Skip to content

Commit

Permalink
make app_name and deploy_id autogenerated
Browse files Browse the repository at this point in the history
  • Loading branch information
grantneumanoracle committed Jan 30, 2025
1 parent d562640 commit ba76cfe
Show file tree
Hide file tree
Showing 8 changed files with 114 additions and 88 deletions.
56 changes: 28 additions & 28 deletions terraform/database.tf
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ resource "oci_database_autonomous_database" "autonomous_database" {
data_safe_status = var.autonomous_database_data_safe_status
db_version = var.autonomous_database_db_version
db_name = "${local.db.app_name_for_db}${local.oke.deploy_id}"
display_name = "${var.app_name} Db (${local.oke.deploy_id})"
display_name = "${local.app_name} Db (${local.oke.deploy_id})"
license_model = var.autonomous_database_license_model
is_auto_scaling_enabled = var.autonomous_database_is_auto_scaling_enabled
is_free_tier = var.autonomous_database_is_free_tier
Expand All @@ -33,27 +33,27 @@ resource "oci_database_autonomous_database_wallet" "autonomous_database_wallet"
base64_encode_content = true

count = 1
# depends_on = [oci_database_autonomous_database.autonomous_database]
# depends_on = [oci_database_autonomous_database.autonomous_database]
}

resource "kubernetes_secret" "oadb-admin" {
metadata {
name = var.oadb_admin_secret_name
# namespace = kubernetes_namespace.mushop_namespace.id
name = var.oadb_admin_secret_name
# namespace = kubernetes_namespace.mushop_namespace.id
}
data = {
oadb_admin_pw = random_string.autonomous_database_admin_password.result
}
type = "Opaque"

count = 1
# depends_on = [oci_database_autonomous_database.autonomous_database]
# depends_on = [oci_database_autonomous_database.autonomous_database]
}

resource "kubernetes_secret" "oadb-connection" {
metadata {
name = var.oadb_connection_secret_name
# namespace = kubernetes_namespace.mushop_namespace.id
name = var.oadb_connection_secret_name
# namespace = kubernetes_namespace.mushop_namespace.id
}
data = {
oadb_wallet_pw = random_string.autonomous_database_wallet_password.result
Expand All @@ -62,23 +62,23 @@ resource "kubernetes_secret" "oadb-connection" {
type = "Opaque"

count = 1
# depends_on = [oci_database_autonomous_database.autonomous_database]
# depends_on = [oci_database_autonomous_database.autonomous_database]

}

### OADB Wallet extraction <>
resource "kubernetes_secret" "oadb_wallet_zip" {
metadata {
name = "oadb-wallet-zip"
# namespace = kubernetes_namespace.mushop_namespace.id
name = "oadb-wallet-zip"
# namespace = kubernetes_namespace.mushop_namespace.id
}
data = {
wallet = oci_database_autonomous_database_wallet.autonomous_database_wallet[0].content
}
type = "Opaque"

count = 1
# depends_on = [oci_database_autonomous_database.autonomous_database,oci_database_autonomous_database_wallet.autonomous_database_wallet]
# depends_on = [oci_database_autonomous_database.autonomous_database,oci_database_autonomous_database_wallet.autonomous_database_wallet]

}

Expand All @@ -89,10 +89,10 @@ resource "kubernetes_cluster_role" "secret_creator" {
rule {
api_groups = [""]
resources = ["secrets"]
verbs = ["create","delete"]
verbs = ["create", "delete"]
}

# count = var.mushop_mock_mode_all ? 0 : 1
# count = var.mushop_mock_mode_all ? 0 : 1
count = 1
}

Expand All @@ -106,46 +106,46 @@ resource "kubernetes_cluster_role_binding" "wallet_extractor_crb" {
name = kubernetes_cluster_role.secret_creator[0].metadata.0.name
}
subject {
kind = "ServiceAccount"
name = kubernetes_service_account.wallet_extractor_sa[0].metadata.0.name
# namespace = kubernetes_namespace.mushop_namespace.id
kind = "ServiceAccount"
name = kubernetes_service_account.wallet_extractor_sa[0].metadata.0.name
# namespace = kubernetes_namespace.mushop_namespace.id
}

# count = var.mushop_mock_mode_all ? 0 : 1
# count = var.mushop_mock_mode_all ? 0 : 1
count = 1
}

resource "kubernetes_service_account" "wallet_extractor_sa" {
metadata {
name = "wallet-extractor-sa"
# namespace = kubernetes_namespace.mushop_namespace.id
name = "wallet-extractor-sa"
# namespace = kubernetes_namespace.mushop_namespace.id
}
secret {
name = "wallet-extractor-sa-token"
}

# count = var.mushop_mock_mode_all ? 0 : 1
# count = var.mushop_mock_mode_all ? 0 : 1
count = 1
}

resource "kubernetes_secret" "wallet_extractor_sa" {
metadata {
name = "wallet-extractor-sa-token"
# namespace = kubernetes_namespace.mushop_namespace.id
name = "wallet-extractor-sa-token"
# namespace = kubernetes_namespace.mushop_namespace.id
annotations = {
"kubernetes.io/service-account.name" = kubernetes_service_account.wallet_extractor_sa.0.metadata.0.name
}
}
type = "kubernetes.io/service-account-token"

# count = var.mushop_mock_mode_all ? 0 : 1
# count = var.mushop_mock_mode_all ? 0 : 1
count = 1
}

resource "kubernetes_job" "wallet_extractor_job" {
metadata {
name = "wallet-extractor-job"
# namespace = kubernetes_namespace.mushop_namespace.id
name = "wallet-extractor-job"
# namespace = kubernetes_namespace.mushop_namespace.id
}
spec {
template {
Expand Down Expand Up @@ -206,15 +206,15 @@ resource "kubernetes_job" "wallet_extractor_job" {
ttl_seconds_after_finished = 120
}

wait_for_completion = true
wait_for_completion = true
timeouts {
create = "20m"
update = "20m"
}

# depends_on = [kubernetes_deployment.cluster_autoscaler_deployment]
# depends_on = [kubernetes_deployment.cluster_autoscaler_deployment]
depends_on = [oci_database_autonomous_database_wallet.autonomous_database_wallet]

# count = var.mushop_mock_mode_all ? 0 : 1
# count = var.mushop_mock_mode_all ? 0 : 1
count = 1
}
8 changes: 4 additions & 4 deletions terraform/later.tf
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
#### OCI Service User
#resource "oci_identity_user" "oci_service_user" {
# compartment_id = var.tenancy_ocid
# description = "${var.app_name} Service User for deployment ${random_string.deploy_id.result}"
# description = "${local.app_name} Service User for deployment ${random_string.deploy_id.result}"
# name = "${local.app_name_normalized}-service-user-${random_string.deploy_id.result}"
#
# provider = oci.home_region
Expand All @@ -57,7 +57,7 @@
#}
#resource "oci_identity_group" "oci_service_user" {
# compartment_id = var.tenancy_ocid
# description = "${var.app_name} Service User Group for deployment ${random_string.deploy_id.result}"
# description = "${local.app_name} Service User Group for deployment ${random_string.deploy_id.result}"
# name = "${local.app_name_normalized}-service-user-group-${random_string.deploy_id.result}"
#
# provider = oci.home_region
Expand Down Expand Up @@ -112,7 +112,7 @@

#resource "oci_functions_application" "app_function" {
# compartment_id = local.oke_compartment_ocid
# display_name = "${var.app_name} Application (${random_string.deploy_id.result})"
# display_name = "${local.app_name} Application (${random_string.deploy_id.result})"
# subnet_ids = [oci_core_subnet.apigw_fn_subnet.0.id, ]
#
# config = {}
Expand Down Expand Up @@ -162,7 +162,7 @@
# compartment_id = local.oke_compartment_ocid
# endpoint_type = "PUBLIC"
# subnet_id = oci_core_subnet.apigw_fn_subnet.0.id
# display_name = "${var.app_name} API Gateway (${random_string.deploy_id.result})"
# display_name = "${local.app_name} API Gateway (${random_string.deploy_id.result})"
#
# response_cache_details {
# type = "NONE"
Expand Down
12 changes: 8 additions & 4 deletions terraform/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ locals {

ts = timestamp()

app_name = random_string.generated_workspace_name.result

deploy_id = random_string.generated_deployment_name.result

app = {
backend_service_name = "corrino-cp"
backend_service_name_origin = "http://corrino-cp"
Expand All @@ -25,8 +29,8 @@ locals {
format("Registration ID : %s", random_string.registration_id.result),
format("Deploy DateTime : %s", local.ts),
format("Administrator : %s", var.corrino_admin_email),
format("Workspace Name : %s", var.app_name),
format("Deploy ID : %s", var.deploy_id),
format("Workspace Name : %s", local.app_name),
format("Deploy ID : %s", local.deploy_id),
format("Corrino Version : %s", var.corrino_version),
format("FQDN : %s", local.fqdn.name),
format("Tenancy OCID : %s", local.oci.tenancy_id),
Expand All @@ -42,12 +46,12 @@ locals {
}

oke = {
deploy_id = var.deploy_id
deploy_id = local.deploy_id
cluster_ocid = var.existent_oke_cluster_id
}

db = {
app_name_for_db = regex("[[:alnum:]]{1,10}", var.app_name)
app_name_for_db = regex("[[:alnum:]]{1,10}", local.app_name)
}

addon = {
Expand Down
30 changes: 15 additions & 15 deletions terraform/oke.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
#

module "oke-quickstart" {
# source = "github.com/oracle-quickstart/terraform-oci-corrino?ref=0.9.0"
# source = "github.com/oracle-quickstart/terraform-oci-corrino?ref=0.9.0"
source = "./modules/corrino"

providers = {
Expand All @@ -18,8 +18,8 @@ module "oke-quickstart" {

# Note: Just few arguments are showing here to simplify the basic example. All other arguments are using default values.
# App Name to identify deployment. Used for naming resources.
app_name = var.app_name
deploy_id = var.deploy_id
app_name = local.app_name
deploy_id = local.deploy_id

# Freeform Tags + Defined Tags. Tags are applied to all resources.
tag_values = { "freeformTags" = { "Environment" = "Development", "DeploymentType" = "basic", "QuickstartExample" = "basic-cluster" }, "definedTags" = {} }
Expand All @@ -36,27 +36,27 @@ module "oke-quickstart" {
vcn_cidr_blocks = "10.22.0.0/16"

metrics_server_enabled = var.metrics_server_enabled
ingress_nginx_enabled = var.ingress_nginx_enabled
cert_manager_enabled = var.cert_manager_enabled
prometheus_enabled = var.prometheus_enabled
grafana_enabled = var.grafana_enabled
ingress_nginx_enabled = var.ingress_nginx_enabled
cert_manager_enabled = var.cert_manager_enabled
prometheus_enabled = var.prometheus_enabled
grafana_enabled = var.grafana_enabled

create_new_oke_cluster = false
create_new_oke_cluster = false
existent_oke_cluster_id = var.existent_oke_cluster_id

create_new_vcn = false
create_new_vcn = false
existent_vcn_ocid = var.existent_vcn_ocid

create_new_compartment_for_oke = false
existent_vcn_compartment_ocid = var.compartment_ocid
existent_vcn_compartment_ocid = var.compartment_ocid

create_vault_policies_for_group = false

create_subnets = false
existent_oke_k8s_endpoint_subnet_ocid = var.existent_oke_k8s_endpoint_subnet_ocid
existent_oke_nodes_subnet_ocid = var.existent_oke_nodes_subnet_ocid
existent_oke_load_balancer_subnet_ocid = var.existent_oke_load_balancer_subnet_ocid
# existent_oke_vcn_native_pod_networking_subnet_ocid = "" # Optional. Existent VCN Native POD Networking subnet if the CNI Type is "OCI_VCN_IP_NATIVE"
create_subnets = false
existent_oke_k8s_endpoint_subnet_ocid = var.existent_oke_k8s_endpoint_subnet_ocid
existent_oke_nodes_subnet_ocid = var.existent_oke_nodes_subnet_ocid
existent_oke_load_balancer_subnet_ocid = var.existent_oke_load_balancer_subnet_ocid
# existent_oke_vcn_native_pod_networking_subnet_ocid = "" # Optional. Existent VCN Native POD Networking subnet if the CNI Type is "OCI_VCN_IP_NATIVE"

}

20 changes: 14 additions & 6 deletions terraform/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ output "corrino_source_code" {
value = "https://github.com/oracle-quickstart/corrino/"
}
output "corrino_version" {
# value = file("${path.module}/VERSION")
# value = file("${path.module}/VERSION")
value = local.versions.corrino_version
}

Expand All @@ -113,19 +113,19 @@ output "corrino_version" {
output "corrino_api_url" {
value = format("https://${local.public_endpoint.api}")
description = "API Service"
depends_on = [module.oke-quickstart.helm_release_ingress_nginx]
depends_on = [module.oke-quickstart.helm_release_ingress_nginx]
}

output "corrino_portal_url" {
value = format("https://${local.public_endpoint.portal}")
description = "Portal Service"
depends_on = [module.oke-quickstart.helm_release_ingress_nginx]
depends_on = [module.oke-quickstart.helm_release_ingress_nginx]
}

output "corrino_grafana_url" {
value = var.grafana_enabled ? format("https://${local.public_endpoint.grafana}") : null
description = "Grafana Service"
depends_on = [module.oke-quickstart.helm_release_ingress_nginx]
depends_on = [module.oke-quickstart.helm_release_ingress_nginx]
}

output "grafana_admin_username" {
Expand All @@ -147,15 +147,23 @@ output "grafana_admin_password" {
output "corrino_prometheus_url" {
value = var.prometheus_enabled ? format("https://${local.public_endpoint.prometheus}") : null
description = "Prometheus Service"
depends_on = [module.oke-quickstart.helm_release_ingress_nginx]
depends_on = [module.oke-quickstart.helm_release_ingress_nginx]
}

output "corrino_mlflow_url" {
value = var.mlflow_enabled ? format("https://${local.public_endpoint.mlflow}") : null
description = "MLflow Service"
depends_on = [module.oke-quickstart.helm_release_ingress_nginx]
depends_on = [module.oke-quickstart.helm_release_ingress_nginx]
}

output "autonomous_database_password" {
value = random_string.autonomous_database_admin_password.result
}

output "app_name" {
value = random_string.generated_workspace_name.result
}

output "deploy_id" {
value = random_string.generated_deployment_name.result
}
12 changes: 6 additions & 6 deletions terraform/policies.tf
Original file line number Diff line number Diff line change
@@ -1,29 +1,29 @@
# Get compartment name for policy
data "oci_identity_compartment" "oci_compartment" {
id = var.compartment_ocid
id = var.compartment_ocid
}

# Define the dynamic group
resource "oci_identity_dynamic_group" "dyn_group" {
provider = oci.home_region
name = "${var.app_name}-instance-dg"
provider = oci.home_region
name = "${local.app_name}-instance-dg"
description = "Dynamic group for OKE instances across the tenancy"
compartment_id = var.tenancy_ocid
matching_rule = "ALL {instance.compartment.id = '${var.compartment_ocid}'}"
count = var.policy_creation_enabled ? 1 : 0
count = var.policy_creation_enabled ? 1 : 0
}

# Define the IAM policy
resource "oci_identity_policy" "oke_instances_tenancy_policy" {
provider = oci.home_region
name = "${var.app_name}-dg-inst-policy"
name = "${local.app_name}-dg-inst-policy"
description = "Tenancy-level policy to grant needed permissions to the dynamic group"
compartment_id = var.tenancy_ocid

statements = [
"Allow dynamic-group 'Default'/'${oci_identity_dynamic_group.dyn_group[0].name}' to manage all-resources in compartment ${data.oci_identity_compartment.oci_compartment.name}",
"Allow dynamic-group 'Default'/'${oci_identity_dynamic_group.dyn_group[0].name}' to use all-resources in tenancy",
]
count = var.policy_creation_enabled ? 1 : 0
count = var.policy_creation_enabled ? 1 : 0
depends_on = [oci_identity_dynamic_group.dyn_group]
}
Loading

0 comments on commit ba76cfe

Please sign in to comment.