Skip to content

Commit

Permalink
feat: Refactor post-provisioning operations (#12)
Browse files Browse the repository at this point in the history
- Move post-provisioning operations from terraform-oci-always-free-oke module to examples/private-cluster/modules

#patch
  • Loading branch information
ystory authored Jun 4, 2023
1 parent 698814f commit ce75b69
Show file tree
Hide file tree
Showing 20 changed files with 80 additions and 79 deletions.
31 changes: 27 additions & 4 deletions examples/private-cluster/main.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
module "tls" {
source = "./modules/tls"

count = var.create_ssh_key_pair == true ? 1 : 0
}

module "free_k8s" {
source = "../../"
# version = "0.0.5"
source = "../../"
# version = "0.0.5"

tenancy_id = var.tenancy_id
home_region = var.home_region
Expand All @@ -12,9 +18,26 @@ module "free_k8s" {
control_plane_type = "private"
control_plane_allowed_cidrs = ["0.0.0.0/0"]

create_ssh_key_pair = true

providers = {
oci.home = oci.home
}
}

module "kubernetes" {
source = "./modules/kubernetes"

control_plane_bastion_service_id = module.free_k8s.bastion_ids["cp"]
workers_bastion_service_id = module.free_k8s.bastion_ids["workers"]

# ssh keys
ssh_private_key = var.create_ssh_key_pair ? chomp(module.tls[0].ssh_private_key) : var.ssh_private_key
ssh_private_key_path = var.ssh_private_key_path
ssh_public_key = var.create_ssh_key_pair ? chomp(module.tls[0].ssh_public_key) : var.ssh_public_key
ssh_public_key_path = var.ssh_public_key_path


cluster_id = module.free_k8s.cluster_id
cluster_endpoints = module.free_k8s.cluster_endpoints

region = var.region
}
Original file line number Diff line number Diff line change
@@ -1,55 +1,38 @@
variable "always_run_bastion_tunnel" {
description = "A boolean variable to decide whether to always trigger the bastion_tunnel null_resource on each 'terraform apply'. Set to 'true' to always trigger, and 'false' to maintain the trigger state."
default = true
}

locals {
trigger_value_bastion_tunnel = var.always_run_bastion_tunnel ? uuid() : ""
}

resource "null_resource" "bastion_tunnel" {
depends_on = [null_resource.kubeconfig, local_file.bastion_tunnel]

triggers = {
always_run = local.trigger_value_bastion_tunnel
always_run = uuid()
}

provisioner "local-exec" {
command = "${path.root}/cluster_access.sh"
command = local_file.bastion_tunnel.filename
}

count = local.post_provisioning_ops_enabled ? 1 : 0
}

resource "local_file" "bastion_tunnel" {
depends_on = [local_file.id_rsa, local_file.id_rsa_pub]
content = templatefile("${path.module}/scripts/create_bastion_tunnel_template.sh",
{
bastion_id = var.control_plane_bastion_service_id
public_key_file = local_file.id_rsa_pub[0].filename
private_key_file = local_file.id_rsa[0].filename
public_key_file = local_file.id_rsa_pub.filename
private_key_file = local_file.id_rsa.filename
cluster_ip = local.private_endpoint_ip
cluster_port = local.private_endpoint_port
region = var.region
}
)
filename = "${path.root}/cluster_access.sh"

count = local.post_provisioning_ops_enabled ? 1 : 0
filename = "${path.root}/connect_to_cluster.sh"
}

resource "local_file" "id_rsa" {
content = local.ssh_private_key
filename = "${path.root}/id_rsa"
file_permission = "0600"

count = local.post_provisioning_ops_enabled ? 1 : 0
}

resource "local_file" "id_rsa_pub" {
content = local.ssh_authorized_keys
filename = "${path.root}/id_rsa.pub"
file_permission = "0600"

count = local.post_provisioning_ops_enabled ? 1 : 0
}
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,16 @@ resource "null_resource" "ingress_nginx" {

provisioner "local-exec" {
when = destroy
command = "kubectl --kubeconfig ~/.kube/ociconfig delete -f ${path.module}/resources/ingress-nginx-deployment.yaml"
command = "${path.root}/create_kubeconfig.sh"
}

provisioner "local-exec" {
when = destroy
command = "${path.root}/connect_to_cluster.sh"
}

count = local.post_provisioning_ops_enabled ? 1 : 0
provisioner "local-exec" {
when = destroy
command = "kubectl --kubeconfig ~/.kube/ociconfig delete -f ${path.module}/resources/ingress-nginx-deployment.yaml"
}
}
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
resource "null_resource" "kubeconfig" {
depends_on = [local_file.create_kubeconfig]

provisioner "local-exec" {
command = "${path.root}/create_kubeconfig.sh"
triggers = {
always_run = uuid()
}

count = local.post_provisioning_ops_enabled ? 1 : 0
provisioner "local-exec" {
command = local_file.create_kubeconfig.filename
}
}

resource "local_file" "create_kubeconfig" {
Expand All @@ -17,6 +19,4 @@ resource "local_file" "create_kubeconfig" {
}
)
filename = "${path.root}/create_kubeconfig.sh"

count = local.post_provisioning_ops_enabled ? 1 : 0
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
locals {
# TODO
post_provisioning_ops_enabled = true

private_endpoint_ip = split(":", element(var.cluster_endpoints, 0)["private_endpoint"])[0]
private_endpoint_port = split(":", element(var.cluster_endpoints, 0)["private_endpoint"])[1]

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,18 @@
# Create a port-forwarding session on the bastion
oci_bastion_session_create() {
oci bastion session create-port-forwarding \
--bastion-id "${bastion_id}" \
--bastion-id ${bastion_id} \
--display-name oke-tunnel \
--ssh-public-key-file "${public_key_file}" \
--ssh-public-key-file ${public_key_file} \
--key-type PUB \
--target-private-ip "${cluster_ip}" \
--target-port "${cluster_port}" \
--target-private-ip ${cluster_ip} \
--target-port ${cluster_port} \
--session-ttl 10800
}

oci_bastion_session_list() {
oci bastion session list \
--bastion-id "${bastion_id}" \
--bastion-id ${bastion_id} \
--display-name oke-tunnel \
--limit 1 \
--session-lifecycle-state ACTIVE \
Expand All @@ -25,7 +25,7 @@ oci_bastion_session_list() {

oci_bastion_session_state() {
session_id="$1"
oci bastion session get --session-id "$session_id" |
oci bastion session get --session-id $session_id |
jq -r '.data."lifecycle-state"'
}

Expand Down Expand Up @@ -56,7 +56,7 @@ oci_bastion_session_init() {
sleep 10
fi

echo >&2 "$state"
echo >&2 "$state $session_id"
}

oci_bastion_session_init
Expand All @@ -65,10 +65,10 @@ oci_bastion_session_init
if lsof -t -i:6443; then
kill "$(lsof -t -i:6443)"
fi
nohup ssh -i "${private_key_file}" \
nohup ssh -i ${private_key_file} \
-o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa \
-N -L 6443:"${cluster_ip}:${cluster_port}" \
-N -L 6443:${cluster_ip}:${cluster_port} \
-p 22 \
-o StrictHostKeyChecking=no \
"$session_id"@host.bastion."${region}".oci.oraclecloud.com >/dev/null 2>&1 &
"$session_id"@host.bastion.${region}.oci.oraclecloud.com >/dev/null 2>&1 &
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,13 @@ resource "null_resource" "create_service_account" {
command = "kubectl --kubeconfig ~/.kube/ociconfig apply -f ${path.module}/resources/oke-admin-service-account-token.yaml"
}

count = local.post_provisioning_ops_enabled ? 1 : 0
provisioner "local-exec" {
when = destroy
command = "kubectl --kubeconfig ~/.kube/ociconfig delete -f ${path.module}/resources/oke-admin-service-account-token.yaml"
}

provisioner "local-exec" {
when = destroy
command = "kubectl --kubeconfig ~/.kube/ociconfig delete -f ${path.module}/resources/oke-admin-service-account.yaml"
}
}
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
1 change: 1 addition & 0 deletions examples/private-cluster/terraform.tfvars.example
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ region = ""
home_region = ""

# SSH keys
create_ssh_key_pair = ""
# ssh_private_key = <<EOT
#-----BEGIN RSA PRIVATE KEY-----
#content+of+api+key
Expand Down
6 changes: 6 additions & 0 deletions examples/private-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,12 @@ variable "user_id" {
}

# ssh keys
variable "create_ssh_key_pair" {
default = false
description = "Whether to create an SSH key pair. If set to true, a new SSH key pair is created."
type = bool
}

variable "ssh_private_key" {
default = ""
description = "The contents of the private ssh key file, optionally base64-encoded."
Expand Down
28 changes: 2 additions & 26 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,6 @@ module "compartment" {
name = var.name
}

module "tls" {
source = "./modules/tls"

count = var.create_ssh_key_pair == true ? 1 : 0
}

module "oke" {
source = "oracle-terraform-modules/oke/oci"
version = "4.5.9"
Expand All @@ -20,9 +14,9 @@ module "oke" {
home_region = var.home_region

# ssh keys
ssh_private_key = var.create_ssh_key_pair ? chomp(module.tls[0].ssh_private_key) : var.ssh_private_key
ssh_private_key = var.ssh_private_key
ssh_private_key_path = var.ssh_private_key_path
ssh_public_key = var.create_ssh_key_pair ? chomp(module.tls[0].ssh_public_key) : var.ssh_public_key
ssh_public_key = var.ssh_public_key
ssh_public_key_path = var.ssh_public_key_path

# general oci parameters
Expand Down Expand Up @@ -99,21 +93,3 @@ module "bastion_service_workers" {
bastion_service_target_subnet = module.oke.subnet_ids["workers"]
vcn_id = module.oke.vcn_id
}

module "kubernetes" {
source = "./modules/kubernetes"

control_plane_bastion_service_id = module.bastion_service_control_plane.bastion_id
workers_bastion_service_id = module.bastion_service_workers.bastion_id

# ssh keys
ssh_private_key = var.create_ssh_key_pair ? chomp(module.tls[0].ssh_private_key) : var.ssh_private_key
ssh_private_key_path = var.ssh_private_key_path
ssh_public_key = var.create_ssh_key_pair ? chomp(module.tls[0].ssh_public_key) : var.ssh_public_key
ssh_public_key_path = var.ssh_public_key_path

cluster_id = module.oke.cluster_id
cluster_endpoints = module.oke.cluster_endpoints

region = var.region
}
5 changes: 5 additions & 0 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
output "cluster_id" {
description = "ID of the Kubernetes cluster"
value = module.oke.cluster_id
}

output "cluster_endpoints" {
description = "Endpoints for the Kubernetes cluster"
value = module.oke.cluster_endpoints
Expand Down
6 changes: 0 additions & 6 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,6 @@ variable "label_prefix" {
}

# SSH keys
variable "create_ssh_key_pair" {
default = false
description = "Whether to create an SSH key pair. If set to true, a new SSH key pair is created."
type = bool
}

variable "ssh_private_key" {
default = ""
description = "The contents of the private ssh key file, optionally base64-encoded."
Expand Down

0 comments on commit ce75b69

Please sign in to comment.