mirror of
https://github.com/optim-enterprises-bv/terraform-talos.git
synced 2025-11-01 10:48:36 +00:00
Private DNS
This commit is contained in:
Serge Logvinov
@@ -7,6 +7,7 @@ resource "oci_identity_policy" "terraform" {
|
|||||||
statements = [
|
statements = [
|
||||||
"Allow group ${oci_identity_group.terraform.name} to manage virtual-network-family in compartment ${oci_identity_compartment.project.name}",
|
"Allow group ${oci_identity_group.terraform.name} to manage virtual-network-family in compartment ${oci_identity_compartment.project.name}",
|
||||||
"Allow group ${oci_identity_group.terraform.name} to manage load-balancers in compartment ${oci_identity_compartment.project.name}",
|
"Allow group ${oci_identity_group.terraform.name} to manage load-balancers in compartment ${oci_identity_compartment.project.name}",
|
||||||
|
"Allow group ${oci_identity_group.terraform.name} to manage dns in compartment ${oci_identity_compartment.project.name}",
|
||||||
"Allow group ${oci_identity_group.terraform.name} to manage compute-management-family in compartment ${oci_identity_compartment.project.name}",
|
"Allow group ${oci_identity_group.terraform.name} to manage compute-management-family in compartment ${oci_identity_compartment.project.name}",
|
||||||
"Allow group ${oci_identity_group.terraform.name} to manage instances in compartment ${oci_identity_compartment.project.name}",
|
"Allow group ${oci_identity_group.terraform.name} to manage instances in compartment ${oci_identity_compartment.project.name}",
|
||||||
"Allow group ${oci_identity_group.terraform.name} to manage instance-family in compartment ${oci_identity_compartment.project.name}",
|
"Allow group ${oci_identity_group.terraform.name} to manage instance-family in compartment ${oci_identity_compartment.project.name}",
|
||||||
|
|||||||
@@ -2,12 +2,25 @@
|
|||||||
locals {
|
locals {
|
||||||
lbv4_enable = false
|
lbv4_enable = false
|
||||||
lbv4 = local.lbv4_enable ? [for ip in oci_network_load_balancer_network_load_balancer.contolplane[0].ip_addresses : ip.ip_address if ip.is_public][0] : "127.0.0.1"
|
lbv4 = local.lbv4_enable ? [for ip in oci_network_load_balancer_network_load_balancer.contolplane[0].ip_addresses : ip.ip_address if ip.is_public][0] : "127.0.0.1"
|
||||||
lbv4_local = local.lbv4_enable ? [for ip in oci_network_load_balancer_network_load_balancer.contolplane[0].ip_addresses : ip.ip_address if !ip.is_public][0] : "127.0.0.1"
|
lbv4_local = local.lbv4_enable ? [for ip in oci_network_load_balancer_network_load_balancer.contolplane[0].ip_addresses : ip.ip_address if !ip.is_public][0] : cidrhost(local.network_public[local.zone].cidr_block, 11)
|
||||||
|
|
||||||
lbv4_web_enable = false
|
lbv4_web_enable = false
|
||||||
lbv4_web = local.lbv4_web_enable ? [for ip in oci_network_load_balancer_network_load_balancer.web[0].ip_addresses : ip.ip_address if ip.is_public][0] : "127.0.0.1"
|
lbv4_web = local.lbv4_web_enable ? [for ip in oci_network_load_balancer_network_load_balancer.web[0].ip_addresses : ip.ip_address if ip.is_public][0] : "127.0.0.1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "oci_dns_rrset" "lbv4_local" {
|
||||||
|
zone_name_or_id = local.dns_zone_id
|
||||||
|
domain = var.kubernetes["apiDomain"]
|
||||||
|
rtype = "A"
|
||||||
|
|
||||||
|
items {
|
||||||
|
domain = var.kubernetes["apiDomain"]
|
||||||
|
rdata = local.lbv4_local
|
||||||
|
rtype = "A"
|
||||||
|
ttl = 3600
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
resource "oci_network_load_balancer_network_load_balancer" "contolplane" {
|
resource "oci_network_load_balancer_network_load_balancer" "contolplane" {
|
||||||
count = local.lbv4_enable ? 1 : 0
|
count = local.lbv4_enable ? 1 : 0
|
||||||
compartment_id = var.compartment_ocid
|
compartment_id = var.compartment_ocid
|
||||||
|
|||||||
17
oracle/prepare/network-dns.tf
Normal file
17
oracle/prepare/network-dns.tf
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
|
||||||
|
data "oci_core_vcn_dns_resolver_association" "main" {
|
||||||
|
vcn_id = oci_core_vcn.main.id
|
||||||
|
}
|
||||||
|
|
||||||
|
data "oci_dns_resolver" "main" {
|
||||||
|
resolver_id = data.oci_core_vcn_dns_resolver_association.main.dns_resolver_id
|
||||||
|
scope = "PRIVATE"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "oci_dns_zone" "cluster" {
|
||||||
|
compartment_id = var.compartment_ocid
|
||||||
|
name = var.kubernetes["domain"]
|
||||||
|
zone_type = "PRIMARY"
|
||||||
|
scope = "PRIVATE"
|
||||||
|
view_id = data.oci_dns_resolver.main.default_view_id
|
||||||
|
}
|
||||||
@@ -4,6 +4,7 @@ resource "oci_core_vcn" "main" {
|
|||||||
display_name = var.project
|
display_name = var.project
|
||||||
cidr_blocks = [var.vpc_main_cidr]
|
cidr_blocks = [var.vpc_main_cidr]
|
||||||
is_ipv6enabled = true
|
is_ipv6enabled = true
|
||||||
|
dns_label = var.project
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "oci_core_internet_gateway" "main" {
|
resource "oci_core_internet_gateway" "main" {
|
||||||
@@ -50,6 +51,7 @@ resource "oci_core_subnet" "regional_lb" {
|
|||||||
prohibit_public_ip_on_vnic = false
|
prohibit_public_ip_on_vnic = false
|
||||||
|
|
||||||
display_name = "${oci_core_vcn.main.display_name}-regional-lb"
|
display_name = "${oci_core_vcn.main.display_name}-regional-lb"
|
||||||
|
dns_label = "lb"
|
||||||
}
|
}
|
||||||
resource "oci_core_subnet" "regional" {
|
resource "oci_core_subnet" "regional" {
|
||||||
cidr_block = cidrsubnet(oci_core_vcn.main.cidr_block, 10, 1)
|
cidr_block = cidrsubnet(oci_core_vcn.main.cidr_block, 10, 1)
|
||||||
@@ -61,6 +63,7 @@ resource "oci_core_subnet" "regional" {
|
|||||||
prohibit_public_ip_on_vnic = false
|
prohibit_public_ip_on_vnic = false
|
||||||
|
|
||||||
display_name = "${oci_core_vcn.main.display_name}-regional"
|
display_name = "${oci_core_vcn.main.display_name}-regional"
|
||||||
|
dns_label = "regional"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "oci_core_subnet" "public" {
|
resource "oci_core_subnet" "public" {
|
||||||
@@ -76,6 +79,7 @@ resource "oci_core_subnet" "public" {
|
|||||||
availability_domain = each.key
|
availability_domain = each.key
|
||||||
|
|
||||||
display_name = "${oci_core_vcn.main.display_name}-public-zone-${each.value}"
|
display_name = "${oci_core_vcn.main.display_name}-public-zone-${each.value}"
|
||||||
|
dns_label = "public${each.value}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "oci_core_subnet" "private" {
|
resource "oci_core_subnet" "private" {
|
||||||
@@ -90,4 +94,5 @@ resource "oci_core_subnet" "private" {
|
|||||||
availability_domain = each.key
|
availability_domain = each.key
|
||||||
|
|
||||||
display_name = "${oci_core_vcn.main.display_name}-private-zone-${each.value}"
|
display_name = "${oci_core_vcn.main.display_name}-private-zone-${each.value}"
|
||||||
|
dns_label = "private${each.value}"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -14,6 +14,11 @@ output "zones" {
|
|||||||
value = local.zones
|
value = local.zones
|
||||||
}
|
}
|
||||||
|
|
||||||
|
output "dns_zone_id" {
|
||||||
|
description = "DNS zones id"
|
||||||
|
value = oci_dns_zone.cluster.id
|
||||||
|
}
|
||||||
|
|
||||||
output "network_nat" {
|
output "network_nat" {
|
||||||
description = "The nat IP"
|
description = "The nat IP"
|
||||||
value = oci_core_public_ip.nat.ip_address
|
value = oci_core_public_ip.nat.ip_address
|
||||||
|
|||||||
@@ -26,8 +26,9 @@ data "terraform_remote_state" "prepare" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
project = data.terraform_remote_state.prepare.outputs.project
|
project = data.terraform_remote_state.prepare.outputs.project
|
||||||
zone = data.terraform_remote_state.prepare.outputs.zones[0]
|
zone = data.terraform_remote_state.prepare.outputs.zones[0]
|
||||||
|
dns_zone_id = data.terraform_remote_state.prepare.outputs.dns_zone_id
|
||||||
|
|
||||||
network_lb = data.terraform_remote_state.prepare.outputs.network_lb
|
network_lb = data.terraform_remote_state.prepare.outputs.network_lb
|
||||||
network_public = data.terraform_remote_state.prepare.outputs.network_public
|
network_public = data.terraform_remote_state.prepare.outputs.network_public
|
||||||
|
|||||||
Reference in New Issue
Block a user