diff --git a/terraform/database.tf b/terraform/database.tf index 7267a72..2b91bc0 100644 --- a/terraform/database.tf +++ b/terraform/database.tf @@ -15,7 +15,7 @@ resource "oci_database_autonomous_database" "autonomous_database" { data_safe_status = var.autonomous_database_data_safe_status db_version = var.autonomous_database_db_version db_name = "${local.db.app_name_for_db}${local.oke.deploy_id}" - display_name = "${var.app_name} Db (${local.oke.deploy_id})" + display_name = "${local.app_name} Db (${local.oke.deploy_id})" license_model = var.autonomous_database_license_model is_auto_scaling_enabled = var.autonomous_database_is_auto_scaling_enabled is_free_tier = var.autonomous_database_is_free_tier @@ -33,13 +33,13 @@ resource "oci_database_autonomous_database_wallet" "autonomous_database_wallet" base64_encode_content = true count = 1 -# depends_on = [oci_database_autonomous_database.autonomous_database] + # depends_on = [oci_database_autonomous_database.autonomous_database] } resource "kubernetes_secret" "oadb-admin" { metadata { - name = var.oadb_admin_secret_name -# namespace = kubernetes_namespace.mushop_namespace.id + name = var.oadb_admin_secret_name + # namespace = kubernetes_namespace.mushop_namespace.id } data = { oadb_admin_pw = random_string.autonomous_database_admin_password.result @@ -47,13 +47,13 @@ resource "kubernetes_secret" "oadb-admin" { type = "Opaque" count = 1 -# depends_on = [oci_database_autonomous_database.autonomous_database] + # depends_on = [oci_database_autonomous_database.autonomous_database] } resource "kubernetes_secret" "oadb-connection" { metadata { - name = var.oadb_connection_secret_name -# namespace = kubernetes_namespace.mushop_namespace.id + name = var.oadb_connection_secret_name + # namespace = kubernetes_namespace.mushop_namespace.id } data = { oadb_wallet_pw = random_string.autonomous_database_wallet_password.result @@ -62,15 +62,15 @@ resource "kubernetes_secret" "oadb-connection" { type = "Opaque" count = 1 -# depends_on = [oci_database_autonomous_database.autonomous_database] + # depends_on = [oci_database_autonomous_database.autonomous_database] } ### OADB Wallet extraction <> resource "kubernetes_secret" "oadb_wallet_zip" { metadata { - name = "oadb-wallet-zip" -# namespace = kubernetes_namespace.mushop_namespace.id + name = "oadb-wallet-zip" + # namespace = kubernetes_namespace.mushop_namespace.id } data = { wallet = oci_database_autonomous_database_wallet.autonomous_database_wallet[0].content @@ -78,7 +78,7 @@ resource "kubernetes_secret" "oadb_wallet_zip" { type = "Opaque" count = 1 -# depends_on = [oci_database_autonomous_database.autonomous_database,oci_database_autonomous_database_wallet.autonomous_database_wallet] + # depends_on = [oci_database_autonomous_database.autonomous_database,oci_database_autonomous_database_wallet.autonomous_database_wallet] } @@ -89,10 +89,10 @@ resource "kubernetes_cluster_role" "secret_creator" { rule { api_groups = [""] resources = ["secrets"] - verbs = ["create","delete"] + verbs = ["create", "delete"] } -# count = var.mushop_mock_mode_all ? 0 : 1 + # count = var.mushop_mock_mode_all ? 0 : 1 count = 1 } @@ -106,46 +106,46 @@ resource "kubernetes_cluster_role_binding" "wallet_extractor_crb" { name = kubernetes_cluster_role.secret_creator[0].metadata.0.name } subject { - kind = "ServiceAccount" - name = kubernetes_service_account.wallet_extractor_sa[0].metadata.0.name -# namespace = kubernetes_namespace.mushop_namespace.id + kind = "ServiceAccount" + name = kubernetes_service_account.wallet_extractor_sa[0].metadata.0.name + # namespace = kubernetes_namespace.mushop_namespace.id } -# count = var.mushop_mock_mode_all ? 0 : 1 + # count = var.mushop_mock_mode_all ? 0 : 1 count = 1 } resource "kubernetes_service_account" "wallet_extractor_sa" { metadata { - name = "wallet-extractor-sa" -# namespace = kubernetes_namespace.mushop_namespace.id + name = "wallet-extractor-sa" + # namespace = kubernetes_namespace.mushop_namespace.id } secret { name = "wallet-extractor-sa-token" } -# count = var.mushop_mock_mode_all ? 0 : 1 + # count = var.mushop_mock_mode_all ? 0 : 1 count = 1 } resource "kubernetes_secret" "wallet_extractor_sa" { metadata { - name = "wallet-extractor-sa-token" -# namespace = kubernetes_namespace.mushop_namespace.id + name = "wallet-extractor-sa-token" + # namespace = kubernetes_namespace.mushop_namespace.id annotations = { "kubernetes.io/service-account.name" = kubernetes_service_account.wallet_extractor_sa.0.metadata.0.name } } type = "kubernetes.io/service-account-token" -# count = var.mushop_mock_mode_all ? 0 : 1 + # count = var.mushop_mock_mode_all ? 0 : 1 count = 1 } resource "kubernetes_job" "wallet_extractor_job" { metadata { - name = "wallet-extractor-job" -# namespace = kubernetes_namespace.mushop_namespace.id + name = "wallet-extractor-job" + # namespace = kubernetes_namespace.mushop_namespace.id } spec { template { @@ -206,15 +206,15 @@ resource "kubernetes_job" "wallet_extractor_job" { ttl_seconds_after_finished = 120 } - wait_for_completion = true + wait_for_completion = true timeouts { create = "20m" update = "20m" } -# depends_on = [kubernetes_deployment.cluster_autoscaler_deployment] + # depends_on = [kubernetes_deployment.cluster_autoscaler_deployment] depends_on = [oci_database_autonomous_database_wallet.autonomous_database_wallet] -# count = var.mushop_mock_mode_all ? 0 : 1 + # count = var.mushop_mock_mode_all ? 0 : 1 count = 1 } diff --git a/terraform/later.tf b/terraform/later.tf index 7afbc14..7ce6356 100644 --- a/terraform/later.tf +++ b/terraform/later.tf @@ -48,7 +48,7 @@ #### OCI Service User #resource "oci_identity_user" "oci_service_user" { # compartment_id = var.tenancy_ocid -# description = "${var.app_name} Service User for deployment ${random_string.deploy_id.result}" +# description = "${local.app_name} Service User for deployment ${random_string.deploy_id.result}" # name = "${local.app_name_normalized}-service-user-${random_string.deploy_id.result}" # # provider = oci.home_region @@ -57,7 +57,7 @@ #} #resource "oci_identity_group" "oci_service_user" { # compartment_id = var.tenancy_ocid -# description = "${var.app_name} Service User Group for deployment ${random_string.deploy_id.result}" +# description = "${local.app_name} Service User Group for deployment ${random_string.deploy_id.result}" # name = "${local.app_name_normalized}-service-user-group-${random_string.deploy_id.result}" # # provider = oci.home_region @@ -112,7 +112,7 @@ #resource "oci_functions_application" "app_function" { # compartment_id = local.oke_compartment_ocid -# display_name = "${var.app_name} Application (${random_string.deploy_id.result})" +# display_name = "${local.app_name} Application (${random_string.deploy_id.result})" # subnet_ids = [oci_core_subnet.apigw_fn_subnet.0.id, ] # # config = {} @@ -162,7 +162,7 @@ # compartment_id = local.oke_compartment_ocid # endpoint_type = "PUBLIC" # subnet_id = oci_core_subnet.apigw_fn_subnet.0.id -# display_name = "${var.app_name} API Gateway (${random_string.deploy_id.result})" +# display_name = "${local.app_name} API Gateway (${random_string.deploy_id.result})" # # response_cache_details { # type = "NONE" diff --git a/terraform/locals.tf b/terraform/locals.tf index e5562c4..ccd7796 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -2,6 +2,10 @@ locals { ts = timestamp() + app_name = random_string.generated_workspace_name.result + + deploy_id = random_string.generated_deployment_name.result + app = { backend_service_name = "corrino-cp" backend_service_name_origin = "http://corrino-cp" @@ -25,8 +29,8 @@ locals { format("Registration ID : %s", random_string.registration_id.result), format("Deploy DateTime : %s", local.ts), format("Administrator : %s", var.corrino_admin_email), - format("Workspace Name : %s", var.app_name), - format("Deploy ID : %s", var.deploy_id), + format("Workspace Name : %s", local.app_name), + format("Deploy ID : %s", local.deploy_id), format("Corrino Version : %s", var.corrino_version), format("FQDN : %s", local.fqdn.name), format("Tenancy OCID : %s", local.oci.tenancy_id), @@ -42,12 +46,12 @@ locals { } oke = { - deploy_id = var.deploy_id + deploy_id = local.deploy_id cluster_ocid = var.existent_oke_cluster_id } db = { - app_name_for_db = regex("[[:alnum:]]{1,10}", var.app_name) + app_name_for_db = regex("[[:alnum:]]{1,10}", local.app_name) } addon = { diff --git a/terraform/oke.tf b/terraform/oke.tf index 0396926..d7b624c 100644 --- a/terraform/oke.tf +++ b/terraform/oke.tf @@ -3,7 +3,7 @@ # module "oke-quickstart" { -# source = "github.com/oracle-quickstart/terraform-oci-corrino?ref=0.9.0" + # source = "github.com/oracle-quickstart/terraform-oci-corrino?ref=0.9.0" source = "./modules/corrino" providers = { @@ -18,8 +18,8 @@ module "oke-quickstart" { # Note: Just few arguments are showing here to simplify the basic example. All other arguments are using default values. # App Name to identify deployment. Used for naming resources. - app_name = var.app_name - deploy_id = var.deploy_id + app_name = local.app_name + deploy_id = local.deploy_id # Freeform Tags + Defined Tags. Tags are applied to all resources. tag_values = { "freeformTags" = { "Environment" = "Development", "DeploymentType" = "basic", "QuickstartExample" = "basic-cluster" }, "definedTags" = {} } @@ -36,27 +36,27 @@ module "oke-quickstart" { vcn_cidr_blocks = "10.22.0.0/16" metrics_server_enabled = var.metrics_server_enabled - ingress_nginx_enabled = var.ingress_nginx_enabled - cert_manager_enabled = var.cert_manager_enabled - prometheus_enabled = var.prometheus_enabled - grafana_enabled = var.grafana_enabled + ingress_nginx_enabled = var.ingress_nginx_enabled + cert_manager_enabled = var.cert_manager_enabled + prometheus_enabled = var.prometheus_enabled + grafana_enabled = var.grafana_enabled - create_new_oke_cluster = false + create_new_oke_cluster = false existent_oke_cluster_id = var.existent_oke_cluster_id - create_new_vcn = false + create_new_vcn = false existent_vcn_ocid = var.existent_vcn_ocid create_new_compartment_for_oke = false - existent_vcn_compartment_ocid = var.compartment_ocid + existent_vcn_compartment_ocid = var.compartment_ocid create_vault_policies_for_group = false - create_subnets = false - existent_oke_k8s_endpoint_subnet_ocid = var.existent_oke_k8s_endpoint_subnet_ocid - existent_oke_nodes_subnet_ocid = var.existent_oke_nodes_subnet_ocid - existent_oke_load_balancer_subnet_ocid = var.existent_oke_load_balancer_subnet_ocid -# existent_oke_vcn_native_pod_networking_subnet_ocid = "" # Optional. Existent VCN Native POD Networking subnet if the CNI Type is "OCI_VCN_IP_NATIVE" + create_subnets = false + existent_oke_k8s_endpoint_subnet_ocid = var.existent_oke_k8s_endpoint_subnet_ocid + existent_oke_nodes_subnet_ocid = var.existent_oke_nodes_subnet_ocid + existent_oke_load_balancer_subnet_ocid = var.existent_oke_load_balancer_subnet_ocid + # existent_oke_vcn_native_pod_networking_subnet_ocid = "" # Optional. Existent VCN Native POD Networking subnet if the CNI Type is "OCI_VCN_IP_NATIVE" } diff --git a/terraform/outputs.tf b/terraform/outputs.tf index ace51e2..ae04575 100755 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -102,7 +102,7 @@ output "corrino_source_code" { value = "https://github.com/oracle-quickstart/corrino/" } output "corrino_version" { -# value = file("${path.module}/VERSION") + # value = file("${path.module}/VERSION") value = local.versions.corrino_version } @@ -113,19 +113,19 @@ output "corrino_version" { output "corrino_api_url" { value = format("https://${local.public_endpoint.api}") description = "API Service" - depends_on = [module.oke-quickstart.helm_release_ingress_nginx] + depends_on = [module.oke-quickstart.helm_release_ingress_nginx] } output "corrino_portal_url" { value = format("https://${local.public_endpoint.portal}") description = "Portal Service" - depends_on = [module.oke-quickstart.helm_release_ingress_nginx] + depends_on = [module.oke-quickstart.helm_release_ingress_nginx] } output "corrino_grafana_url" { value = var.grafana_enabled ? format("https://${local.public_endpoint.grafana}") : null description = "Grafana Service" - depends_on = [module.oke-quickstart.helm_release_ingress_nginx] + depends_on = [module.oke-quickstart.helm_release_ingress_nginx] } output "grafana_admin_username" { @@ -147,15 +147,23 @@ output "grafana_admin_password" { output "corrino_prometheus_url" { value = var.prometheus_enabled ? format("https://${local.public_endpoint.prometheus}") : null description = "Prometheus Service" - depends_on = [module.oke-quickstart.helm_release_ingress_nginx] + depends_on = [module.oke-quickstart.helm_release_ingress_nginx] } output "corrino_mlflow_url" { value = var.mlflow_enabled ? format("https://${local.public_endpoint.mlflow}") : null description = "MLflow Service" - depends_on = [module.oke-quickstart.helm_release_ingress_nginx] + depends_on = [module.oke-quickstart.helm_release_ingress_nginx] } output "autonomous_database_password" { value = random_string.autonomous_database_admin_password.result +} + +output "app_name" { + value = random_string.generated_workspace_name.result +} + +output "deploy_id" { + value = random_string.generated_deployment_name.result } \ No newline at end of file diff --git a/terraform/policies.tf b/terraform/policies.tf index 4eb206c..bd97210 100644 --- a/terraform/policies.tf +++ b/terraform/policies.tf @@ -1,22 +1,22 @@ # Get compartment name for policy data "oci_identity_compartment" "oci_compartment" { - id = var.compartment_ocid + id = var.compartment_ocid } # Define the dynamic group resource "oci_identity_dynamic_group" "dyn_group" { - provider = oci.home_region - name = "${var.app_name}-instance-dg" + provider = oci.home_region + name = "${local.app_name}-instance-dg" description = "Dynamic group for OKE instances across the tenancy" compartment_id = var.tenancy_ocid matching_rule = "ALL {instance.compartment.id = '${var.compartment_ocid}'}" - count = var.policy_creation_enabled ? 1 : 0 + count = var.policy_creation_enabled ? 1 : 0 } # Define the IAM policy resource "oci_identity_policy" "oke_instances_tenancy_policy" { provider = oci.home_region - name = "${var.app_name}-dg-inst-policy" + name = "${local.app_name}-dg-inst-policy" description = "Tenancy-level policy to grant needed permissions to the dynamic group" compartment_id = var.tenancy_ocid @@ -24,6 +24,6 @@ resource "oci_identity_policy" "oke_instances_tenancy_policy" { "Allow dynamic-group 'Default'/'${oci_identity_dynamic_group.dyn_group[0].name}' to manage all-resources in compartment ${data.oci_identity_compartment.oci_compartment.name}", "Allow dynamic-group 'Default'/'${oci_identity_dynamic_group.dyn_group[0].name}' to use all-resources in tenancy", ] - count = var.policy_creation_enabled ? 1 : 0 + count = var.policy_creation_enabled ? 1 : 0 depends_on = [oci_identity_dynamic_group.dyn_group] } \ No newline at end of file diff --git a/terraform/random.tf b/terraform/random.tf index dc85eb2..de2a1ef 100644 --- a/terraform/random.tf +++ b/terraform/random.tf @@ -1,3 +1,17 @@ +resource "random_string" "generated_workspace_name" { + length = 6 + special = false + min_upper = 3 + min_lower = 3 +} + +resource "random_string" "generated_deployment_name" { + length = 6 + special = false + min_upper = 3 + min_lower = 3 +} + resource "random_string" "corrino_django_secret" { length = 32 special = true @@ -29,14 +43,14 @@ resource "random_string" "autonomous_database_admin_password" { } resource "random_string" "subdomain" { - length = 6 - special = false - upper = false + length = 6 + special = false + upper = false } resource "random_string" "registration_id" { - length = 8 - special = false - upper = false + length = 8 + special = false + upper = false } \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index be7e334..ba43df5 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -46,25 +46,25 @@ variable "os_namespace_name" { # Corrino App # ----------------------------------- -variable "app_name" { - type = string - - validation { - condition = can(regex("^([A-Za-z0-9]){1,6}$", var.app_name)) - error_message = "Please provide a Workspace Name (aka app_name) that is between 1 and 6 alphanumeric characters in length." - } - -} - -variable "deploy_id" { - type = string - - validation { - condition = can(regex("^([A-Za-z0-9]){1,6}$", var.deploy_id)) - error_message = "Please provide a Deploy ID that is between 1 and 6 alphanumeric characters in length." - } - -} +# variable "app_name" { +# type = string +# default = "work" +# validation { +# condition = can(regex("^([A-Za-z0-9]){1,6}$", var.app_name)) +# error_message = "Please provide a Workspace Name (aka app_name) that is between 1 and 6 alphanumeric characters in length." +# } +# +# } + +# variable "deploy_id" { +# type = string +# default = "deploy" +# validation { +# condition = can(regex("^([A-Za-z0-9]){1,6}$", var.deploy_id)) +# error_message = "Please provide a Deploy ID that is between 1 and 6 alphanumeric characters in length." +# } + +# } variable "policy_creation_enabled" { description = "Create policies to enable apps to view and manage compute resources. If selected and user does not have permissions to create policies in root tenancy, build will fail."