scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-10-31 02:08:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add predefined tags

Browse Source
This commit is contained in:
Serge Logvinov
2022-01-04 00:12:06 +02:00
parent 353ce8ec59
commit b74ab73aba
16 changed files with 201 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
oracle/init/output.tf
View File

@@ -13,3 +13,8 @@ output "key_file" {
description = "key_file" description = "key_file"
value = "~/.oci/oci_${var.project}_terraform.pem" value = "~/.oci/oci_${var.project}_terraform.pem"
} }
output "tags" {
description = "tags"
value = [for tag, value in var.tags : "${oci_identity_tag_namespace.kubernetes.name}.${tag}"]
}

1
oracle/init/policy.tf
View File

@@ -5,6 +5,7 @@ resource "oci_identity_policy" "terraform" {
compartment_id = oci_identity_compartment.project.id compartment_id = oci_identity_compartment.project.id
statements = [ statements = [
"Allow group ${oci_identity_group.terraform.name} to use tag-namespaces in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage virtual-network-family in compartment ${oci_identity_compartment.project.name}", "Allow group ${oci_identity_group.terraform.name} to manage virtual-network-family in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage load-balancers in compartment ${oci_identity_compartment.project.name}", "Allow group ${oci_identity_group.terraform.name} to manage load-balancers in compartment ${oci_identity_compartment.project.name}",
"Allow group ${oci_identity_group.terraform.name} to manage dns in compartment ${oci_identity_compartment.project.name}", "Allow group ${oci_identity_group.terraform.name} to manage dns in compartment ${oci_identity_compartment.project.name}",

13
oracle/init/tags.tf Normal file
View File

@@ -0,0 +1,13 @@
resource "oci_identity_tag_namespace" "kubernetes" {
compartment_id = oci_identity_compartment.project.id
name = "Kubernetes"
description = "Default kubernetes infrastructure tags"
}
resource "oci_identity_tag" "tags" {
for_each = var.tags
name = each.key
description = each.value
tag_namespace_id = oci_identity_tag_namespace.kubernetes.id
}

10
oracle/init/variables.tf
View File

@@ -12,3 +12,13 @@ variable "project" {
type = string type = string
default = "main" default = "main"
} }
variable "tags" {
description = "Defined Tags of resources"
type = map(string)
default = {
"Environment" = "Resource environment"
"Role" = "Kubernetes node role"
"Type" = "Type of resource"
}
}

2
oracle/init/versions.tf
View File

@@ -3,7 +3,7 @@ terraform {
required_providers { required_providers {
oci = { oci = {
source = "hashicorp/oci" source = "hashicorp/oci"
version = "4.56.0" version = "4.57.0"
} }
} }
} }

1
oracle/instances-controlplane.tf
View File

@@ -19,6 +19,7 @@ resource "oci_core_instance" "contolplane" {
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
display_name = "${local.project}-contolplane-${count.index + 1}" display_name = "${local.project}-contolplane-${count.index + 1}"
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra", "Kubernetes.Role" = "contolplane" })
availability_domain = local.zone availability_domain = local.zone
fault_domain = element(data.oci_identity_fault_domains.domains.fault_domains, count.index).name fault_domain = element(data.oci_identity_fault_domains.domains.fault_domains, count.index).name

5
oracle/instances-web.tf
View File

@@ -5,6 +5,7 @@ resource "oci_core_instance_pool" "web" {
size = lookup(var.instances[local.zone], "web_count", 0) size = lookup(var.instances[local.zone], "web_count", 0)
state = "RUNNING" state = "RUNNING"
display_name = "${var.project}-web" display_name = "${var.project}-web"
defined_tags = merge(var.tags, { "Kubernetes.Role" = "web" })
placement_configurations { placement_configurations {
availability_domain = local.network_public[local.zone].availability_domain availability_domain = local.network_public[local.zone].availability_domain
@@ -34,6 +35,7 @@ locals {
resource "oci_core_instance_configuration" "web" { resource "oci_core_instance_configuration" "web" {
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
display_name = "${var.project}-web" display_name = "${var.project}-web"
defined_tags = merge(var.tags, { "Kubernetes.Role" = "web" })
instance_details { instance_details {
instance_type = "compute" instance_type = "compute"
@@ -95,6 +97,9 @@ resource "oci_core_instance_configuration" "web" {
lifecycle { lifecycle {
create_before_destroy = "true" create_before_destroy = "true"
ignore_changes = [
defined_tags
]
} }
} }

7
oracle/network-lb-l7.tf
View File

@@ -2,6 +2,7 @@
resource "oci_load_balancer" "web" { resource "oci_load_balancer" "web" {
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
display_name = "${local.project}-web-lb-l7" display_name = "${local.project}-web-lb-l7"
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
shape = "flexible" shape = "flexible"
shape_details { shape_details {
maximum_bandwidth_in_mbps = 10 maximum_bandwidth_in_mbps = 10
@@ -10,6 +11,12 @@ resource "oci_load_balancer" "web" {
subnet_ids = [local.network_lb.id] subnet_ids = [local.network_lb.id]
network_security_group_ids = [local.nsg_web] network_security_group_ids = [local.nsg_web]
lifecycle {
ignore_changes = [
defined_tags,
]
}
} }
resource "oci_load_balancer_listener" "web_http" { resource "oci_load_balancer_listener" "web_http" {

14
oracle/network-lb.tf
View File

@@ -25,11 +25,18 @@ resource "oci_network_load_balancer_network_load_balancer" "contolplane" {
count = local.lbv4_enable ? 1 : 0 count = local.lbv4_enable ? 1 : 0
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
display_name = "${local.project}-contolplane-lb" display_name = "${local.project}-contolplane-lb"
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra", "Kubernetes.Role" = "contolplane" })
subnet_id = local.network_lb.id subnet_id = local.network_lb.id
network_security_group_ids = [local.nsg_contolplane_lb] network_security_group_ids = [local.nsg_contolplane_lb]
is_preserve_source_destination = false is_preserve_source_destination = false
is_private = false is_private = false
lifecycle {
ignore_changes = [
defined_tags,
]
}
} }
resource "oci_network_load_balancer_listener" "contolplane" { resource "oci_network_load_balancer_listener" "contolplane" {
@@ -97,11 +104,18 @@ resource "oci_network_load_balancer_network_load_balancer" "web" {
count = local.lbv4_web_enable ? 1 : 0 count = local.lbv4_web_enable ? 1 : 0
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
display_name = "${local.project}-web-lb" display_name = "${local.project}-web-lb"
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
subnet_id = local.network_lb.id subnet_id = local.network_lb.id
network_security_group_ids = [local.nsg_web] network_security_group_ids = [local.nsg_web]
is_preserve_source_destination = false is_preserve_source_destination = false
is_private = false is_private = false
lifecycle {
ignore_changes = [
defined_tags,
]
}
} }
resource "oci_network_load_balancer_listener" "http" { resource "oci_network_load_balancer_listener" "http" {

7
oracle/prepare/network-dns.tf
View File

@@ -14,4 +14,11 @@ resource "oci_dns_zone" "cluster" {
zone_type = "PRIMARY" zone_type = "PRIMARY"
scope = "PRIVATE" scope = "PRIVATE"
view_id = data.oci_dns_resolver.main.default_view_id view_id = data.oci_dns_resolver.main.default_view_id
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
lifecycle {
ignore_changes = [
defined_tags
]
}
} }

21
oracle/prepare/network-nat.tf
View File

@@ -2,6 +2,13 @@
resource "oci_core_public_ip" "nat" { resource "oci_core_public_ip" "nat" {
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
lifetime = "RESERVED" lifetime = "RESERVED"
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_nat_gateway" "private" { resource "oci_core_nat_gateway" "private" {
@@ -9,12 +16,20 @@ resource "oci_core_nat_gateway" "private" {
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
display_name = "main" display_name = "main"
public_ip_id = oci_core_public_ip.nat.id public_ip_id = oci_core_public_ip.nat.id
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_route_table" "private" { resource "oci_core_route_table" "private" {
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
display_name = "private" display_name = "private"
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
route_rules { route_rules {
network_entity_id = oci_core_nat_gateway.private.id network_entity_id = oci_core_nat_gateway.private.id
@@ -26,4 +41,10 @@ resource "oci_core_route_table" "private" {
destination = data.oci_core_services.object_store.services[0]["cidr_block"] destination = data.oci_core_services.object_store.services[0]["cidr_block"]
destination_type = "SERVICE_CIDR_BLOCK" destination_type = "SERVICE_CIDR_BLOCK"
} }
lifecycle {
ignore_changes = [
defined_tags
]
}
} }

43
oracle/prepare/network-secgroup.tf
View File

@@ -48,6 +48,13 @@ resource "oci_core_network_security_group" "cilium" {
display_name = "${var.project}-cilium" display_name = "${var.project}-cilium"
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_network_security_group_security_rule" "cilium_vxvlan_in" { resource "oci_core_network_security_group_security_rule" "cilium_vxvlan_in" {
for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]]) for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]])
@@ -110,6 +117,13 @@ resource "oci_core_network_security_group" "talos" {
display_name = "${var.project}-talos" display_name = "${var.project}-talos"
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_network_security_group_security_rule" "talos" { resource "oci_core_network_security_group_security_rule" "talos" {
@@ -165,6 +179,13 @@ resource "oci_core_network_security_group" "contolplane_lb" {
display_name = "${var.project}-contolplane-lb" display_name = "${var.project}-contolplane-lb"
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_network_security_group_security_rule" "kubernetes" { resource "oci_core_network_security_group_security_rule" "kubernetes" {
@@ -216,11 +237,17 @@ resource "oci_core_network_security_group_security_rule" "kubernetes_talos_admin
} }
} }
resource "oci_core_network_security_group" "contolplane" { resource "oci_core_network_security_group" "contolplane" {
display_name = "${var.project}-contolplane" display_name = "${var.project}-contolplane"
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_network_security_group_security_rule" "contolplane_kubernetes" { resource "oci_core_network_security_group_security_rule" "contolplane_kubernetes" {
for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]]) for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]])
@@ -291,6 +318,13 @@ resource "oci_core_network_security_group" "web" {
display_name = "${var.project}-web" display_name = "${var.project}-web"
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
defined_tags = merge(var.tags, { "Kubernetes.Type" = "worker" })
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_network_security_group_security_rule" "web_kubelet" { resource "oci_core_network_security_group_security_rule" "web_kubelet" {
for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]]) for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]])
@@ -377,6 +411,13 @@ resource "oci_core_network_security_group" "worker" {
display_name = "${var.project}-worker" display_name = "${var.project}-worker"
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
defined_tags = merge(var.tags, { "Kubernetes.Type" = "worker" })
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_network_security_group_security_rule" "worker_kubelet" { resource "oci_core_network_security_group_security_rule" "worker_kubelet" {
for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]]) for_each = toset([oci_core_vcn.main.cidr_block, oci_core_vcn.main.ipv6cidr_blocks[0]])

57
oracle/prepare/network.tf
View File

@@ -4,30 +4,52 @@ resource "oci_core_vcn" "main" {
display_name = var.project display_name = var.project
cidr_blocks = [var.vpc_main_cidr] cidr_blocks = [var.vpc_main_cidr]
is_ipv6enabled = true is_ipv6enabled = true
defined_tags = var.tags
dns_label = var.project dns_label = var.project
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_internet_gateway" "main" { resource "oci_core_internet_gateway" "main" {
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
display_name = oci_core_vcn.main.display_name display_name = oci_core_vcn.main.display_name
defined_tags = var.tags
enabled = true enabled = true
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_service_gateway" "main" { resource "oci_core_service_gateway" "main" {
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
display_name = oci_core_vcn.main.display_name display_name = oci_core_vcn.main.display_name
defined_tags = var.tags
services { services {
service_id = data.oci_core_services.object_store.services[0]["id"] service_id = data.oci_core_services.object_store.services[0]["id"]
} }
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_route_table" "main" { resource "oci_core_route_table" "main" {
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.main.id vcn_id = oci_core_vcn.main.id
display_name = oci_core_vcn.main.display_name display_name = oci_core_vcn.main.display_name
defined_tags = var.tags
route_rules { route_rules {
network_entity_id = oci_core_internet_gateway.main.id network_entity_id = oci_core_internet_gateway.main.id
@@ -39,6 +61,12 @@ resource "oci_core_route_table" "main" {
destination = "::/0" destination = "::/0"
destination_type = "CIDR_BLOCK" destination_type = "CIDR_BLOCK"
} }
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_subnet" "regional_lb" { resource "oci_core_subnet" "regional_lb" {
@@ -51,8 +79,16 @@ resource "oci_core_subnet" "regional_lb" {
prohibit_public_ip_on_vnic = false prohibit_public_ip_on_vnic = false
display_name = "${oci_core_vcn.main.display_name}-regional-lb" display_name = "${oci_core_vcn.main.display_name}-regional-lb"
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
dns_label = "lb" dns_label = "lb"
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_subnet" "regional" { resource "oci_core_subnet" "regional" {
cidr_block = cidrsubnet(oci_core_vcn.main.cidr_block, 10, 1) cidr_block = cidrsubnet(oci_core_vcn.main.cidr_block, 10, 1)
ipv6cidr_block = cidrsubnet(oci_core_vcn.main.ipv6cidr_blocks[0], 8, 1) ipv6cidr_block = cidrsubnet(oci_core_vcn.main.ipv6cidr_blocks[0], 8, 1)
@@ -63,7 +99,14 @@ resource "oci_core_subnet" "regional" {
prohibit_public_ip_on_vnic = false prohibit_public_ip_on_vnic = false
display_name = "${oci_core_vcn.main.display_name}-regional" display_name = "${oci_core_vcn.main.display_name}-regional"
defined_tags = var.tags
dns_label = "regional" dns_label = "regional"
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_subnet" "public" { resource "oci_core_subnet" "public" {
@@ -79,7 +122,14 @@ resource "oci_core_subnet" "public" {
availability_domain = each.key availability_domain = each.key
display_name = "${oci_core_vcn.main.display_name}-public-zone-${each.value}" display_name = "${oci_core_vcn.main.display_name}-public-zone-${each.value}"
defined_tags = var.tags
dns_label = "public${each.value}" dns_label = "public${each.value}"
lifecycle {
ignore_changes = [
defined_tags
]
}
} }
resource "oci_core_subnet" "private" { resource "oci_core_subnet" "private" {
@@ -94,5 +144,12 @@ resource "oci_core_subnet" "private" {
availability_domain = each.key availability_domain = each.key
display_name = "${oci_core_vcn.main.display_name}-private-zone-${each.value}" display_name = "${oci_core_vcn.main.display_name}-private-zone-${each.value}"
defined_tags = var.tags
dns_label = "private${each.value}" dns_label = "private${each.value}"
lifecycle {
ignore_changes = [
defined_tags
]
}
} }

8
oracle/prepare/variables.tf
View File

@@ -18,6 +18,14 @@ variable "region" {
default = null default = null
} }
variable "tags" {
description = "Defined Tags of resources"
type = map(string)
default = {
"Kubernetes.Environment" = "Develop"
}
}
variable "kubernetes" { variable "kubernetes" {
type = map(string) type = map(string)
default = { default = {

2
oracle/prepare/versions.tf
View File

@@ -3,7 +3,7 @@ terraform {
required_providers { required_providers {
oci = { oci = {
source = "hashicorp/oci" source = "hashicorp/oci"
version = "4.56.0" version = "4.57.0"
} }
} }
} }

8
oracle/variables.tf
View File

@@ -18,6 +18,14 @@ variable "region" {
default = null default = null
} }
variable "tags" {
description = "Defined Tags of resources"
type = map(string)
default = {
"Kubernetes.Environment" = "Develop"
}
}
data "terraform_remote_state" "prepare" { data "terraform_remote_state" "prepare" {
backend = "local" backend = "local"
config = { config = {