diff --git a/VERSION b/VERSION index 35864a9..5c5cbb3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.8.7 \ No newline at end of file +0.8.8 \ No newline at end of file diff --git a/defaults.tf b/defaults.tf index 1ab382b..2e5f6ed 100644 --- a/defaults.tf +++ b/defaults.tf @@ -100,10 +100,10 @@ locals { # prohibit_public_ip_on_vnic = false # prohibit_internet_ingress = false # route_table_id = module.route_tables["public"].route_table_id # If null, the VCN's default route table is used - # alternative_route_table = null # Optional, Name of the previously created route table + # alternative_route_table_name = null # Optional, Name of the previously created route table # dhcp_options_id = module.vcn.default_dhcp_options_id # If null, the VCN's default set of DHCP options is used # security_list_ids = [module.security_lists["opensearch_security_list"].security_list_id] # If null, the VCN's default security list is used - # alternative_security_list = null # Optional, Name of the previously created security list + # extra_security_list_names = [] # Optional, Names of the previously created security lists # ipv6cidr_block = null # If null, no IPv6 CIDR block is assigned # }, ] diff --git a/main.tf b/main.tf index d5656cb..bcf0c6e 100644 --- a/main.tf +++ b/main.tf @@ -198,62 +198,62 @@ locals { subnets_oke = concat(local.subnets_oke_standard, local.subnet_vcn_native_pod_networking, local.subnet_bastion, local.subnet_fss_mount_targets) subnets_oke_standard = [ { - subnet_name = "oke_k8s_endpoint_subnet" - cidr_block = lookup(local.network_cidrs, "ENDPOINT-REGIONAL-SUBNET-CIDR") - display_name = "OKE K8s Endpoint subnet (${local.deploy_id})" - dns_label = "okek8s${local.deploy_id}" - prohibit_public_ip_on_vnic = (var.cluster_endpoint_visibility == "Private") ? true : false - prohibit_internet_ingress = (var.cluster_endpoint_visibility == "Private") ? true : false - route_table_id = (var.cluster_endpoint_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id - alternative_route_table = null - dhcp_options_id = module.vcn.default_dhcp_options_id - security_list_ids = [module.security_lists["oke_endpoint_security_list"].security_list_id] - alternative_security_list = null - ipv6cidr_block = null + subnet_name = "oke_k8s_endpoint_subnet" + cidr_block = lookup(local.network_cidrs, "ENDPOINT-REGIONAL-SUBNET-CIDR") + display_name = "OKE K8s Endpoint subnet (${local.deploy_id})" + dns_label = "okek8s${local.deploy_id}" + prohibit_public_ip_on_vnic = (var.cluster_endpoint_visibility == "Private") ? true : false + prohibit_internet_ingress = (var.cluster_endpoint_visibility == "Private") ? true : false + route_table_id = (var.cluster_endpoint_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id + alternative_route_table_name = null + dhcp_options_id = module.vcn.default_dhcp_options_id + security_list_ids = [module.security_lists["oke_endpoint_security_list"].security_list_id] + extra_security_list_names = anytrue([(var.extra_security_list_name_for_api_endpoint == ""), (var.extra_security_list_name_for_api_endpoint == null)]) ? [] : [var.extra_security_list_name_for_api_endpoint] + ipv6cidr_block = null }, { - subnet_name = "oke_nodes_subnet" - cidr_block = lookup(local.network_cidrs, "NODES-REGIONAL-SUBNET-CIDR") - display_name = "OKE Nodes subnet (${local.deploy_id})" - dns_label = "okenodes${local.deploy_id}" - prohibit_public_ip_on_vnic = (var.cluster_workers_visibility == "Private") ? true : false - prohibit_internet_ingress = (var.cluster_workers_visibility == "Private") ? true : false - route_table_id = (var.cluster_workers_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id - alternative_route_table = null - dhcp_options_id = module.vcn.default_dhcp_options_id - security_list_ids = [module.security_lists["oke_nodes_security_list"].security_list_id] - alternative_security_list = null - ipv6cidr_block = null + subnet_name = "oke_nodes_subnet" + cidr_block = lookup(local.network_cidrs, "NODES-REGIONAL-SUBNET-CIDR") + display_name = "OKE Nodes subnet (${local.deploy_id})" + dns_label = "okenodes${local.deploy_id}" + prohibit_public_ip_on_vnic = (var.cluster_workers_visibility == "Private") ? true : false + prohibit_internet_ingress = (var.cluster_workers_visibility == "Private") ? true : false + route_table_id = (var.cluster_workers_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id + alternative_route_table_name = null + dhcp_options_id = module.vcn.default_dhcp_options_id + security_list_ids = [module.security_lists["oke_nodes_security_list"].security_list_id] + extra_security_list_names = anytrue([(var.extra_security_list_name_for_nodes == ""), (var.extra_security_list_name_for_nodes == null)]) ? [] : [var.extra_security_list_name_for_nodes] + ipv6cidr_block = null }, { - subnet_name = "oke_lb_subnet" - cidr_block = lookup(local.network_cidrs, "LB-REGIONAL-SUBNET-CIDR") - display_name = "OKE LoadBalancers subnet (${local.deploy_id})" - dns_label = "okelb${local.deploy_id}" - prohibit_public_ip_on_vnic = (var.cluster_load_balancer_visibility == "Private") ? true : false - prohibit_internet_ingress = (var.cluster_load_balancer_visibility == "Private") ? true : false - route_table_id = (var.cluster_load_balancer_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id - alternative_route_table = null - dhcp_options_id = module.vcn.default_dhcp_options_id - security_list_ids = [module.security_lists["oke_lb_security_list"].security_list_id] - alternative_security_list = null - ipv6cidr_block = null + subnet_name = "oke_lb_subnet" + cidr_block = lookup(local.network_cidrs, "LB-REGIONAL-SUBNET-CIDR") + display_name = "OKE LoadBalancers subnet (${local.deploy_id})" + dns_label = "okelb${local.deploy_id}" + prohibit_public_ip_on_vnic = (var.cluster_load_balancer_visibility == "Private") ? true : false + prohibit_internet_ingress = (var.cluster_load_balancer_visibility == "Private") ? true : false + route_table_id = (var.cluster_load_balancer_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id + alternative_route_table_name = null + dhcp_options_id = module.vcn.default_dhcp_options_id + security_list_ids = [module.security_lists["oke_lb_security_list"].security_list_id] + extra_security_list_names = [] + ipv6cidr_block = null } ] subnet_vcn_native_pod_networking = (var.create_pod_network_subnet || var.cluster_cni_type == "OCI_VCN_IP_NATIVE" || var.node_pool_cni_type_1 == "OCI_VCN_IP_NATIVE") ? [ { - subnet_name = "oke_pods_network_subnet" - cidr_block = lookup(local.network_cidrs, "VCN-NATIVE-POD-NETWORKING-REGIONAL-SUBNET-CIDR") # e.g.: 10.20.128.0/17 (1,1) = 32766 usable IPs (10.20.128.0 - 10.20.255.255) - display_name = "OKE PODs Network subnet (${local.deploy_id})" - dns_label = "okenpn${local.deploy_id}" - prohibit_public_ip_on_vnic = (var.pods_network_visibility == "Private") ? true : false - prohibit_internet_ingress = (var.pods_network_visibility == "Private") ? true : false - route_table_id = (var.pods_network_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id - alternative_route_table = null - dhcp_options_id = module.vcn.default_dhcp_options_id - security_list_ids = [module.security_lists["oke_pod_network_security_list"].security_list_id] - alternative_security_list = null - ipv6cidr_block = null + subnet_name = "oke_pods_network_subnet" + cidr_block = lookup(local.network_cidrs, "VCN-NATIVE-POD-NETWORKING-REGIONAL-SUBNET-CIDR") # e.g.: 10.20.128.0/17 (1,1) = 32766 usable IPs (10.20.128.0 - 10.20.255.255) + display_name = "OKE PODs Network subnet (${local.deploy_id})" + dns_label = "okenpn${local.deploy_id}" + prohibit_public_ip_on_vnic = (var.pods_network_visibility == "Private") ? true : false + prohibit_internet_ingress = (var.pods_network_visibility == "Private") ? true : false + route_table_id = (var.pods_network_visibility == "Private") ? module.route_tables["private"].route_table_id : module.route_tables["public"].route_table_id + alternative_route_table_name = null + dhcp_options_id = module.vcn.default_dhcp_options_id + security_list_ids = [module.security_lists["oke_pod_network_security_list"].security_list_id] + extra_security_list_names = [] + ipv6cidr_block = null }] : [] subnet_bastion = [] subnet_fss_mount_targets = [] # 10.20.20.64/26 (10,81) = 62 usable IPs (10.20.20.64 - 10.20.20.255) diff --git a/oci-networking.tf b/oci-networking.tf index 8831c22..d771fb6 100644 --- a/oci-networking.tf +++ b/oci-networking.tf @@ -64,14 +64,16 @@ module "subnets" { dns_label = each.value.dns_label # If null, is autogenerated prohibit_public_ip_on_vnic = each.value.prohibit_public_ip_on_vnic prohibit_internet_ingress = each.value.prohibit_internet_ingress - route_table_id = (anytrue([(each.value.alternative_route_table == ""), (each.value.alternative_route_table == null)]) + route_table_id = (anytrue([(each.value.alternative_route_table_name == ""), (each.value.alternative_route_table_name == null)]) ? each.value.route_table_id - : module.route_tables[each.value.alternative_route_table].route_table_id) # If null, the VCN's default route table is used - dhcp_options_id = each.value.dhcp_options_id # If null, the VCN's default set of DHCP options is used - security_list_ids = (anytrue([(each.value.alternative_security_list == ""), (each.value.alternative_security_list == null)]) # If null, the VCN's default security list is used - ? each.value.security_list_ids - : [module.security_lists[each.value.alternative_security_list].security_list_id]) - ipv6cidr_block = each.value.ipv6cidr_block # If null, no IPv6 CIDR block is assigned + : module.route_tables[each.value.alternative_route_table_name].route_table_id) # If null, the VCN's default route table is used + dhcp_options_id = each.value.dhcp_options_id # If null, the VCN's default set of DHCP options is used + security_list_ids = concat(each.value.security_list_ids, [for v in each.value.extra_security_list_names : module.security_lists[v].security_list_id]) # If null, the VCN's default security list is used + ipv6cidr_block = each.value.ipv6cidr_block # If null, no IPv6 CIDR block is assigned + + # security_list_ids = (anytrue([(each.value.alternative_security_list == ""), (each.value.alternative_security_list == null)]) # If null, the VCN's default security list is used + # ? each.value.security_list_ids + # : [module.security_lists[each.value.alternative_security_list].security_list_id]) } ################################################################################ diff --git a/variables.tf b/variables.tf index 10d66e8..766e2f3 100644 --- a/variables.tf +++ b/variables.tf @@ -107,6 +107,14 @@ variable "extra_security_lists" { default = [] description = "Extra security lists to be created." } +variable "extra_security_list_name_for_api_endpoint" { + default = null + description = "Extra security list name previosly created to be used by the K8s API Endpoint Subnet." +} +variable "extra_security_list_name_for_nodes" { + default = null + description = "Extra security list name previosly created to be used by the Nodes Subnet." +} ################################################################################ # Variables: OKE Network