This repository has been archived by the owner on Oct 31, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 118
/
k8s-oci.tf
483 lines (450 loc) · 28.5 KB
/
k8s-oci.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
locals {
master_lb_ip = "${var.master_oci_lb_enabled == "true" ? element(concat(flatten(module.k8smaster-public-lb.ip_addresses), list("")), 0) : "127.0.0.1"}"
master_lb_address = "${format("https://%s:%s", local.master_lb_ip, var.master_oci_lb_enabled == "true" ? "443" : "6443")}"
reverse_proxy_clount_init = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.clount_init}"
reverse_proxy_setup = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.setup}"
etcd_endpoints = "${var.etcd_lb_enabled == "true" ?
join(",",formatlist("http://%s:2379", module.etcd-lb.ip_addresses)) :
join(",",formatlist("http://%s:2379", compact(concat(
module.instances-etcd-ad1.private_ips,
module.instances-etcd-ad2.private_ips,
module.instances-etcd-ad3.private_ips)))) }"
}
### CA and Cluster Certificates
module "k8s-tls" {
source = "./tls/"
api_server_private_key = "${var.api_server_private_key}"
api_server_cert = "${var.api_server_cert}"
ca_cert = "${var.ca_cert}"
ca_key = "${var.ca_key}"
api_server_admin_token = "${var.api_server_admin_token}"
master_lb_public_ip = "${local.master_lb_ip}"
ssh_private_key = "${var.ssh_private_key}"
ssh_public_key_openssh = "${var.ssh_public_key_openssh}"
}
### Virtual Cloud Network
module "vcn" {
source = "./network/vcn"
compartment_ocid = "${var.compartment_ocid}"
label_prefix = "${var.label_prefix}"
tenancy_ocid = "${var.tenancy_ocid}"
vcn_dns_name = "${var.vcn_dns_name}"
additional_etcd_security_lists_ids = "${var.additional_etcd_security_lists_ids}"
additional_k8smaster_security_lists_ids = "${var.additional_k8s_master_security_lists_ids}"
additional_k8sworker_security_lists_ids = "${var.additional_k8s_worker_security_lists_ids}"
additional_public_security_lists_ids = "${var.additional_public_security_lists_ids}"
control_plane_subnet_access = "${var.control_plane_subnet_access}"
etcd_ssh_ingress = "${var.etcd_ssh_ingress}"
etcd_cluster_ingress = "${var.etcd_cluster_ingress}"
master_ssh_ingress = "${var.master_ssh_ingress}"
master_https_ingress = "${var.master_https_ingress}"
network_cidrs = "${var.network_cidrs}"
public_subnet_ssh_ingress = "${var.public_subnet_ssh_ingress}"
public_subnet_http_ingress = "${var.public_subnet_http_ingress}"
public_subnet_https_ingress = "${var.public_subnet_https_ingress}"
nat_instance_oracle_linux_image_name = "${var.nat_ol_image_name}"
nat_instance_shape = "${var.natInstanceShape}"
nat_instance_ad1_enabled = "${var.nat_instance_ad1_enabled}"
nat_instance_ad2_enabled = "${var.nat_instance_ad2_enabled}"
nat_instance_ad3_enabled = "${var.nat_instance_ad3_enabled}"
nat_instance_ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}"
dedicated_nat_subnets = "${var.dedicated_nat_subnets}"
worker_ssh_ingress = "${var.worker_ssh_ingress}"
worker_nodeport_ingress = "${var.worker_nodeport_ingress}"
master_nodeport_ingress = "${var.master_nodeport_ingress}"
external_icmp_ingress = "${var.external_icmp_ingress}"
internal_icmp_ingress = "${var.internal_icmp_ingress}"
network_subnet_dns = "${var.network_subnet_dns}"
}
module "oci-cloud-controller" {
source = "./kubernetes/oci-cloud-controller"
label_prefix = "${var.label_prefix}"
compartment_ocid = "${var.compartment_ocid}"
tenancy = "${var.tenancy_ocid}"
region = "${var.region}"
cloud_controller_user_ocid = "${var.cloud_controller_user_ocid == "" ? var.user_ocid : var.cloud_controller_user_ocid}"
cloud_controller_user_fingerprint = "${var.cloud_controller_user_fingerprint == "" ? var.fingerprint : var.cloud_controller_user_fingerprint}"
cloud_controller_user_private_key_path = "${var.cloud_controller_user_private_key_path == "" ? var.private_key_path : var.cloud_controller_user_private_key_path}"
// So we are using the private_key_path to see if it is set as we don't want to fall back to the var.private_key_password if the
// var.cloud_controller_user_private_key_path has been provided but has an empty password
cloud_controller_user_private_key_password = "${var.cloud_controller_user_private_key_path == "" ? var.private_key_password : var.cloud_controller_user_private_key_password}"
subnet1 = "${element(module.vcn.ccmlb_subnet_ad1_id,0)}"
subnet2 = "${element(module.vcn.ccmlb_subnet_ad2_id,0)}"
}
module "oci-flexvolume-driver" {
source = "./kubernetes/oci-flexvolume-driver"
tenancy = "${var.tenancy_ocid}"
vcn = "${module.vcn.id}"
flexvolume_driver_user_ocid = "${var.flexvolume_driver_user_ocid == "" ? var.user_ocid : var.flexvolume_driver_user_ocid}"
flexvolume_driver_user_fingerprint = "${var.flexvolume_driver_user_fingerprint == "" ? var.fingerprint : var.flexvolume_driver_user_fingerprint}"
flexvolume_driver_user_private_key_path = "${var.flexvolume_driver_user_private_key_path == "" ? var.private_key_path : var.flexvolume_driver_user_private_key_path}"
// See comment for oci-cloud-controller
flexvolume_driver_user_private_key_password = "${var.flexvolume_driver_user_private_key_path == "" ? var.private_key_password : var.flexvolume_driver_user_private_key_password}"
}
module "oci-volume-provisioner" {
source = "./kubernetes/oci-volume-provisioner"
tenancy = "${var.tenancy_ocid}"
region = "${var.region}"
compartment = "${var.compartment_ocid}"
volume_provisioner_user_ocid = "${var.volume_provisioner_user_ocid == "" ? var.user_ocid : var.volume_provisioner_user_ocid}"
volume_provisioner_user_fingerprint = "${var.volume_provisioner_user_fingerprint == "" ? var.fingerprint : var.volume_provisioner_user_fingerprint}"
volume_provisioner_user_private_key_path = "${var.volume_provisioner_user_private_key_path == "" ? var.private_key_path : var.volume_provisioner_user_private_key_path}"
// See comment for oci-cloud-controller
volume_provisioner_user_private_key_password = "${var.volume_provisioner_user_private_key_path == "" ? var.private_key_password : var.volume_provisioner_user_private_key_password}"
}
### Compute Instance(s)
module "instances-etcd-ad1" {
source = "./instances/etcd"
count = "${var.etcdAd1Count}"
availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
compartment_ocid = "${var.compartment_ocid}"
control_plane_subnet_access = "${var.control_plane_subnet_access}"
display_name_prefix = "etcd-ad1"
domain_name = "${var.domain_name}"
etcd_discovery_url = "${template_file.etcd_discovery_url.id}"
etcd_ver = "${var.etcd_ver}"
hostname_label_prefix = "etcd-ad1"
oracle_linux_image_name = "${var.etcd_ol_image_name}"
label_prefix = "${var.label_prefix}"
shape = "${var.etcdShape}"
ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}"
network_cidrs = "${var.network_cidrs}"
subnet_id = "${module.vcn.etcd_subnet_ad1_id}"
subnet_name = "etcdSubnetAD1"
tenancy_ocid = "${var.compartment_ocid}"
etcd_docker_max_log_size = "${var.etcd_docker_max_log_size}"
etcd_docker_max_log_files = "${var.etcd_docker_max_log_files}"
etcd_iscsi_volume_create = "${var.etcd_iscsi_volume_create}"
etcd_iscsi_volume_size = "${var.etcd_iscsi_volume_size}"
assign_private_ip = "${var.etcd_maintain_private_ip == "true" ? "true": "false"}"
}
module "instances-etcd-ad2" {
source = "./instances/etcd"
count = "${var.etcdAd2Count}"
availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[1],"name")}"
compartment_ocid = "${var.compartment_ocid}"
control_plane_subnet_access = "${var.control_plane_subnet_access}"
display_name_prefix = "etcd-ad2"
domain_name = "${var.domain_name}"
etcd_discovery_url = "${template_file.etcd_discovery_url.id}"
etcd_ver = "${var.etcd_ver}"
hostname_label_prefix = "etcd-ad2"
oracle_linux_image_name = "${var.etcd_ol_image_name}"
label_prefix = "${var.label_prefix}"
shape = "${var.etcdShape}"
ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}"
network_cidrs = "${var.network_cidrs}"
subnet_id = "${module.vcn.etcd_subnet_ad2_id}"
subnet_name = "etcdSubnetAD2"
tenancy_ocid = "${var.compartment_ocid}"
etcd_docker_max_log_size = "${var.etcd_docker_max_log_size}"
etcd_docker_max_log_files = "${var.etcd_docker_max_log_files}"
etcd_iscsi_volume_create = "${var.etcd_iscsi_volume_create}"
etcd_iscsi_volume_size = "${var.etcd_iscsi_volume_size}"
assign_private_ip = "${var.etcd_maintain_private_ip == "true" ? "true": "false"}"
}
module "instances-etcd-ad3" {
source = "./instances/etcd"
count = "${var.etcdAd3Count}"
availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[2],"name")}"
compartment_ocid = "${var.compartment_ocid}"
control_plane_subnet_access = "${var.control_plane_subnet_access}"
display_name_prefix = "etcd-ad3"
docker_ver = "${var.docker_ver}"
domain_name = "${var.domain_name}"
etcd_discovery_url = "${template_file.etcd_discovery_url.id}"
etcd_ver = "${var.etcd_ver}"
hostname_label_prefix = "etcd-ad3"
oracle_linux_image_name = "${var.etcd_ol_image_name}"
label_prefix = "${var.label_prefix}"
shape = "${var.etcdShape}"
ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}"
network_cidrs = "${var.network_cidrs}"
subnet_id = "${module.vcn.etcd_subnet_ad3_id}"
subnet_name = "etcdSubnetAD3"
tenancy_ocid = "${var.compartment_ocid}"
etcd_docker_max_log_size = "${var.etcd_docker_max_log_size}"
etcd_docker_max_log_files = "${var.etcd_docker_max_log_files}"
etcd_iscsi_volume_create = "${var.etcd_iscsi_volume_create}"
etcd_iscsi_volume_size = "${var.etcd_iscsi_volume_size}"
assign_private_ip = "${var.etcd_maintain_private_ip == "true" ? "true": "false"}"
}
module "instances-k8smaster-ad1" {
source = "./instances/k8smaster"
count = "${var.k8sMasterAd1Count}"
api_server_cert_pem = "${module.k8s-tls.api_server_cert_pem}"
api_server_count = "${var.k8sMasterAd1Count + var.k8sMasterAd2Count + var.k8sMasterAd3Count}"
api_server_private_key_pem = "${module.k8s-tls.api_server_private_key_pem}"
availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
k8s_apiserver_token_admin = "${module.k8s-tls.api_server_admin_token}"
compartment_ocid = "${var.compartment_ocid}"
control_plane_subnet_access = "${var.control_plane_subnet_access}"
display_name_prefix = "k8s-master-ad1"
docker_ver = "${var.docker_ver}"
master_docker_max_log_size = "${var.master_docker_max_log_size}"
master_docker_max_log_files = "${var.master_docker_max_log_files}"
domain_name = "${var.domain_name}"
etcd_discovery_url = "${template_file.etcd_discovery_url.id}"
etcd_ver = "${var.etcd_ver}"
flannel_ver = "${var.flannel_ver}"
hostname_label_prefix = "k8s-master-ad1"
oracle_linux_image_name = "${var.master_ol_image_name}"
k8s_dashboard_ver = "${var.k8s_dashboard_ver}"
k8s_dns_ver = "${var.k8s_dns_ver}"
k8s_ver = "${var.k8s_ver}"
label_prefix = "${var.label_prefix}"
root_ca_pem = "${module.k8s-tls.root_ca_pem}"
root_ca_key = "${module.k8s-tls.root_ca_key}"
shape = "${var.k8sMasterShape}"
ssh_private_key = "${module.k8s-tls.ssh_private_key}"
ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}"
network_cidrs = "${var.network_cidrs}"
subnet_id = "${module.vcn.k8smaster_subnet_ad1_id}"
subnet_name = "masterSubnetAD1"
tenancy_ocid = "${var.compartment_ocid}"
cloud_controller_version = "${var.cloud_controller_version}"
cloud_controller_secret = "${module.oci-cloud-controller.cloud-provider-json}"
flexvolume_driver_version = "${var.flexvolume_driver_version}"
flexvolume_driver_secret = "${module.oci-flexvolume-driver.flex-volume-driver-yaml}"
volume_provisioner_version = "${var.volume_provisioner_version}"
volume_provisioner_secret = "${module.oci-volume-provisioner.volume-provisioner-yaml}"
assign_private_ip = "${var.master_maintain_private_ip}"
etcd_endpoints = "${local.etcd_endpoints}"
flannel_backend = "${var.flannel_backend}"
flannel_network_cidr = "${var.flannel_network_cidr}"
kubernetes_network_plugin = "${var.kubernetes_network_plugin}"
}
module "instances-k8smaster-ad2" {
source = "./instances/k8smaster"
count = "${var.k8sMasterAd2Count}"
api_server_cert_pem = "${module.k8s-tls.api_server_cert_pem}"
api_server_count = "${var.k8sMasterAd1Count + var.k8sMasterAd2Count + var.k8sMasterAd3Count}"
api_server_private_key_pem = "${module.k8s-tls.api_server_private_key_pem}"
availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[1],"name")}"
k8s_apiserver_token_admin = "${module.k8s-tls.api_server_admin_token}"
compartment_ocid = "${var.compartment_ocid}"
control_plane_subnet_access = "${var.control_plane_subnet_access}"
display_name_prefix = "k8s-master-ad2"
docker_ver = "${var.docker_ver}"
master_docker_max_log_size = "${var.master_docker_max_log_size}"
master_docker_max_log_files = "${var.master_docker_max_log_files}"
domain_name = "${var.domain_name}"
etcd_discovery_url = "${template_file.etcd_discovery_url.id}"
etcd_ver = "${var.etcd_ver}"
flannel_ver = "${var.flannel_ver}"
hostname_label_prefix = "k8s-master-ad2"
oracle_linux_image_name = "${var.master_ol_image_name}"
k8s_dashboard_ver = "${var.k8s_dashboard_ver}"
k8s_dns_ver = "${var.k8s_dns_ver}"
k8s_ver = "${var.k8s_ver}"
label_prefix = "${var.label_prefix}"
root_ca_pem = "${module.k8s-tls.root_ca_pem}"
root_ca_key = "${module.k8s-tls.root_ca_key}"
shape = "${var.k8sMasterShape}"
ssh_private_key = "${module.k8s-tls.ssh_private_key}"
ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}"
network_cidrs = "${var.network_cidrs}"
subnet_id = "${module.vcn.k8smaster_subnet_ad2_id}"
subnet_name = "masterSubnetAD2"
tenancy_ocid = "${var.compartment_ocid}"
cloud_controller_version = "${var.cloud_controller_version}"
cloud_controller_secret = "${module.oci-cloud-controller.cloud-provider-json}"
flexvolume_driver_version = "${var.flexvolume_driver_version}"
flexvolume_driver_secret = "${module.oci-flexvolume-driver.flex-volume-driver-yaml}"
volume_provisioner_version = "${var.volume_provisioner_version}"
volume_provisioner_secret = "${module.oci-volume-provisioner.volume-provisioner-yaml}"
assign_private_ip = "${var.master_maintain_private_ip}"
etcd_endpoints = "${local.etcd_endpoints}"
flannel_backend = "${var.flannel_backend}"
flannel_network_cidr = "${var.flannel_network_cidr}"
kubernetes_network_plugin = "${var.kubernetes_network_plugin}"
}
module "instances-k8smaster-ad3" {
source = "./instances/k8smaster"
count = "${var.k8sMasterAd3Count}"
api_server_cert_pem = "${module.k8s-tls.api_server_cert_pem}"
api_server_count = "${var.k8sMasterAd1Count + var.k8sMasterAd2Count + var.k8sMasterAd3Count}"
api_server_private_key_pem = "${module.k8s-tls.api_server_private_key_pem}"
availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[2],"name")}"
k8s_apiserver_token_admin = "${module.k8s-tls.api_server_admin_token}"
compartment_ocid = "${var.compartment_ocid}"
control_plane_subnet_access = "${var.control_plane_subnet_access}"
display_name_prefix = "k8s-master-ad3"
docker_ver = "${var.docker_ver}"
master_docker_max_log_size = "${var.master_docker_max_log_size}"
master_docker_max_log_files = "${var.master_docker_max_log_files}"
domain_name = "${var.domain_name}"
etcd_discovery_url = "${template_file.etcd_discovery_url.id}"
etcd_ver = "${var.etcd_ver}"
flannel_ver = "${var.flannel_ver}"
hostname_label_prefix = "k8s-master-ad3"
oracle_linux_image_name = "${var.master_ol_image_name}"
k8s_dashboard_ver = "${var.k8s_dashboard_ver}"
k8s_dns_ver = "${var.k8s_dns_ver}"
k8s_ver = "${var.k8s_ver}"
label_prefix = "${var.label_prefix}"
root_ca_pem = "${module.k8s-tls.root_ca_pem}"
root_ca_key = "${module.k8s-tls.root_ca_key}"
shape = "${var.k8sMasterShape}"
ssh_private_key = "${module.k8s-tls.ssh_private_key}"
ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}"
network_cidrs = "${var.network_cidrs}"
subnet_id = "${module.vcn.k8smaster_subnet_ad3_id}"
subnet_name = "masterSubnetAD3"
tenancy_ocid = "${var.compartment_ocid}"
cloud_controller_version = "${var.cloud_controller_version}"
cloud_controller_secret = "${module.oci-cloud-controller.cloud-provider-json}"
flexvolume_driver_version = "${var.flexvolume_driver_version}"
flexvolume_driver_secret = "${module.oci-flexvolume-driver.flex-volume-driver-yaml}"
volume_provisioner_version = "${var.volume_provisioner_version}"
volume_provisioner_secret = "${module.oci-volume-provisioner.volume-provisioner-yaml}"
assign_private_ip = "${var.master_maintain_private_ip}"
etcd_endpoints = "${local.etcd_endpoints}"
flannel_backend = "${var.flannel_backend}"
flannel_network_cidr = "${var.flannel_network_cidr}"
kubernetes_network_plugin = "${var.kubernetes_network_plugin}"
}
module "instances-k8sworker-ad1" {
source = "./instances/k8sworker"
count = "${var.k8sWorkerAd1Count}"
api_server_cert_pem = "${module.k8s-tls.api_server_cert_pem}"
api_server_private_key_pem = "${module.k8s-tls.api_server_private_key_pem}"
availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
compartment_ocid = "${var.compartment_ocid}"
display_name_prefix = "k8s-worker-ad1"
docker_ver = "${var.docker_ver}"
worker_docker_max_log_size = "${var.worker_docker_max_log_size}"
worker_docker_max_log_files = "${var.worker_docker_max_log_files}"
domain_name = "${var.domain_name}"
hostname_label_prefix = "k8s-worker-ad1"
oracle_linux_image_name = "${var.worker_ol_image_name}"
k8s_ver = "${var.k8s_ver}"
label_prefix = "${var.label_prefix}"
master_lb = "${local.master_lb_address}"
reverse_proxy_clount_init = "${local.reverse_proxy_clount_init}"
reverse_proxy_setup = "${local.reverse_proxy_setup}"
region = "${var.region}"
root_ca_key = "${module.k8s-tls.root_ca_key}"
root_ca_pem = "${module.k8s-tls.root_ca_pem}"
shape = "${var.k8sWorkerShape}"
ssh_private_key = "${module.k8s-tls.ssh_private_key}"
ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}"
subnet_id = "${module.vcn.k8worker_subnet_ad1_id}"
tenancy_ocid = "${var.compartment_ocid}"
flexvolume_driver_version = "${var.flexvolume_driver_version}"
worker_iscsi_volume_create = "${var.worker_iscsi_volume_create}"
worker_iscsi_volume_size = "${var.worker_iscsi_volume_size}"
worker_iscsi_volume_mount = "${var.worker_iscsi_volume_mount}"
flannel_network_cidr = "${var.flannel_network_cidr}"
}
module "instances-k8sworker-ad2" {
source = "./instances/k8sworker"
count = "${var.k8sWorkerAd2Count}"
api_server_cert_pem = "${module.k8s-tls.api_server_cert_pem}"
api_server_private_key_pem = "${module.k8s-tls.api_server_private_key_pem}"
availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[1],"name")}"
compartment_ocid = "${var.compartment_ocid}"
display_name_prefix = "k8s-worker-ad2"
docker_ver = "${var.docker_ver}"
worker_docker_max_log_size = "${var.worker_docker_max_log_size}"
worker_docker_max_log_files = "${var.worker_docker_max_log_files}"
domain_name = "${var.domain_name}"
hostname_label_prefix = "k8s-worker-ad2"
oracle_linux_image_name = "${var.worker_ol_image_name}"
k8s_ver = "${var.k8s_ver}"
label_prefix = "${var.label_prefix}"
master_lb = "${local.master_lb_address}"
reverse_proxy_clount_init = "${local.reverse_proxy_clount_init}"
reverse_proxy_setup = "${local.reverse_proxy_setup}"
region = "${var.region}"
root_ca_key = "${module.k8s-tls.root_ca_key}"
root_ca_pem = "${module.k8s-tls.root_ca_pem}"
shape = "${var.k8sWorkerShape}"
ssh_private_key = "${module.k8s-tls.ssh_private_key}"
ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}"
subnet_id = "${module.vcn.k8worker_subnet_ad2_id}"
tenancy_ocid = "${var.compartment_ocid}"
flexvolume_driver_version = "${var.flexvolume_driver_version}"
worker_iscsi_volume_create = "${var.worker_iscsi_volume_create}"
worker_iscsi_volume_size = "${var.worker_iscsi_volume_size}"
worker_iscsi_volume_mount = "${var.worker_iscsi_volume_mount}"
flannel_network_cidr = "${var.flannel_network_cidr}"
}
module "instances-k8sworker-ad3" {
source = "./instances/k8sworker"
count = "${var.k8sWorkerAd3Count}"
api_server_cert_pem = "${module.k8s-tls.api_server_cert_pem}"
api_server_private_key_pem = "${module.k8s-tls.api_server_private_key_pem}"
availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[2],"name")}"
compartment_ocid = "${var.compartment_ocid}"
display_name_prefix = "k8s-worker-ad3"
docker_ver = "${var.docker_ver}"
worker_docker_max_log_size = "${var.worker_docker_max_log_size}"
worker_docker_max_log_files = "${var.worker_docker_max_log_files}"
domain_name = "${var.domain_name}"
hostname_label_prefix = "k8s-worker-ad3"
oracle_linux_image_name = "${var.worker_ol_image_name}"
k8s_ver = "${var.k8s_ver}"
label_prefix = "${var.label_prefix}"
master_lb = "${local.master_lb_address}"
reverse_proxy_clount_init = "${local.reverse_proxy_clount_init}"
reverse_proxy_setup = "${local.reverse_proxy_setup}"
region = "${var.region}"
root_ca_key = "${module.k8s-tls.root_ca_key}"
root_ca_pem = "${module.k8s-tls.root_ca_pem}"
shape = "${var.k8sWorkerShape}"
ssh_private_key = "${module.k8s-tls.ssh_private_key}"
ssh_public_key_openssh = "${module.k8s-tls.ssh_public_key_openssh}"
subnet_id = "${module.vcn.k8worker_subnet_ad3_id}"
tenancy_ocid = "${var.compartment_ocid}"
flexvolume_driver_version = "${var.flexvolume_driver_version}"
worker_iscsi_volume_create = "${var.worker_iscsi_volume_create}"
worker_iscsi_volume_size = "${var.worker_iscsi_volume_size}"
worker_iscsi_volume_mount = "${var.worker_iscsi_volume_mount}"
flannel_network_cidr = "${var.flannel_network_cidr}"
}
### Load Balancers
module "etcd-lb" {
source = "./network/loadbalancers/etcd"
etcd_lb_enabled = "${var.etcd_lb_enabled}"
compartment_ocid = "${var.compartment_ocid}"
is_private = "${var.etcd_lb_access == "private" ? "true": "false"}"
# Handle case where var.etcd_lb_access=public, but var.control_plane_subnet_access=private
etcd_subnet_0_id = "${var.etcd_lb_access == "private" ? module.vcn.etcd_subnet_ad1_id: coalesce(join(" ", module.vcn.public_subnet_ad1_id), join(" ", list(module.vcn.etcd_subnet_ad1_id)))}"
etcd_subnet_1_id = "${var.etcd_lb_access == "private" ? "": coalesce(join(" ", module.vcn.public_subnet_ad2_id), join(" ", list(module.vcn.etcd_subnet_ad2_id)))}"
etcd_ad1_private_ips = "${module.instances-etcd-ad1.private_ips}"
etcd_ad2_private_ips = "${module.instances-etcd-ad2.private_ips}"
etcd_ad3_private_ips = "${module.instances-etcd-ad3.private_ips}"
etcdAd1Count = "${var.etcdAd1Count}"
etcdAd2Count = "${var.etcdAd2Count}"
etcdAd3Count = "${var.etcdAd3Count}"
label_prefix = "${var.label_prefix}"
shape = "${var.etcdLBShape}"
}
module "k8smaster-public-lb" {
source = "./network/loadbalancers/k8smaster"
master_oci_lb_enabled = "${var.master_oci_lb_enabled}"
compartment_ocid = "${var.compartment_ocid}"
is_private = "${var.k8s_master_lb_access == "private" ? "true": "false"}"
# Handle case where var.k8s_master_lb_access=public, but var.control_plane_subnet_access=private
k8smaster_subnet_0_id = "${var.k8s_master_lb_access == "private" ? module.vcn.k8smaster_subnet_ad1_id: coalesce(join(" ", module.vcn.public_subnet_ad1_id), join(" ", list(module.vcn.k8smaster_subnet_ad1_id)))}"
k8smaster_subnet_1_id = "${var.k8s_master_lb_access == "private" ? "": coalesce(join(" ", module.vcn.public_subnet_ad2_id), join(" ", list(module.vcn.k8smaster_subnet_ad2_id)))}"
k8smaster_ad1_private_ips = "${module.instances-k8smaster-ad1.private_ips}"
k8smaster_ad2_private_ips = "${module.instances-k8smaster-ad2.private_ips}"
k8smaster_ad3_private_ips = "${module.instances-k8smaster-ad3.private_ips}"
k8sMasterAd1Count = "${var.k8sMasterAd1Count}"
k8sMasterAd2Count = "${var.k8sMasterAd2Count}"
k8sMasterAd3Count = "${var.k8sMasterAd3Count}"
label_prefix = "${var.label_prefix}"
shape = "${var.k8sMasterLBShape}"
}
module "reverse-proxy" {
source = "./network/loadbalancers/reverse-proxy"
hosts = "${concat(module.instances-k8smaster-ad1.private_ips,module.instances-k8smaster-ad2.private_ips, module.instances-k8smaster-ad3.private_ips)}"
}
module "kubeconfig" {
source = "./kubernetes/kubeconfig"
api_server_private_key_pem = "${module.k8s-tls.api_server_private_key_pem}"
api_server_cert_pem = "${module.k8s-tls.api_server_cert_pem}"
k8s_master = "${var.master_oci_lb_enabled == "true" ? local.master_lb_address : format("https://%s:%s", element(coalescelist(module.instances-k8smaster-ad1.public_ips, module.instances-k8smaster-ad2.public_ips, module.instances-k8smaster-ad3.public_ips), 0), "443")}"
}