From 0ca08d2ac3386058e54ee226402ee4e62fb38b18 Mon Sep 17 00:00:00 2001
From: Vargha Csongor <Culisa1023@gmail.com>
Date: Sun, 3 Mar 2024 16:28:04 +0100
Subject: [PATCH] Add oke and nlb to managed cluster

---
 oci-managed/main.tf            | 24 ++++++++++++++++++++
 oci-managed/nlb/data.tf        |  8 +++++++
 oci-managed/nlb/output.tf      |  0
 oci-managed/nlb/provider.tf    |  5 +++++
 oci-managed/nlb/traefik.tf     | 20 +++++++++++++++++
 oci-managed/nlb/variables.tf   | 41 ++++++++++++++++++++++++++++++++++
 oci-managed/oke/cluster.tf     | 23 +++++++++++++++++++
 oci-managed/oke/data.tf        | 14 ++++++++++++
 oci-managed/oke/node_pool.tf   | 34 ++++++++++++++++++++++++++++
 oci-managed/oke/output.tf      |  7 ++++++
 oci-managed/oke/variables.tf   | 37 ++++++++++++++++++++++++++++++
 oci-managed/provider.tf        | 14 +++++++-----
 oci-managed/snet/output.tf     |  7 ++++++
 oci-managed/traefik-values.yml |  0
 oci-managed/variables.tf       |  6 ++---
 15 files changed, 231 insertions(+), 9 deletions(-)
 create mode 100644 oci-managed/nlb/data.tf
 create mode 100644 oci-managed/nlb/output.tf
 create mode 100644 oci-managed/nlb/provider.tf
 create mode 100644 oci-managed/nlb/traefik.tf
 create mode 100644 oci-managed/nlb/variables.tf
 create mode 100644 oci-managed/oke/cluster.tf
 create mode 100644 oci-managed/oke/data.tf
 create mode 100644 oci-managed/oke/node_pool.tf
 create mode 100644 oci-managed/oke/output.tf
 create mode 100644 oci-managed/oke/variables.tf
 create mode 100644 oci-managed/traefik-values.yml

diff --git a/oci-managed/main.tf b/oci-managed/main.tf
index cf32140..c6858c8 100644
--- a/oci-managed/main.tf
+++ b/oci-managed/main.tf
@@ -30,3 +30,27 @@ module "snet" {
   vcn_nat_route_id = module.vcn.vcn_nat_route_table_id
   vcn_ig_route_id  = module.vcn.vcn_ig_route_table_id
 }
+
+module "oke" {
+  source = "./oke"
+
+  compartment_ocid = var.compartment_ocid
+  cluster_name     = var.cluster_name
+  environment      = var.environment
+
+  vcn_id                    = module.vcn.vcn_id
+  vcn_public_subnet_id      = module.snet.public_subnet_id
+  vcn_private_subnet_id     = module.snet.private_subnet_id
+  node_availability_domains = [var.availability_domain]
+  node_pool_size            = var.node_pool_size
+  ssh_public_key            = var.public_key_path
+}
+
+module "nlb" {
+  source = "./nlb"
+
+  compartment_ocid = var.compartment_ocid
+  cluster_ocid     = module.oke.cluster_ocid
+  cluster_public_endpoint = module.oke.public_endpoint
+  values_file = "traefik-values.yaml"
+}
diff --git a/oci-managed/nlb/data.tf b/oci-managed/nlb/data.tf
new file mode 100644
index 0000000..f9a68f6
--- /dev/null
+++ b/oci-managed/nlb/data.tf
@@ -0,0 +1,8 @@
+data "oci_containerengine_cluster_kube_config" "cluster_kube_config" {
+    #Required
+    cluster_id = var.cluster_ocid
+
+    #Optional
+    endpoint = var.cluster_public_endpoint
+    token_version = "2.0.0"
+}
\ No newline at end of file
diff --git a/oci-managed/nlb/output.tf b/oci-managed/nlb/output.tf
new file mode 100644
index 0000000..e69de29
diff --git a/oci-managed/nlb/provider.tf b/oci-managed/nlb/provider.tf
new file mode 100644
index 0000000..c772223
--- /dev/null
+++ b/oci-managed/nlb/provider.tf
@@ -0,0 +1,5 @@
+provider "helm" {
+  kubernetes {
+    config_path = "~/.kube/config"
+  }
+}
\ No newline at end of file
diff --git a/oci-managed/nlb/traefik.tf b/oci-managed/nlb/traefik.tf
new file mode 100644
index 0000000..28e2e53
--- /dev/null
+++ b/oci-managed/nlb/traefik.tf
@@ -0,0 +1,20 @@
+resource "helm_release" "traefik" {
+  namespace        = "traefik-loadbalancer"
+  create_namespace = true
+  name             = "traefik"
+  repository       = "https://traefik.github.io/charts"
+  chart            = "traefik"
+  version          = var.traefik_chart_version
+
+  # Helm chart deployment can sometimes take longer than the default 5 minutes
+  timeout = var.timeout_seconds
+
+  # If values file specified by the var.values_file input variable exists then apply the values from this file
+  # else apply the default values from the chart
+  values = [fileexists("${path.root}/${var.values_file}") == true ? file("${path.root}/${var.values_file}") : ""]
+
+  set {
+    name  = "deployment.replicas"
+    value = var.replica_count
+  }
+}
\ No newline at end of file
diff --git a/oci-managed/nlb/variables.tf b/oci-managed/nlb/variables.tf
new file mode 100644
index 0000000..dc573bb
--- /dev/null
+++ b/oci-managed/nlb/variables.tf
@@ -0,0 +1,41 @@
+variable "compartment_ocid" {}
+variable "environment" {
+  default = "prod"
+}
+variable "cluster_ocid" {
+  type = string
+}
+variable "cluster_public_endpoint" {
+  type = string
+}
+
+variable "namespace" {
+  description = "Namespace to install traefik chart into"
+  type        = string
+  default     = "traefik"
+}
+
+variable "traefik_chart_version" {
+  description = "Version of Traefik chart to install"
+  type        = string
+  default     = "21.1.0" # See https://artifacthub.io/packages/helm/traefik/traefik for latest version(s)
+}
+
+# Helm chart deployment can sometimes take longer than the default 5 minutes
+variable "timeout_seconds" {
+  type        = number
+  description = "Helm chart deployment can sometimes take longer than the default 5 minutes. Set a custom timeout here."
+  default     = 800 # 10 minutes
+}
+
+variable "replica_count" {
+  description = "Number of replica pods to create"
+  type        = number
+  default     = 1
+}
+
+variable "values_file" {
+  description = "The name of the traefik helmchart values file to use"
+  type        = string
+  default     = "values.yaml"
+}
diff --git a/oci-managed/oke/cluster.tf b/oci-managed/oke/cluster.tf
new file mode 100644
index 0000000..860f652
--- /dev/null
+++ b/oci-managed/oke/cluster.tf
@@ -0,0 +1,23 @@
+resource "oci_containerengine_cluster" "k8s_cluster" {
+  compartment_id     = var.compartment_ocid
+  kubernetes_version = var.kubernetes_version
+  name               = "${var.cluster_name}-${var.environment}-cluster"
+  vcn_id             = var.vcn_id
+
+  endpoint_config {
+    is_public_ip_enabled = true
+    subnet_id            = var.vcn_public_subnet_id
+  }
+
+  options {
+    add_ons {
+      is_kubernetes_dashboard_enabled = var.kubernetes_dashboard_enabled
+      is_tiller_enabled               = var.tiller_enabled
+    }
+    kubernetes_network_config {
+      pods_cidr     = "10.244.0.0/16"
+      services_cidr = "10.96.0.0/16"
+    }
+    service_lb_subnet_ids = [var.vcn_public_subnet_id]
+  }
+}
diff --git a/oci-managed/oke/data.tf b/oci-managed/oke/data.tf
new file mode 100644
index 0000000..d740f20
--- /dev/null
+++ b/oci-managed/oke/data.tf
@@ -0,0 +1,14 @@
+data "oci_identity_availability_domains" "ads" {
+  compartment_id = var.compartment_ocid
+}
+
+data "oci_core_images" "latest_image" {
+  compartment_id = var.compartment_ocid
+  operating_system = "Oracle Linux"
+  operating_system_version = "8.8"
+  filter {
+    name   = "display_name"
+    values = ["^.*aarch64-.*$"]
+    regex = true
+  }
+}
diff --git a/oci-managed/oke/node_pool.tf b/oci-managed/oke/node_pool.tf
new file mode 100644
index 0000000..241fd61
--- /dev/null
+++ b/oci-managed/oke/node_pool.tf
@@ -0,0 +1,34 @@
+resource "oci_containerengine_node_pool" "k8s_node_pool" {
+  cluster_id         = oci_containerengine_cluster.k8s_cluster.id
+  compartment_id     = var.compartment_ocid
+  kubernetes_version = var.kubernetes_version
+  name               = "${var.cluster_name}-${var.environment}-arm-node-pool"
+  node_config_details {
+    dynamic "placement_configs" {
+      for_each = var.node_availability_domains
+      content {
+        availability_domain = placement_configs.value
+        subnet_id           = var.vcn_private_subnet_id
+      }
+    }
+    size = var.node_pool_size
+  }
+  node_shape = "VM.Standard.A1.Flex"
+
+  node_shape_config {
+    memory_in_gbs = 12
+    ocpus         = 2
+  }
+
+  node_source_details {
+    image_id    = data.oci_core_images.latest_image.images.0.id
+    source_type = "image"
+  }
+
+  initial_node_labels {
+    key   = "name"
+    value = "${var.cluster_name}-${var.environment}-cluster"
+  }
+
+  ssh_public_key = file(var.ssh_public_key)
+}
diff --git a/oci-managed/oke/output.tf b/oci-managed/oke/output.tf
new file mode 100644
index 0000000..fa41171
--- /dev/null
+++ b/oci-managed/oke/output.tf
@@ -0,0 +1,7 @@
+output "cluster_ocid" {
+  value = oci_containerengine_cluster.k8s_cluster.id
+}
+
+output "public_endpoint" {
+  value = one(oci_containerengine_cluster.k8s_cluster.endpoints)
+}
\ No newline at end of file
diff --git a/oci-managed/oke/variables.tf b/oci-managed/oke/variables.tf
new file mode 100644
index 0000000..9893794
--- /dev/null
+++ b/oci-managed/oke/variables.tf
@@ -0,0 +1,37 @@
+variable "compartment_ocid" {}
+variable "cluster_name" {
+  type = string
+}
+variable "environment" {
+  default = "prod"
+}
+
+variable "kubernetes_version" {
+  default = "v1.28.2"
+}
+variable "ssh_public_key" {
+  type = string
+}
+variable "node_availability_domains" {
+  type    = list(string)
+  default = data.oci_identity_availability_domains.ads.availability_domains[*].name
+}
+variable "node_pool_size" {
+  type    = number
+  default = 2
+}
+variable "kubernetes_dashboard_enabled" {
+  default = false
+}
+variable "tiller_enabled" {
+  default = false
+}
+
+variable "vcn_id" {}
+variable "vcn_public_subnet_id" {
+  type = string
+}
+variable "vcn_private_subnet_id" {
+  type = string
+}
+
diff --git a/oci-managed/provider.tf b/oci-managed/provider.tf
index b470495..f252b22 100644
--- a/oci-managed/provider.tf
+++ b/oci-managed/provider.tf
@@ -4,14 +4,18 @@ terraform {
       source  = "oracle/oci"
       version = ">= 5.30.0"
     }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.12.1"
+    }
   }
 }
 
 provider "oci" {
-  tenancy_ocid         = var.tenancy_ocid
-  user_ocid            = var.user_ocid
-  private_key_path = pathexpand(var.private_key_path)
-  fingerprint          = var.fingerprint
-  region               = var.region
+  tenancy_ocid           = var.tenancy_ocid
+  user_ocid              = var.user_ocid
+  private_key_path       = pathexpand(var.private_key_path)
+  fingerprint            = var.fingerprint
+  region                 = var.region
   retry_duration_seconds = 120
 }
diff --git a/oci-managed/snet/output.tf b/oci-managed/snet/output.tf
index e69de29..6f5bab3 100644
--- a/oci-managed/snet/output.tf
+++ b/oci-managed/snet/output.tf
@@ -0,0 +1,7 @@
+output "public_subnet_id" {
+  value = oci_core_subnet.vcn_public_subnet.id
+}
+
+output "private_subnet_id" {
+  value = oci_core_subnet.vcn_private_subnet.id
+}
\ No newline at end of file
diff --git a/oci-managed/traefik-values.yml b/oci-managed/traefik-values.yml
new file mode 100644
index 0000000..e69de29
diff --git a/oci-managed/variables.tf b/oci-managed/variables.tf
index c3b960e..0b6e35c 100644
--- a/oci-managed/variables.tf
+++ b/oci-managed/variables.tf
@@ -12,12 +12,10 @@ variable "certmanager_email_address" {}
 variable "region" {}
 variable "public_key_path" {}
 
-variable "k3s_server_pool_size" {
-  default = 2
-}
-variable "k3s_worker_pool_size" {
+variable "node_pool_size" {
   default = 2
 }
+
 variable "k3s_extra_worker_node" {
   default = false
 }