b/oracle/images/bucket.tf index 2d80551..7106288 100644 --- a/oracle/images/bucket.tf +++ b/oracle/images/bucket.tf @@ -6,7 +6,8 @@ resource "random_id" "backet" { resource "oci_objectstorage_bucket" "images" { compartment_id = var.compartment_ocid namespace = data.oci_objectstorage_namespace.ns.namespace - name = "talos-images-${random_id.backet.hex}" + name = "images-${random_id.backet.hex}" access_type = "NoPublicAccess" auto_tiering = "Disabled" + versioning = "Enabled" } diff --git a/oracle/images/images.tf b/oracle/images/images.tf index 2215ec0..9ebecca 100644 --- a/oracle/images/images.tf +++ b/oracle/images/images.tf @@ -28,7 +28,7 @@ resource "oci_core_image" "talos_amd64" { object_name = oci_objectstorage_object.talos_amd64.object operating_system = "Talos" - operating_system_version = "0.15.0" + operating_system_version = "1.3.0" source_image_type = "QCOW2" } @@ -50,7 +50,7 @@ resource "oci_core_image" "talos_arm64" { object_name = oci_objectstorage_object.talos_arm64.object operating_system = "Talos" - operating_system_version = "0.15.0" + operating_system_version = "1.3.0" source_image_type = "QCOW2" } diff --git a/oracle/images/variables.tf b/oracle/images/variables.tf index 0b4194a..16e5e83 100644 --- a/oracle/images/variables.tf +++ b/oracle/images/variables.tf @@ -4,7 +4,7 @@ variable "tenancy_ocid" {} variable "user_ocid" {} variable "fingerprint" {} variable "key_file" { - default = "~/.oci/oci_main_terraform_public.pem" + default = "~/.oci/oci_main_terraform.pem" } variable "region" { diff --git a/oracle/images/versions.tf b/oracle/images/versions.tf index 28e9040..391630d 100644 --- a/oracle/images/versions.tf +++ b/oracle/images/versions.tf @@ -3,7 +3,8 @@ terraform { required_providers { oci = { source = "hashicorp/oci" - version = "4.61.0" + version = "4.102.0" } } + required_version = ">= 1.2" } diff --git a/oracle/init/versions.tf b/oracle/init/versions.tf index 28e9040..391630d 100644 --- a/oracle/init/versions.tf +++ b/oracle/init/versions.tf @@ -3,7 +3,8 @@ terraform { required_providers { oci = { source = "hashicorp/oci" - version = "4.61.0" + version = "4.102.0" } } + required_version = ">= 1.2" } diff --git a/oracle/instances-controlplane.tf b/oracle/instances-controlplane.tf index e6154e4..589b57c 100644 --- a/oracle/instances-controlplane.tf +++ b/oracle/instances-controlplane.tf @@ -83,7 +83,8 @@ resource "oci_core_instance" "contolplane" { shape_config, defined_tags, create_vnic_details["defined_tags"], - launch_options["is_pv_encryption_in_transit_enabled"] + launch_options["is_pv_encryption_in_transit_enabled"], + metadata ] } } diff --git a/oracle/instances-web.tf b/oracle/instances-web.tf index 275ff20..d034c28 100644 --- a/oracle/instances-web.tf +++ b/oracle/instances-web.tf @@ -16,13 +16,13 @@ resource "oci_core_instance_pool" "web" { load_balancers { backend_set_name = oci_load_balancer_backend_set.web.name - load_balancer_id = oci_load_balancer.web.id + load_balancer_id = oci_load_balancer_load_balancer.web.id port = 80 vnic_selection = "primaryvnic" } load_balancers { backend_set_name = oci_load_balancer_backend_set.webs.name - load_balancer_id = oci_load_balancer.web.id + load_balancer_id = oci_load_balancer_load_balancer.web.id port = 443 vnic_selection = "primaryvnic" } @@ -37,7 +37,7 @@ resource "oci_core_instance_pool" "web" { } locals { - web_labels = "topology.kubernetes.io/region=${var.region},project.io/node-pool=web" + web_labels = "project.io/node-pool=web" } resource "oci_core_instance_configuration" "web" { @@ -68,7 +68,7 @@ resource "oci_core_instance_configuration" "web" { lbv4 = local.lbv4_local clusterDns = cidrhost(split(",", var.kubernetes["serviceSubnets"])[0], 10) nodeSubnets = local.network_public[each.key].cidr_block - labels = "${local.web_labels},topology.kubernetes.io/zone=${split(":", each.key)[1]}" + labels = local.web_labels }) )) } diff --git a/oracle/network-lb-l7.tf b/oracle/network-lb-l7.tf index 38390c4..795b0f1 100644 --- a/oracle/network-lb-l7.tf +++ b/oracle/network-lb-l7.tf @@ -1,17 +1,19 @@ -resource "oci_load_balancer" "web" { - compartment_id = var.compartment_ocid - display_name = "${local.project}-web-lb-l7" - defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) - shape = "flexible" +resource "oci_load_balancer_load_balancer" "web" { + compartment_id = var.compartment_ocid + display_name = "${local.project}-web-lb-l7" + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) + subnet_ids = [local.network_lb.id] + network_security_group_ids = [local.nsg_web] + + is_private = false + + shape = "flexible" shape_details { maximum_bandwidth_in_mbps = 10 minimum_bandwidth_in_mbps = 10 } - subnet_ids = [local.network_lb.id] - network_security_group_ids = [local.nsg_web] - lifecycle { ignore_changes = [ defined_tags, @@ -20,7 +22,7 @@ resource "oci_load_balancer" "web" { } resource "oci_load_balancer_listener" "web_http" { - load_balancer_id = oci_load_balancer.web.id + load_balancer_id = oci_load_balancer_load_balancer.web.id name = "${local.project}-web-http" default_backend_set_name = oci_load_balancer_backend_set.web.name port = 80 @@ -28,7 +30,7 @@ resource "oci_load_balancer_listener" "web_http" { } resource "oci_load_balancer_listener" "web_https" { - load_balancer_id = oci_load_balancer.web.id + load_balancer_id = oci_load_balancer_load_balancer.web.id name = "${local.project}-web-https" default_backend_set_name = oci_load_balancer_backend_set.webs.name port = 443 @@ -37,7 +39,7 @@ resource "oci_load_balancer_listener" "web_https" { resource "oci_load_balancer_backend_set" "web" { name = "${local.project}-web-lb-l7" - load_balancer_id = oci_load_balancer.web.id + load_balancer_id = oci_load_balancer_load_balancer.web.id policy = "ROUND_ROBIN" health_checker { @@ -51,7 +53,7 @@ resource "oci_load_balancer_backend_set" "web" { resource "oci_load_balancer_backend_set" "webs" { name = "${local.project}-webs-lb-l7" - load_balancer_id = oci_load_balancer.web.id + load_balancer_id = oci_load_balancer_load_balancer.web.id policy = "ROUND_ROBIN" health_checker { diff --git a/oracle/network-lb.tf b/oracle/network-lb.tf index b61fdcb..e8b8563 100644 --- a/oracle/network-lb.tf +++ b/oracle/network-lb.tf @@ -5,7 +5,7 @@ locals { lbv4_local = local.lbv4_enable ? [for ip in oci_network_load_balancer_network_load_balancer.contolplane[0].ip_addresses : ip.ip_address if !ip.is_public][0] : cidrhost(local.network_public[0].cidr_block, 11) lbv4_web_enable = false - lbv4_web = local.lbv4_web_enable ? [for ip in oci_network_load_balancer_network_load_balancer.web[0].ip_addresses : ip.ip_address if ip.is_public][0] : oci_load_balancer.web.ip_addresses[0] + lbv4_web = local.lbv4_web_enable ? [for ip in oci_network_load_balancer_network_load_balancer.web[0].ip_addresses : ip.ip_address if ip.is_public][0] : oci_load_balancer_load_balancer.web.ip_address_details[0].ip_address } resource "oci_dns_rrset" "lbv4_local" { @@ -69,7 +69,7 @@ resource "oci_network_load_balancer_backend_set" "contolplane" { protocol = "HTTPS" port = 6443 url_path = "/readyz" - return_code = 200 + return_code = 401 interval_in_millis = 15000 } } diff --git a/oracle/prepare/variables.tf b/oracle/prepare/variables.tf index 31f67bb..42cff4c 100644 --- a/oracle/prepare/variables.tf +++ b/oracle/prepare/variables.tf @@ -4,7 +4,7 @@ variable "tenancy_ocid" {} variable "user_ocid" {} variable "fingerprint" {} variable "key_file" { - default = "~/.oci/oci_main_terraform_public.pem" + default = "~/.oci/oci_main_terraform.pem" } variable "project" { diff --git a/oracle/prepare/versions.tf b/oracle/prepare/versions.tf index 28e9040..391630d 100644 --- a/oracle/prepare/versions.tf +++ b/oracle/prepare/versions.tf @@ -3,7 +3,8 @@ terraform { required_providers { oci = { source = "hashicorp/oci" - version = "4.61.0" + version = "4.102.0" } } + required_version = ">= 1.2" } diff --git a/oracle/templates/controlplane.yaml.tpl b/oracle/templates/controlplane.yaml.tpl index 837e8cd..cd8b998 100644 --- a/oracle/templates/controlplane.yaml.tpl +++ b/oracle/templates/controlplane.yaml.tpl @@ -30,7 +30,7 @@ machine: addresses: - 169.254.2.53/32 extraHostEntries: - - ip: ${ipv4_local_vip} + - ip: ${lbv4_local} aliases: - ${apiDomain} install: @@ -59,7 +59,7 @@ cluster: id: ${clusterID} secret: ${clusterSecret} controlPlane: - endpoint: https://${lbv4_local}:6443 + endpoint: https://${apiDomain}:6443 clusterName: ${clusterName} discovery: enabled: true @@ -106,9 +106,9 @@ cluster: scheduler: {} etcd: advertisedSubnets: - - ${nodeSubnets[0]} + - ${nodeSubnets} listenSubnets: - - ${nodeSubnets[0]} + - ${nodeSubnets} inlineManifests: - name: cloud-provider.yaml contents: |- @@ -128,5 +128,6 @@ cluster: - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/kubelet-serving-cert-approver.yaml - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/metrics-server.yaml - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/local-path-storage.yaml + - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/coredns-local.yaml - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/ingress-ns.yaml - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/ingress_result.yaml diff --git a/oracle/variables.tf b/oracle/variables.tf index b5bf492..7ecbf8d 100644 --- a/oracle/variables.tf +++ b/oracle/variables.tf @@ -4,7 +4,7 @@ variable "tenancy_ocid" {} variable "user_ocid" {} variable "fingerprint" {} variable "key_file" { - default = "~/.oci/oci_public.pem" + default = "~/.oci/oci_main_terraform.pem" } variable "project" { @@ -57,6 +57,7 @@ variable "kubernetes" { default = { podSubnets = "10.32.0.0/12,fd40:10:32::/102" serviceSubnets = "10.200.0.0/22,fd40:10:200::/112" + nodeSubnets = "192.168.0.0/16" domain = "cluster.local" apiDomain = "api.cluster.local" clusterName = "talos-k8s-oracle" @@ -75,9 +76,9 @@ variable "controlplane" { type = map(any) default = { count = 0, - type = "VM.Standard.E4.Flex" - ocpus = 1 - memgb = 3 + type = "VM.Standard.A1.Flex" + ocpus = 2 + memgb = 8 } } diff --git a/oracle/versions.tf b/oracle/versions.tf index aba1c2b..391630d 100644 --- a/oracle/versions.tf +++ b/oracle/versions.tf @@ -2,8 +2,9 @@ terraform { required_providers { oci = { - source = "oracle/oci" - version = "4.73.0" + source = "hashicorp/oci" + version = "4.102.0" } } + required_version = ">= 1.2" }