oke-rm-1.1.8

app-dev/devops-and-containers/oke/oke-rm/README.md

@@ -16,13 +16,13 @@ This stack is used to create the initial network infrastructure for OKE. When co
 * By default, everything is private, but there is the possibility to create public subnets
 * Be careful when modifying the default values, as inputs are not validated
 
-[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.1.7/infra.zip)
+[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.1.8/infra.zip)
 
 ## Step 2: Create the OKE control plane
 
 This stack is used to create the OKE control plane ONLY.
 
-[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.1.7/oke.zip)
+[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.1.8/oke.zip)
 
 Also note that if the network infrastructure is located in a different compartment than the OKE cluster AND you are planning to use the OCI_VCN_NATIVE CNI,
 you must add these policies:

app-dev/devops-and-containers/oke/oke-rm/infra/local.tf

@@ -1,4 +1,25 @@
 locals {
   # VCN_NATIVE_CNI internally it is mapped as npn
   cni = var.cni_type == "vcn_native" ? "npn" : var.cni_type
+  vcn_cidr_blocks = [var.vcn_cidr_block]
+  subnets = {
+    cidr = {
+      pod           = cidrsubnet(var.vcn_cidr_block, 1, 0)       # e.g., "10.1.0.0/17"
+      worker        = cidrsubnet(var.vcn_cidr_block, 3, 4)       # e.g., "10.1.128.0/19"
+      lb_external   = cidrsubnet(var.vcn_cidr_block, 8, 160)     # e.g., "10.1.160.0/24"
+      lb_internal   = cidrsubnet(var.vcn_cidr_block, 8, 161)     # e.g., "10.1.161.0/24"
+      fss           = cidrsubnet(var.vcn_cidr_block, 8, 162)     # e.g., "10.1.162.0/24"
+      bastion       = cidrsubnet(var.vcn_cidr_block, 13, 5216)   # e.g., "10.1.163.0/29"
+      cp            = cidrsubnet(var.vcn_cidr_block, 13, 5217)   # e.g., "10.1.163.8/29"
+    }
+    dns = {
+      pod = "pod"
+      worker = "worker"
+      lb_external = "lbext"
+      lb_internal = "lbint"
+      fss = "fss"
+      bastion = "bastion"
+      cp = "cp"
+    }
+  }
 }

app-dev/devops-and-containers/oke/oke-rm/infra/main.tf

@@ -8,41 +8,44 @@ module "network" {
   create_vcn = var.create_vcn
   vcn_id = var.vcn_id
   vcn_name = var.vcn_name
-  vcn_cidr_blocks = var.vcn_cidr_blocks
+  vcn_cidr_blocks = local.vcn_cidr_blocks
   vcn_dns_label = var.vcn_dns_label
   # CP SUBNET
   create_cp_subnet = var.create_cp_subnet
-  cp_subnet_cidr = var.cp_subnet_cidr
-  cp_subnet_dns_label = var.cp_subnet_dns_label
+  cp_subnet_cidr = local.subnets.cidr.cp
+  cp_subnet_dns_label = local.subnets.dns.cp
   cp_subnet_name = var.cp_subnet_name
   cp_subnet_private = var.cp_subnet_private
   cp_allowed_source_cidr = var.cp_allowed_source_cidr
-  # SERVICE SUBNET
-  create_service_subnet = var.create_service_subnet
-  service_subnet_cidr = var.service_subnet_cidr
-  service_subnet_dns_label = var.service_subnet_dns_label
-  service_subnet_name = var.service_subnet_name
-  service_subnet_private = var.service_subnet_private
+  # LB SUBNETS
+  create_external_lb_subnet = var.create_external_lb_subnet
+  external_lb_cidr = local.subnets.cidr.lb_external
+  external_lb_subnet_dns_label = local.subnets.dns.lb_external
+  external_lb_subnet_name = var.external_lb_subnet_name
+  create_internal_lb_subnet = var.create_internal_lb_subnet
+  internal_lb_cidr = local.subnets.cidr.lb_internal
+  internal_lb_subnet_dns_label = local.subnets.dns.lb_internal
+  internal_lb_subnet_name = var.internal_lb_subnet_name
   # WORKER SUBNET
   create_worker_subnet = var.create_worker_subnet
-  worker_subnet_cidr = var.worker_subnet_cidr
-  worker_subnet_dns_label = var.worker_subnet_dns_label
+  worker_subnet_cidr = local.subnets.cidr.worker
+  worker_subnet_dns_label = local.subnets.dns.worker
   worker_subnet_name = var.worker_subnet_name
   # POD SUBNET
   create_pod_subnet = var.create_pod_subnet
-  pod_subnet_cidr = var.pod_subnet_cidr
-  pod_subnet_dns_label = var.pod_subnet_dns_label
+  pod_subnet_cidr = local.subnets.cidr.pod
+  pod_subnet_dns_label = local.subnets.dns.pod
   pod_subnet_name = var.pod_subnet_name
   # BASTION SUBNET
   create_bastion_subnet = var.create_bastion_subnet
-  bastion_subnet_cidr = var.bastion_subnet_cidr
-  bastion_subnet_dns_label = var.bastion_subnet_dns_label
+  bastion_subnet_cidr = local.subnets.cidr.bastion
+  bastion_subnet_dns_label = local.subnets.dns.bastion
   bastion_subnet_name = var.bastion_subnet_name
   bastion_subnet_private = var.bastion_subnet_private
   # FSS SUBNET
   create_fss = var.create_fss
-  fss_subnet_cidr = var.fss_subnet_cidr
-  fss_subnet_dns_label = var.fss_subnet_dns_label
+  fss_subnet_cidr = local.subnets.cidr.fss
+  fss_subnet_dns_label = local.subnets.dns.fss
   fss_subnet_name = var.fss_subnet_name
   # GATEWAYS
   create_gateways = var.create_gateways