Ready Module for common Oracle Cloud Infrastracture services that make it easy to setup and create your infrastracture as code. The repo contains some custom modules that are built on the top of official oci provider. This repository provides ready and handy modules to use to spin up production ready infra in Oracle Cloud.
Note that, you will not be able to manage your infra 100% as code, however, what we aimed at is to be 80%-90%, as some manual setup will still be required.
- You need an account with oracle, and you must have setup your public key in your account. Consult oracle docs for how to setup your account to use oci api here.
terraform
binary downloadable from here.
There are multiple ways on how to manage environments in Terraform. What is suggested here is to let terraform manages multiple workspaces, each state is scoped to an environment. Environments states are stored differently in remote state file as specified in the configurations.tf
file. Environments can be found under environments
directory. Here is a suggestion on how to organise your different environments.
environments/
production/
variables.tf
provider.tf
output.tf
data.tf
configurations.tf. <--------- using production workspace in Terraform
main.tf <------ specific environment infra goes here
...
...
uat/
variables.tf
provider.tf
output.tf
data.tf
configurations.tf. <--------- using uat workspace in Terraform backend
main.tf <------ specific environment infra goes here
...
...
NOTE Since compartments
, users
, groups
, and policies
are not scoped to specific environments, and they apply at the account/tenant level, it is advisable to have a concept of gloabl environment, where states in this environment will affect the whole account (e.g environments/global/
can be for identity management at account level)
Your configurations.tf
will look like this:
terraform {
backend "remote" {
hostname = "app.terraform.io"
organization = YOUR_ACCOUNT
workspaces {
name = YOUR_ENV_WORKSPACE
}
}
required_providers {
oci = {
source = "hashicorp/oci"
version = "~> 4.2.0"
}
}
}
It is been found useful to seperate your environments based on compartments. Using compartments make it easy to create full isolation and manage
access based on need. For example, you can create production
compartment and stage
compartments, then create two cicd users, each with access to
specific compartment. This way you can manage your environments based on compartemtns with different credentials.
To create different environments (prod, uat, dev), it is assumed that they same overall design.
- Create a new folder under environments dir, and create
configurations.tf
file to configure how you want to manage your Terraform state. - Create the
.auto.tfvars
file and fill it with the needed variables. - customise the environment as you wish in the
maint.tf
. You probably want to configure the instances you want to create + security groups per environment. - Ensure you do not have an overlapping CIDR for your VCN if you plan to do VCN peering between different environments
- You can seperate your cloud access to your cicd pipelines based on environments.
- Easier to manage different environments
- Easier to create duplicated environments
- Create a directory under
environments
. - cd to
environments/DESIRED_ENV
(e.genvironments/stage
) - cp
variables.tf
from current working directory toenvironments/DESIRED_ENV
- pass in the required variables as specified in
variables.tf
in a file called.auto.tfvars
. - Setup your oracle credentials as explained in Generating an API Signing Key.
- (if you plan to use remote state store) Ensure you have setup your Terraform creds for
configurations.tf
file - run
terraform plan
- if happy run
terraform apply
module | Description |
---|---|
common-config | Contains common configuration that can be used between other modules, such as IDs for computing shape, os versions, etc |
vault | Create Vault and manages keys |
file-storage-systme | Create a file storage system with exports, export paths and mount targets in a given VCN |
identity | IAM management, compartment and policies for creating users, groups, compartments, and policies |
instances | Create compute instances and attach a network security group id in a given subnets and VCN |
volumes | Create Volumes, Backup Policy and manages volumes attachments |
kuberentes | Creates k8s cluster and node pools in the given VCN |
load-balancer | WIP - Not ready |
mysql | Creates MYSQL Database in a given VCN |
network | Creates a VCN with default routing table, and default security list alongside desired subnets |
network-load-balancer | Creates an NLB, with listeners and backends alongside backendset in a given VCN |
network-sg | Creates network security groups |
object-storage | Creates object storage buckets |
public-ip | Creates a reserved public IP that can be attached to instances or load balancers |
security-list | Creates network security lists |
waf | Creates a WAF. |
dns | Creates a DNS management system. |
repo release | oci terraform provider version |
---|---|
v1.0 | 4.20.0 |
v2.0 | 4.44 |
As explained in Terraform Modules, you can use this repo to refer to the modules defined here. Since all modules are hosted in the same git repo, you can the special double-slash
syntax as stated here. You can also set specific version using ref
argument.
In summary:
- Use
github.com/Binsabbar/oracle-cloud-terraform
as source - Set module name in the path by appending
special double-slash
:github.com/Binsabbar/oracle-cloud-terraform//modules/identity
- Set
ref
if you want to avoid breaking changes:github.com/Binsabbar/oracle-cloud-terraform//modules/identity?ref=vx.x
Example
module "identity" {
source = "github.com/Binsabbar/oracle-cloud-terraform//modules/identity?ref=v2.0"
...
...
}
module "object-storage" {
source = "github.com/Binsabbar/oracle-cloud-terraform//modules/object-storage?ref=v2.1"
...
...
}
Thanks to the following folks for providing suggestions and improvments to this project.
- Abdullah Aljubayri Thwwaq (waf module)
- Abeer Alotaibi octopus20 (network-load-balancer module)
- Grzegorz M grzesjam (v1.0 public-ip module)
- Mateusz Kozakiewicz mateuszkozakiewicz (v1.0 public-ip module)
- Abdullah Bin Rasheed Twirlyz (dns module)
- Remaz Altuwaim remaz2250 (v2.8.0 and v2.10.0 instance/network-sg module)
- Dawid Rogowicz dawidrogowicz (v2.12.0 instance)
- Mohamed Essam mohamed-esam (v2.12.0 dns-management)
- Mohamed Essam mohamed-esam (v2.12.0 network)