Skip to content

Commit

Permalink
feat(infrastructure): Initial infrastructure
Browse files Browse the repository at this point in the history
  • Loading branch information
junaiditg committed Sep 15, 2023
1 parent 2be8c29 commit 13b04de
Show file tree
Hide file tree
Showing 11 changed files with 406 additions and 0 deletions.
53 changes: 53 additions & 0 deletions .github/workflows/terraform-infrastructure.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@

name: 01 - Deploy Core Infrastructure Changes

on:
workflow_dispatch:

jobs:
build:
name: Build Infrastructure
runs-on: ubuntu-latest
env:
TF_VAR_compartment_ocid: ${{ secrets.OCI_COMPARTMENT_OCID }}
TF_VAR_fingerprint: ${{ secrets.OCI_CLI_FINGERPRINT }}
TF_VAR_private_key: ${{ secrets.OCI_CLI_KEY_CONTENT }}
TF_VAR_region: ${{ secrets.OCI_CLI_REGION }}
TF_VAR_tenancy_ocid: ${{ secrets.OCI_CLI_TENANCY }}
TF_VAR_user_ocid: ${{ secrets.OCI_CLI_USER }}
TF_VAR_ssh_public_key: ${{ secrets.JUNAID_SSH_PUBLIC_KEY }}
TF_VAR_project: junaid
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
working_directory: ./terraform/01-infrastructure/

defaults:
run:
working-directory: ${{env.working_directory}}

steps:
- name: Check out code
uses: actions/checkout@v2

- name: Terraform Setup
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.3

- name: Terraform fmt
id: fmt
run: terraform fmt -check
continue-on-error: true

- name: Terraform Init
id: init
run: terraform init

- name: Terraform Validate
id: validate
run: terraform validate -no-color

- name: Terraform Plan
id: apply
run: terraform apply -auto-approve -no-color

15 changes: 15 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,18 @@
node_modules/
*.log
.DS_Store
.terraform.lock.hcl
*.tfstate
*.tfstate.*
*.tfvars
.terraformrc
terraform.rc
override.tf
override.tf.json
*_override.tf
*_override.tf.json
terraform-states_bucket_credentials
.terraform/
data/
crash.log
crash.*.log
1 change: 1 addition & 0 deletions terraform/01-infrastructure/.terraform-version
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1.5.3
83 changes: 83 additions & 0 deletions terraform/01-infrastructure/cluster.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
resource "oci_containerengine_cluster" "k8s_cluster" {
compartment_id = var.compartment_ocid
kubernetes_version = "v1.27.2"
name = "${var.project}-cluster"
vcn_id = module.vcn.vcn_id

endpoint_config {
is_public_ip_enabled = true
subnet_id = oci_core_subnet.vcn_public_subnet.id
}

options {
add_ons {
is_kubernetes_dashboard_enabled = false
is_tiller_enabled = false
}
kubernetes_network_config {
pods_cidr = "10.244.0.0/16"
services_cidr = "10.96.0.0/16"
}
service_lb_subnet_ids = [oci_core_subnet.vcn_public_subnet.id]
}
}

data "oci_identity_availability_domains" "ads" {
compartment_id = var.compartment_ocid
}

locals {
azs = data.oci_identity_availability_domains.ads.availability_domains[*].name
}

data "oci_core_images" "latest_image" {
compartment_id = var.compartment_ocid
operating_system = "Oracle Linux"
operating_system_version = "8"
filter {
name = "display_name"
values = ["^.*aarch64-.*$"]
regex = true
}
}

resource "oci_containerengine_node_pool" "k8s_node_pool" {
cluster_id = oci_containerengine_cluster.k8s_cluster.id
compartment_id = var.compartment_ocid
kubernetes_version = "v1.27.2"
name = "${var.project}-node-pool"
node_config_details {
dynamic "placement_configs" {
for_each = local.azs
content {
availability_domain = placement_configs.value
subnet_id = oci_core_subnet.vcn_private_subnet.id
}
}
size = 4
}
node_shape = "VM.Standard.A1.Flex"

node_shape_config {
memory_in_gbs = 6
ocpus = 1
}

node_source_details {
image_id = data.oci_core_images.latest_image.images.0.id
source_type = "image"
}

lifecycle {
ignore_changes = [
kubernetes_version,
defined_tags,
node_metadata,
node_config_details[0].placement_configs,
node_source_details
]
}

ssh_public_key = var.ssh_public_key
}

22 changes: 22 additions & 0 deletions terraform/01-infrastructure/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
module "vcn" {
source = "oracle-terraform-modules/vcn/oci"
version = "3.5.4"

compartment_id = var.compartment_ocid
region = var.region

internet_gateway_route_rules = null
local_peering_gateways = null
nat_gateway_route_rules = null

vcn_name = "${var.project}-vcn"
vcn_dns_label = "${var.project}vcn"
vcn_cidrs = ["10.0.0.0/16"]

create_internet_gateway = true
create_nat_gateway = true
create_service_gateway = true
}



11 changes: 11 additions & 0 deletions terraform/01-infrastructure/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
output "k8s-cluster-id" {
value = oci_containerengine_cluster.k8s_cluster.id
}

output "public_subnet_id" {
value = oci_core_subnet.vcn_public_subnet.id
}

output "node_pool_id" {
value = oci_containerengine_node_pool.k8s_node_pool.id
}
3 changes: 3 additions & 0 deletions terraform/01-infrastructure/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
provider "oci" {
region = var.region
}
7 changes: 7 additions & 0 deletions terraform/01-infrastructure/repository.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
resource "oci_artifacts_container_repository" "docker_repository" {
compartment_id = var.compartment_ocid
display_name = "${var.project}-repository"

is_immutable = false
is_public = false
}
172 changes: 172 additions & 0 deletions terraform/01-infrastructure/sg.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,172 @@
resource "oci_core_security_list" "private_subnet_sl" {
compartment_id = var.compartment_ocid
vcn_id = module.vcn.vcn_id

display_name = "${var.project}-private-subnet-sl"

egress_security_rules {
stateless = false
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
protocol = "all"
}

ingress_security_rules {
stateless = false
source = "10.0.0.0/16"
source_type = "CIDR_BLOCK"
protocol = "all"
}

ingress_security_rules {
stateless = false
source = "10.0.0.0/24"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 22
max = 22
}
}

ingress_security_rules {
stateless = false
source = "10.0.0.0/24"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 80
max = 80
}
}

ingress_security_rules {
stateless = false
source = "10.0.0.0/24"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 443
max = 443
}
}

ingress_security_rules {
stateless = false
source = "10.0.0.0/24"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 10256
max = 10256
}
}
}

resource "oci_core_security_list" "public_subnet_sl" {
compartment_id = var.compartment_ocid
vcn_id = module.vcn.vcn_id

display_name = "${var.project}-public-subnet-sl"

egress_security_rules {
stateless = false
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
protocol = "all"
}

ingress_security_rules {
stateless = false
source = "10.0.0.0/16"
source_type = "CIDR_BLOCK"
protocol = "all"
}

ingress_security_rules {
stateless = false
source = "10.0.0.0/24"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 22
max = 22
}
}

ingress_security_rules {
stateless = false
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 80
max = 80
}
}

ingress_security_rules {
stateless = false
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 443
max = 443
}
}

ingress_security_rules {
stateless = false
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 6443
max = 6443
}
}

ingress_security_rules {
stateless = false
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 32080
max = 32080
}
}

ingress_security_rules {
stateless = false
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
protocol = "6"
tcp_options {
min = 32443
max = 32443
}
}
}

resource "oci_core_subnet" "vcn_private_subnet" {
compartment_id = var.compartment_ocid
vcn_id = module.vcn.vcn_id
cidr_block = "10.0.1.0/24"

route_table_id = module.vcn.nat_route_id
security_list_ids = [oci_core_security_list.private_subnet_sl.id]
display_name = "${var.project}-private-subnet"
prohibit_public_ip_on_vnic = true
}

resource "oci_core_subnet" "vcn_public_subnet" {
compartment_id = var.compartment_ocid
vcn_id = module.vcn.vcn_id
cidr_block = "10.0.0.0/24"

route_table_id = module.vcn.ig_route_id
security_list_ids = [oci_core_security_list.public_subnet_sl.id]
display_name = "${var.project}-public-subnet"
}
20 changes: 20 additions & 0 deletions terraform/01-infrastructure/terraform.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
backend "s3" {
bucket = "terraform-backend"
key = "junaidcloud/terraform.tfstate"
region = "uk-london-1"
endpoint = "https://lrhvckxzwf3l.compat.objectstorage.uk-london-1.oraclecloud.com"
shared_credentials_file = "../terraform-states_bucket_credentials"
skip_region_validation = true
skip_credentials_validation = true
skip_metadata_api_check = true
force_path_style = true
}

required_providers {
oci = {
source = "oracle/oci"
version = ">=5.8.0"
}
}
}
Loading

0 comments on commit 13b04de

Please sign in to comment.