Merge pull request #12 from streamnsight/bugfix/db-oss-access

Bugfix/db oss access

README.md

@@ -20,11 +20,11 @@ This terraform deployment requires the prior installation of the following:
 
     [tfswitch](https://tfswitch.warrensbox.com/Install/) can be used for flexibility of working with multiple versions of terraform, but it is only available on Linux and Mac OS X, for Windows or if you prefer to install the base software, see [https://learn.hashicorp.com/tutorials/terraform/install-cli](https://learn.hashicorp.com/tutorials/terraform/install-cli) for basic installation instructions.
 
-- **kubectl >= 1.22 (the Kubernetes cli)**
+- **kubectl >= 1.23 (the Kubernetes cli)**
 
     See [https://kubernetes.io/docs/tasks/tools/install-kubectl/](https://kubernetes.io/docs/tasks/tools/install-kubectl/) for installation instructions, although kubectl is usually installed as part of Docker Desktop, so if you use Docker it is likely already installed.
 
-- **helm >= 3.5.4**
+- **helm >= 3.9.0**
 
     Helm is a kubernetes deployment package manager. The OCI Service Broker is packaged in a Helm chart, and so is the etcd cluster deployment.
     See [https://helm.sh/docs/intro/install/](https://helm.sh/docs/intro/install/) to install helm locally.

modules/vcn/datasources.tf

@@ -5,4 +5,12 @@
 
 data "oci_identity_availability_domains" "ads" {
   compartment_id = var.compartment_ocid
+}
+
+data "oci_core_services" "all_oci_services" {
+  filter {
+    name   = "name"
+    values = ["All .* Services In Oracle Services Network"]
+    regex  = true
+  }
 }

modules/vcn/main.tf

@@ -24,6 +24,15 @@ resource "oci_core_nat_gateway" "natgw" {
   vcn_id         = oci_core_virtual_network.vcn.id
 }
 
+resource "oci_core_service_gateway" "svc_gw" {
+  compartment_id = var.compartment_ocid
+  display_name   = "Service Gateway"
+  vcn_id         = oci_core_virtual_network.vcn.id
+  services {
+    service_id = lookup(data.oci_core_services.all_oci_services.services[0], "id")
+  }
+}
+
 # Create route table to connect public subnet to internet gateway 
 
 resource "oci_core_route_table" "public_rt" {
@@ -48,6 +57,12 @@ resource "oci_core_route_table" "private_rt" {
     destination       = "0.0.0.0/0"
     network_entity_id = oci_core_nat_gateway.natgw.id
   }
+
+  route_rules {
+    destination       = lookup(data.oci_core_services.all_oci_services.services[0], "cidr_block")
+    destination_type  = "SERVICE_CIDR_BLOCK"
+    network_entity_id = oci_core_service_gateway.svc_gw.id
+  }
 }
 
 # Create security list for public subnet for the load balancers
@@ -266,6 +281,14 @@ resource "oci_core_security_list" "database_sl" {
       min = 1521
     }
   }
+
+  # any traffic to cluster Services subnet
+  egress_security_rules {
+    protocol         = "6"
+    destination_type = "SERVICE_CIDR_BLOCK"
+    destination      = lookup(data.oci_core_services.all_oci_services.services[0], "cidr_block")
+    stateless        = false
+  }
 }
 
 # Create regional subnets in vcn

templates/deploy-traefik.tpl

@@ -1,15 +1,15 @@
-## Copyright © 2021, Oracle and/or its affiliates. 
+## Copyright © 2021-2023, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 CHART_VERSION=10.19.5
 
-helm repo add traefik https://helm.traefik.io/traefik
+helm repo add traefik https://traefik.github.io/charts
 
 helm install traefik \
 traefik/traefik \
---version 10.19.5 \
+--version 21.0.0 \
 --namespace ${ingress_namespace} \
---set image.tag=2.6.6 \
+--set image.tag=2.9.6 \
 --set ports.traefik.expose=true \
 --set ports.web.exposedPort=30305 \
 --set ports.web.nodePort=30305 \