Add predefined tags

oracle/init/output.tf

@@ -13,3 +13,8 @@ output "key_file" {
   description = "key_file"
   value       = "~/.oci/oci_${var.project}_terraform.pem"
 }
+
+output "tags" {
+  description = "tags"
+  value       = [for tag, value in var.tags : "${oci_identity_tag_namespace.kubernetes.name}.${tag}"]
+}

oracle/init/policy.tf

@@ -5,6 +5,7 @@ resource "oci_identity_policy" "terraform" {
   compartment_id = oci_identity_compartment.project.id
 
   statements = [
+    "Allow group ${oci_identity_group.terraform.name} to use tag-namespaces in compartment ${oci_identity_compartment.project.name}",
     "Allow group ${oci_identity_group.terraform.name} to manage virtual-network-family in compartment ${oci_identity_compartment.project.name}",
     "Allow group ${oci_identity_group.terraform.name} to manage load-balancers in compartment ${oci_identity_compartment.project.name}",
     "Allow group ${oci_identity_group.terraform.name} to manage dns in compartment ${oci_identity_compartment.project.name}",

oracle/init/tags.tf

@@ -0,0 +1,13 @@
+
+resource "oci_identity_tag_namespace" "kubernetes" {
+  compartment_id = oci_identity_compartment.project.id
+  name           = "Kubernetes"
+  description    = "Default kubernetes infrastructure tags"
+}
+
+resource "oci_identity_tag" "tags" {
+  for_each         = var.tags
+  name             = each.key
+  description      = each.value
+  tag_namespace_id = oci_identity_tag_namespace.kubernetes.id
+}

oracle/init/variables.tf

@@ -12,3 +12,13 @@ variable "project" {
   type    = string
   default = "main"
 }
+
+variable "tags" {
+  description = "Defined Tags of resources"
+  type        = map(string)
+  default = {
+    "Environment" = "Resource environment"
+    "Role"        = "Kubernetes node role"
+    "Type"        = "Type of resource"
+  }
+}

oracle/init/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     oci = {
       source  = "hashicorp/oci"
-      version = "4.56.0"
+      version = "4.57.0"
     }
   }
 }

oracle/instances-controlplane.tf

@@ -19,6 +19,7 @@ resource "oci_core_instance" "contolplane" {
 
   compartment_id      = var.compartment_ocid
   display_name        = "${local.project}-contolplane-${count.index + 1}"
+  defined_tags        = merge(var.tags, { "Kubernetes.Type" = "infra", "Kubernetes.Role" = "contolplane" })
   availability_domain = local.zone
   fault_domain        = element(data.oci_identity_fault_domains.domains.fault_domains, count.index).name
 

oracle/instances-web.tf

@@ -5,6 +5,7 @@ resource "oci_core_instance_pool" "web" {
   size                      = lookup(var.instances[local.zone], "web_count", 0)
   state                     = "RUNNING"
   display_name              = "${var.project}-web"
+  defined_tags              = merge(var.tags, { "Kubernetes.Role" = "web" })
 
   placement_configurations {
     availability_domain = local.network_public[local.zone].availability_domain
@@ -34,6 +35,7 @@ locals {
 resource "oci_core_instance_configuration" "web" {
   compartment_id = var.compartment_ocid
   display_name   = "${var.project}-web"
+  defined_tags   = merge(var.tags, { "Kubernetes.Role" = "web" })
 
   instance_details {
     instance_type = "compute"
@@ -95,6 +97,9 @@ resource "oci_core_instance_configuration" "web" {
 
   lifecycle {
     create_before_destroy = "true"
+    ignore_changes = [
+      defined_tags
+    ]
   }
 }
 

oracle/network-lb-l7.tf

@@ -2,6 +2,7 @@
 resource "oci_load_balancer" "web" {
   compartment_id = var.compartment_ocid
   display_name   = "${local.project}-web-lb-l7"
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "infra" })
   shape          = "flexible"
   shape_details {
     maximum_bandwidth_in_mbps = 10
@@ -10,6 +11,12 @@ resource "oci_load_balancer" "web" {
 
   subnet_ids                 = [local.network_lb.id]
   network_security_group_ids = [local.nsg_web]
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags,
+    ]
+  }
 }
 
 resource "oci_load_balancer_listener" "web_http" {

oracle/network-lb.tf

@@ -25,11 +25,18 @@ resource "oci_network_load_balancer_network_load_balancer" "contolplane" {
   count                      = local.lbv4_enable ? 1 : 0
   compartment_id             = var.compartment_ocid
   display_name               = "${local.project}-contolplane-lb"
+  defined_tags               = merge(var.tags, { "Kubernetes.Type" = "infra", "Kubernetes.Role" = "contolplane" })
   subnet_id                  = local.network_lb.id
   network_security_group_ids = [local.nsg_contolplane_lb]
 
   is_preserve_source_destination = false
   is_private                     = false
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags,
+    ]
+  }
 }
 
 resource "oci_network_load_balancer_listener" "contolplane" {
@@ -97,11 +104,18 @@ resource "oci_network_load_balancer_network_load_balancer" "web" {
   count                      = local.lbv4_web_enable ? 1 : 0
   compartment_id             = var.compartment_ocid
   display_name               = "${local.project}-web-lb"
+  defined_tags               = merge(var.tags, { "Kubernetes.Type" = "infra" })
   subnet_id                  = local.network_lb.id
   network_security_group_ids = [local.nsg_web]
 
   is_preserve_source_destination = false
   is_private                     = false
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags,
+    ]
+  }
 }
 
 resource "oci_network_load_balancer_listener" "http" {

oracle/prepare/network-dns.tf

@@ -14,4 +14,11 @@ resource "oci_dns_zone" "cluster" {
   zone_type      = "PRIMARY"
   scope          = "PRIVATE"
   view_id        = data.oci_dns_resolver.main.default_view_id
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "infra" })
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }

oracle/prepare/network-nat.tf

@@ -2,6 +2,13 @@
 resource "oci_core_public_ip" "nat" {
   compartment_id = var.compartment_ocid
   lifetime       = "RESERVED"
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "infra" })
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 
 resource "oci_core_nat_gateway" "private" {
@@ -9,12 +16,20 @@ resource "oci_core_nat_gateway" "private" {
   vcn_id         = oci_core_vcn.main.id
   display_name   = "main"
   public_ip_id   = oci_core_public_ip.nat.id
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "infra" })
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 
 resource "oci_core_route_table" "private" {
   compartment_id = var.compartment_ocid
   vcn_id         = oci_core_vcn.main.id
   display_name   = "private"
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "infra" })
 
   route_rules {
     network_entity_id = oci_core_nat_gateway.private.id
@@ -26,4 +41,10 @@ resource "oci_core_route_table" "private" {
     destination       = data.oci_core_services.object_store.services[0]["cidr_block"]
     destination_type  = "SERVICE_CIDR_BLOCK"
   }
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }

oracle/prepare/network-secgroup.tf

@@ -48,6 +48,13 @@ resource "oci_core_network_security_group" "cilium" {
   display_name   = "${var.project}-cilium"
   compartment_id = var.compartment_ocid
   vcn_id         = oci_core_vcn.main.id
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "infra" })
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 resource "oci_core_network_security_group_security_rule" "cilium_vxvlan_in" {
   for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]])
@@ -110,6 +117,13 @@ resource "oci_core_network_security_group" "talos" {
   display_name   = "${var.project}-talos"
   compartment_id = var.compartment_ocid
   vcn_id         = oci_core_vcn.main.id
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "infra" })
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 
 resource "oci_core_network_security_group_security_rule" "talos" {
@@ -165,6 +179,13 @@ resource "oci_core_network_security_group" "contolplane_lb" {
   display_name   = "${var.project}-contolplane-lb"
   compartment_id = var.compartment_ocid
   vcn_id         = oci_core_vcn.main.id
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "infra" })
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 
 resource "oci_core_network_security_group_security_rule" "kubernetes" {
@@ -216,11 +237,17 @@ resource "oci_core_network_security_group_security_rule" "kubernetes_talos_admin
   }
 }
 
-
 resource "oci_core_network_security_group" "contolplane" {
   display_name   = "${var.project}-contolplane"
   compartment_id = var.compartment_ocid
   vcn_id         = oci_core_vcn.main.id
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "infra" })
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 resource "oci_core_network_security_group_security_rule" "contolplane_kubernetes" {
   for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]])
@@ -291,6 +318,13 @@ resource "oci_core_network_security_group" "web" {
   display_name   = "${var.project}-web"
   compartment_id = var.compartment_ocid
   vcn_id         = oci_core_vcn.main.id
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "worker" })
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 resource "oci_core_network_security_group_security_rule" "web_kubelet" {
   for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]])
@@ -377,6 +411,13 @@ resource "oci_core_network_security_group" "worker" {
   display_name   = "${var.project}-worker"
   compartment_id = var.compartment_ocid
   vcn_id         = oci_core_vcn.main.id
+  defined_tags   = merge(var.tags, { "Kubernetes.Type" = "worker" })
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 resource "oci_core_network_security_group_security_rule" "worker_kubelet" {
   for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]])

oracle/prepare/network.tf

@@ -4,30 +4,52 @@ resource "oci_core_vcn" "main" {
   display_name   = var.project
   cidr_blocks    = [var.vpc_main_cidr]
   is_ipv6enabled = true
+  defined_tags   = var.tags
   dns_label      = var.project
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 
 resource "oci_core_internet_gateway" "main" {
   compartment_id = var.compartment_ocid
   vcn_id         = oci_core_vcn.main.id
   display_name   = oci_core_vcn.main.display_name
+  defined_tags   = var.tags
   enabled        = true
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 
 resource "oci_core_service_gateway" "main" {
   compartment_id = var.compartment_ocid
   vcn_id         = oci_core_vcn.main.id
   display_name   = oci_core_vcn.main.display_name
+  defined_tags   = var.tags
 
   services {
     service_id = data.oci_core_services.object_store.services[0]["id"]
   }
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 
 resource "oci_core_route_table" "main" {
   compartment_id = var.compartment_ocid
   vcn_id         = oci_core_vcn.main.id
   display_name   = oci_core_vcn.main.display_name
+  defined_tags   = var.tags
 
   route_rules {
     network_entity_id = oci_core_internet_gateway.main.id
@@ -39,6 +61,12 @@ resource "oci_core_route_table" "main" {
     destination       = "::/0"
     destination_type  = "CIDR_BLOCK"
   }
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 
 resource "oci_core_subnet" "regional_lb" {
@@ -51,8 +79,16 @@ resource "oci_core_subnet" "regional_lb" {
   prohibit_public_ip_on_vnic = false
 
   display_name = "${oci_core_vcn.main.display_name}-regional-lb"
+  defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
   dns_label    = "lb"
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
+
 resource "oci_core_subnet" "regional" {
   cidr_block                 = cidrsubnet(oci_core_vcn.main.cidr_block, 10, 1)
   ipv6cidr_block             = cidrsubnet(oci_core_vcn.main.ipv6cidr_blocks[0], 8, 1)
@@ -63,7 +99,14 @@ resource "oci_core_subnet" "regional" {
   prohibit_public_ip_on_vnic = false
 
   display_name = "${oci_core_vcn.main.display_name}-regional"
+  defined_tags = var.tags
   dns_label    = "regional"
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 
 resource "oci_core_subnet" "public" {
@@ -79,7 +122,14 @@ resource "oci_core_subnet" "public" {
   availability_domain        = each.key
 
   display_name = "${oci_core_vcn.main.display_name}-public-zone-${each.value}"
+  defined_tags = var.tags
   dns_label    = "public${each.value}"
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }
 
 resource "oci_core_subnet" "private" {
@@ -94,5 +144,12 @@ resource "oci_core_subnet" "private" {
   availability_domain        = each.key
 
   display_name = "${oci_core_vcn.main.display_name}-private-zone-${each.value}"
+  defined_tags = var.tags
   dns_label    = "private${each.value}"
+
+  lifecycle {
+    ignore_changes = [
+      defined_tags
+    ]
+  }
 }

oracle/prepare/variables.tf

@@ -18,6 +18,14 @@ variable "region" {
   default     = null
 }
 
+variable "tags" {
+  description = "Defined Tags of resources"
+  type        = map(string)
+  default = {
+    "Kubernetes.Environment" = "Develop"
+  }
+}
+
 variable "kubernetes" {
   type = map(string)
   default = {

oracle/prepare/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     oci = {
       source  = "hashicorp/oci"
-      version = "4.56.0"
+      version = "4.57.0"
     }
   }
 }

oracle/variables.tf

@@ -18,6 +18,14 @@ variable "region" {
   default     = null
 }
 
+variable "tags" {
+  description = "Defined Tags of resources"
+  type        = map(string)
+  default = {
+    "Kubernetes.Environment" = "Develop"
+  }
+}
+
 data "terraform_remote_state" "prepare" {
   backend = "local"
   config = {