From b74ab73aba1ef61b354d6f1f0cf619b95fa8bc14 Mon Sep 17 00:00:00 2001 From: Serge Logvinov Date: Tue, 4 Jan 2022 00:12:06 +0200 Subject: [PATCH] Add predefined tags --- oracle/init/output.tf | 5 +++ oracle/init/policy.tf | 1 + oracle/init/tags.tf | 13 +++++++ oracle/init/variables.tf | 10 ++++++ oracle/init/versions.tf | 2 +- oracle/instances-controlplane.tf | 1 + oracle/instances-web.tf | 5 +++ oracle/network-lb-l7.tf | 7 ++++ oracle/network-lb.tf | 14 ++++++++ oracle/prepare/network-dns.tf | 7 ++++ oracle/prepare/network-nat.tf | 21 +++++++++++ oracle/prepare/network-secgroup.tf | 43 +++++++++++++++++++++- oracle/prepare/network.tf | 57 ++++++++++++++++++++++++++++++ oracle/prepare/variables.tf | 8 +++++ oracle/prepare/versions.tf | 2 +- oracle/variables.tf | 8 +++++ 16 files changed, 201 insertions(+), 3 deletions(-) create mode 100644 oracle/init/tags.tf diff --git a/oracle/init/output.tf b/oracle/init/output.tf index 4859261..5e92a3a 100644 --- a/oracle/init/output.tf +++ b/oracle/init/output.tf @@ -13,3 +13,8 @@ output "key_file" { description = "key_file" value = "~/.oci/oci_${var.project}_terraform.pem" } + +output "tags" { + description = "tags" + value = [for tag, value in var.tags : "${oci_identity_tag_namespace.kubernetes.name}.${tag}"] +} diff --git a/oracle/init/policy.tf b/oracle/init/policy.tf index 01b9c0f..c882ad2 100644 --- a/oracle/init/policy.tf +++ b/oracle/init/policy.tf @@ -5,6 +5,7 @@ resource "oci_identity_policy" "terraform" { compartment_id = oci_identity_compartment.project.id statements = [ + "Allow group ${oci_identity_group.terraform.name} to use tag-namespaces in compartment ${oci_identity_compartment.project.name}", "Allow group ${oci_identity_group.terraform.name} to manage virtual-network-family in compartment ${oci_identity_compartment.project.name}", "Allow group ${oci_identity_group.terraform.name} to manage load-balancers in compartment ${oci_identity_compartment.project.name}", "Allow group ${oci_identity_group.terraform.name} to manage dns in compartment ${oci_identity_compartment.project.name}", diff --git a/oracle/init/tags.tf b/oracle/init/tags.tf new file mode 100644 index 0000000..842d74c --- /dev/null +++ b/oracle/init/tags.tf @@ -0,0 +1,13 @@ + +resource "oci_identity_tag_namespace" "kubernetes" { + compartment_id = oci_identity_compartment.project.id + name = "Kubernetes" + description = "Default kubernetes infrastructure tags" +} + +resource "oci_identity_tag" "tags" { + for_each = var.tags + name = each.key + description = each.value + tag_namespace_id = oci_identity_tag_namespace.kubernetes.id +} diff --git a/oracle/init/variables.tf b/oracle/init/variables.tf index 67f947f..f180dbe 100644 --- a/oracle/init/variables.tf +++ b/oracle/init/variables.tf @@ -12,3 +12,13 @@ variable "project" { type = string default = "main" } + +variable "tags" { + description = "Defined Tags of resources" + type = map(string) + default = { + "Environment" = "Resource environment" + "Role" = "Kubernetes node role" + "Type" = "Type of resource" + } +} diff --git a/oracle/init/versions.tf b/oracle/init/versions.tf index 0ce5c7b..4dde904 100644 --- a/oracle/init/versions.tf +++ b/oracle/init/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { oci = { source = "hashicorp/oci" - version = "4.56.0" + version = "4.57.0" } } } diff --git a/oracle/instances-controlplane.tf b/oracle/instances-controlplane.tf index c008c81..3de5644 100644 --- a/oracle/instances-controlplane.tf +++ b/oracle/instances-controlplane.tf @@ -19,6 +19,7 @@ resource "oci_core_instance" "contolplane" { compartment_id = var.compartment_ocid display_name = "${local.project}-contolplane-${count.index + 1}" + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra", "Kubernetes.Role" = "contolplane" }) availability_domain = local.zone fault_domain = element(data.oci_identity_fault_domains.domains.fault_domains, count.index).name diff --git a/oracle/instances-web.tf b/oracle/instances-web.tf index 37768b2..eb1d22e 100644 --- a/oracle/instances-web.tf +++ b/oracle/instances-web.tf @@ -5,6 +5,7 @@ resource "oci_core_instance_pool" "web" { size = lookup(var.instances[local.zone], "web_count", 0) state = "RUNNING" display_name = "${var.project}-web" + defined_tags = merge(var.tags, { "Kubernetes.Role" = "web" }) placement_configurations { availability_domain = local.network_public[local.zone].availability_domain @@ -34,6 +35,7 @@ locals { resource "oci_core_instance_configuration" "web" { compartment_id = var.compartment_ocid display_name = "${var.project}-web" + defined_tags = merge(var.tags, { "Kubernetes.Role" = "web" }) instance_details { instance_type = "compute" @@ -95,6 +97,9 @@ resource "oci_core_instance_configuration" "web" { lifecycle { create_before_destroy = "true" + ignore_changes = [ + defined_tags + ] } } diff --git a/oracle/network-lb-l7.tf b/oracle/network-lb-l7.tf index a458d17..08da02a 100644 --- a/oracle/network-lb-l7.tf +++ b/oracle/network-lb-l7.tf @@ -2,6 +2,7 @@ resource "oci_load_balancer" "web" { compartment_id = var.compartment_ocid display_name = "${local.project}-web-lb-l7" + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) shape = "flexible" shape_details { maximum_bandwidth_in_mbps = 10 @@ -10,6 +11,12 @@ resource "oci_load_balancer" "web" { subnet_ids = [local.network_lb.id] network_security_group_ids = [local.nsg_web] + + lifecycle { + ignore_changes = [ + defined_tags, + ] + } } resource "oci_load_balancer_listener" "web_http" { diff --git a/oracle/network-lb.tf b/oracle/network-lb.tf index 49de3bf..ae10deb 100644 --- a/oracle/network-lb.tf +++ b/oracle/network-lb.tf @@ -25,11 +25,18 @@ resource "oci_network_load_balancer_network_load_balancer" "contolplane" { count = local.lbv4_enable ? 1 : 0 compartment_id = var.compartment_ocid display_name = "${local.project}-contolplane-lb" + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra", "Kubernetes.Role" = "contolplane" }) subnet_id = local.network_lb.id network_security_group_ids = [local.nsg_contolplane_lb] is_preserve_source_destination = false is_private = false + + lifecycle { + ignore_changes = [ + defined_tags, + ] + } } resource "oci_network_load_balancer_listener" "contolplane" { @@ -97,11 +104,18 @@ resource "oci_network_load_balancer_network_load_balancer" "web" { count = local.lbv4_web_enable ? 1 : 0 compartment_id = var.compartment_ocid display_name = "${local.project}-web-lb" + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) subnet_id = local.network_lb.id network_security_group_ids = [local.nsg_web] is_preserve_source_destination = false is_private = false + + lifecycle { + ignore_changes = [ + defined_tags, + ] + } } resource "oci_network_load_balancer_listener" "http" { diff --git a/oracle/prepare/network-dns.tf b/oracle/prepare/network-dns.tf index b02f82a..98aaf24 100644 --- a/oracle/prepare/network-dns.tf +++ b/oracle/prepare/network-dns.tf @@ -14,4 +14,11 @@ resource "oci_dns_zone" "cluster" { zone_type = "PRIMARY" scope = "PRIVATE" view_id = data.oci_dns_resolver.main.default_view_id + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } diff --git a/oracle/prepare/network-nat.tf b/oracle/prepare/network-nat.tf index 4179731..014db94 100644 --- a/oracle/prepare/network-nat.tf +++ b/oracle/prepare/network-nat.tf @@ -2,6 +2,13 @@ resource "oci_core_public_ip" "nat" { compartment_id = var.compartment_ocid lifetime = "RESERVED" + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_nat_gateway" "private" { @@ -9,12 +16,20 @@ resource "oci_core_nat_gateway" "private" { vcn_id = oci_core_vcn.main.id display_name = "main" public_ip_id = oci_core_public_ip.nat.id + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_route_table" "private" { compartment_id = var.compartment_ocid vcn_id = oci_core_vcn.main.id display_name = "private" + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) route_rules { network_entity_id = oci_core_nat_gateway.private.id @@ -26,4 +41,10 @@ resource "oci_core_route_table" "private" { destination = data.oci_core_services.object_store.services[0]["cidr_block"] destination_type = "SERVICE_CIDR_BLOCK" } + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } diff --git a/oracle/prepare/network-secgroup.tf b/oracle/prepare/network-secgroup.tf index 2cf7a3b..baa0e3c 100644 --- a/oracle/prepare/network-secgroup.tf +++ b/oracle/prepare/network-secgroup.tf @@ -48,6 +48,13 @@ resource "oci_core_network_security_group" "cilium" { display_name = "${var.project}-cilium" compartment_id = var.compartment_ocid vcn_id = oci_core_vcn.main.id + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_network_security_group_security_rule" "cilium_vxvlan_in" { for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]]) @@ -110,6 +117,13 @@ resource "oci_core_network_security_group" "talos" { display_name = "${var.project}-talos" compartment_id = var.compartment_ocid vcn_id = oci_core_vcn.main.id + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_network_security_group_security_rule" "talos" { @@ -165,6 +179,13 @@ resource "oci_core_network_security_group" "contolplane_lb" { display_name = "${var.project}-contolplane-lb" compartment_id = var.compartment_ocid vcn_id = oci_core_vcn.main.id + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_network_security_group_security_rule" "kubernetes" { @@ -216,11 +237,17 @@ resource "oci_core_network_security_group_security_rule" "kubernetes_talos_admin } } - resource "oci_core_network_security_group" "contolplane" { display_name = "${var.project}-contolplane" compartment_id = var.compartment_ocid vcn_id = oci_core_vcn.main.id + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_network_security_group_security_rule" "contolplane_kubernetes" { for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]]) @@ -291,6 +318,13 @@ resource "oci_core_network_security_group" "web" { display_name = "${var.project}-web" compartment_id = var.compartment_ocid vcn_id = oci_core_vcn.main.id + defined_tags = merge(var.tags, { "Kubernetes.Type" = "worker" }) + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_network_security_group_security_rule" "web_kubelet" { for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]]) @@ -377,6 +411,13 @@ resource "oci_core_network_security_group" "worker" { display_name = "${var.project}-worker" compartment_id = var.compartment_ocid vcn_id = oci_core_vcn.main.id + defined_tags = merge(var.tags, { "Kubernetes.Type" = "worker" }) + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_network_security_group_security_rule" "worker_kubelet" { for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]]) diff --git a/oracle/prepare/network.tf b/oracle/prepare/network.tf index 4d6f3eb..b282e84 100644 --- a/oracle/prepare/network.tf +++ b/oracle/prepare/network.tf @@ -4,30 +4,52 @@ resource "oci_core_vcn" "main" { display_name = var.project cidr_blocks = [var.vpc_main_cidr] is_ipv6enabled = true + defined_tags = var.tags dns_label = var.project + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_internet_gateway" "main" { compartment_id = var.compartment_ocid vcn_id = oci_core_vcn.main.id display_name = oci_core_vcn.main.display_name + defined_tags = var.tags enabled = true + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_service_gateway" "main" { compartment_id = var.compartment_ocid vcn_id = oci_core_vcn.main.id display_name = oci_core_vcn.main.display_name + defined_tags = var.tags services { service_id = data.oci_core_services.object_store.services[0]["id"] } + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_route_table" "main" { compartment_id = var.compartment_ocid vcn_id = oci_core_vcn.main.id display_name = oci_core_vcn.main.display_name + defined_tags = var.tags route_rules { network_entity_id = oci_core_internet_gateway.main.id @@ -39,6 +61,12 @@ resource "oci_core_route_table" "main" { destination = "::/0" destination_type = "CIDR_BLOCK" } + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_subnet" "regional_lb" { @@ -51,8 +79,16 @@ resource "oci_core_subnet" "regional_lb" { prohibit_public_ip_on_vnic = false display_name = "${oci_core_vcn.main.display_name}-regional-lb" + defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) dns_label = "lb" + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } + resource "oci_core_subnet" "regional" { cidr_block = cidrsubnet(oci_core_vcn.main.cidr_block, 10, 1) ipv6cidr_block = cidrsubnet(oci_core_vcn.main.ipv6cidr_blocks[0], 8, 1) @@ -63,7 +99,14 @@ resource "oci_core_subnet" "regional" { prohibit_public_ip_on_vnic = false display_name = "${oci_core_vcn.main.display_name}-regional" + defined_tags = var.tags dns_label = "regional" + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_subnet" "public" { @@ -79,7 +122,14 @@ resource "oci_core_subnet" "public" { availability_domain = each.key display_name = "${oci_core_vcn.main.display_name}-public-zone-${each.value}" + defined_tags = var.tags dns_label = "public${each.value}" + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } resource "oci_core_subnet" "private" { @@ -94,5 +144,12 @@ resource "oci_core_subnet" "private" { availability_domain = each.key display_name = "${oci_core_vcn.main.display_name}-private-zone-${each.value}" + defined_tags = var.tags dns_label = "private${each.value}" + + lifecycle { + ignore_changes = [ + defined_tags + ] + } } diff --git a/oracle/prepare/variables.tf b/oracle/prepare/variables.tf index 7aa2276..1b71612 100644 --- a/oracle/prepare/variables.tf +++ b/oracle/prepare/variables.tf @@ -18,6 +18,14 @@ variable "region" { default = null } +variable "tags" { + description = "Defined Tags of resources" + type = map(string) + default = { + "Kubernetes.Environment" = "Develop" + } +} + variable "kubernetes" { type = map(string) default = { diff --git a/oracle/prepare/versions.tf b/oracle/prepare/versions.tf index 0ce5c7b..4dde904 100644 --- a/oracle/prepare/versions.tf +++ b/oracle/prepare/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { oci = { source = "hashicorp/oci" - version = "4.56.0" + version = "4.57.0" } } } diff --git a/oracle/variables.tf b/oracle/variables.tf index 8e7d6fc..dd2b023 100644 --- a/oracle/variables.tf +++ b/oracle/variables.tf @@ -18,6 +18,14 @@ variable "region" { default = null } +variable "tags" { + description = "Defined Tags of resources" + type = map(string) + default = { + "Kubernetes.Environment" = "Develop" + } +} + data "terraform_remote_state" "prepare" { backend = "local" config = {