Allow VCN CIDR to be optional parameter. Resolves #77.

docs/input-variables.md

@@ -34,12 +34,14 @@ The following input variables are used to configure the inbound security rules o
 
 name                                | default                 | description
 ------------------------------------|-------------------------|------------
-etcd_cluster_ingress                | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access the etcd cluster
-etcd_ssh_ingress                    | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to SSH to etcd nodes
-master_ssh_ingress                  | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access the master(s)
-master_https_ingress                | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access the HTTPs port on the master(s)
-worker_ssh_ingress                  | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to SSH to worker(s)
-worker_nodeport_ingress             | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access NodePorts (30000-32767) on the worker(s)
+network_cidrs                       | See map in variables.tf | A CIDR notation IP range of the VCN and its subnets.
+etcd_cluster_ingress                | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access the etcd cluster. Must be a subset of the VCN CIDR.
+etcd_ssh_ingress                    | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to SSH to etcd nodes. Must be a subset of the VCN CIDR.
+master_ssh_ingress                  | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access the master(s). Must be a subset of the VCN CIDR.
+master_https_ingress                | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access the HTTPs port on the master(s). Must be a subset of the VCN CIDR.
+worker_ssh_ingress                  | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to SSH to worker(s). Must be a subset of the VCN CIDR.
+worker_nodeport_ingress             | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access NodePorts (30000-32767) on the worker(s). Must be a subset of the VCN CIDR.
+
 
 #### _Private_ Network Access
 

k8s-oci.tf

@@ -29,6 +29,7 @@ module "vcn" {
   etcd_cluster_ingress                    = "${var.etcd_cluster_ingress}"
   master_ssh_ingress                      = "${var.master_ssh_ingress}"
   master_https_ingress                    = "${var.master_https_ingress}"
+  network_cidrs                           = "${var.network_cidrs}"
   public_subnet_ssh_ingress               = "${var.public_subnet_ssh_ingress}"
   public_subnet_http_ingress              = "${var.public_subnet_http_ingress}"
   public_subnet_https_ingress             = "${var.public_subnet_https_ingress}"

network/vcn/subnets.tf

@@ -4,7 +4,7 @@ resource "oci_core_subnet" "PublicSubnetAD1" {
   # Provisioned only when k8s instances are in private subnets
   count               = "${var.control_plane_subnet_access == "private" ? "1" : "0"}"
   availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
-  cidr_block          = "10.0.10.0/24"
+  cidr_block          = "${lookup(var.network_cidrs, "PublicSubnetAD1")}"
   display_name        = "${var.label_prefix}publicSubnetAD1"
   compartment_id      = "${var.compartment_ocid}"
   vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
@@ -16,7 +16,7 @@ resource "oci_core_subnet" "PublicSubnetAD1" {
 resource "oci_core_subnet" "PublicSubnetAD2" {
   count               = "${var.control_plane_subnet_access == "private" ? "1" : "0"}"
   availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[1],"name")}"
-  cidr_block          = "10.0.11.0/24"
+  cidr_block          = "${lookup(var.network_cidrs, "PublicSubnetAD2")}"
   display_name        = "${var.label_prefix}publicSubnetAD2"
   compartment_id      = "${var.compartment_ocid}"
   vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
@@ -28,7 +28,7 @@ resource "oci_core_subnet" "PublicSubnetAD2" {
 resource "oci_core_subnet" "PublicSubnetAD3" {
   count               = "${var.control_plane_subnet_access == "private" ? "1" : "0"}"
   availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[2],"name")}"
-  cidr_block          = "10.0.12.0/24"
+  cidr_block          = "${lookup(var.network_cidrs, "PublicSubnetAD3")}"
   display_name        = "${var.label_prefix}publicSubnetAD3"
   compartment_id      = "${var.compartment_ocid}"
   vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
@@ -39,7 +39,7 @@ resource "oci_core_subnet" "PublicSubnetAD3" {
 
 resource "oci_core_subnet" "etcdSubnetAD1" {
   availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
-  cidr_block          = "10.0.20.0/24"
+  cidr_block          = "${lookup(var.network_cidrs, "etcdSubnetAD1")}"
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD1"
   dns_label           = "etcdsubnet1"
@@ -58,7 +58,7 @@ resource "oci_core_subnet" "etcdSubnetAD1" {
 
 resource "oci_core_subnet" "etcdSubnetAD2" {
   availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[1],"name")}"
-  cidr_block          = "10.0.21.0/24"
+  cidr_block          = "${lookup(var.network_cidrs, "etcdSubnetAD2")}"
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD2"
   dns_label           = "etcdsubnet2"
@@ -77,7 +77,7 @@ resource "oci_core_subnet" "etcdSubnetAD2" {
 
 resource "oci_core_subnet" "etcdSubnetAD3" {
   availability_domain = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[2],"name")}"
-  cidr_block          = "10.0.22.0/24"
+  cidr_block          = "${lookup(var.network_cidrs, "etcdSubnetAD3")}"
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD3"
   dns_label           = "etcdsubnet3"
@@ -96,7 +96,7 @@ resource "oci_core_subnet" "etcdSubnetAD3" {
 
 resource "oci_core_subnet" "k8sMasterSubnetAD1" {
   availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
-  cidr_block                 = "10.0.30.0/24"
+  cidr_block                 = "${lookup(var.network_cidrs, "masterSubnetAD1")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD1"
   dns_label                  = "k8smasterad1"
@@ -113,7 +113,7 @@ resource "oci_core_subnet" "k8sMasterSubnetAD1" {
 
 resource "oci_core_subnet" "k8sMasterSubnetAD2" {
   availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[1],"name")}"
-  cidr_block                 = "10.0.31.0/24"
+  cidr_block                 = "${lookup(var.network_cidrs, "masterSubnetAD2")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD2"
   dns_label                  = "k8smasterad2"
@@ -130,7 +130,7 @@ resource "oci_core_subnet" "k8sMasterSubnetAD2" {
 
 resource "oci_core_subnet" "k8sMasterSubnetAD3" {
   availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[2],"name")}"
-  cidr_block                 = "10.0.32.0/24"
+  cidr_block                 = "${lookup(var.network_cidrs, "masterSubnetAD3")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD3"
   dns_label                  = "k8smasterad3"
@@ -147,7 +147,7 @@ resource "oci_core_subnet" "k8sMasterSubnetAD3" {
 
 resource "oci_core_subnet" "k8sWorkerSubnetAD1" {
   availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
-  cidr_block                 = "10.0.40.0/24"
+  cidr_block                 = "${lookup(var.network_cidrs, "workerSubnetAD1")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD1"
   dns_label                  = "k8sworkerad1"
@@ -164,7 +164,7 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD1" {
 
 resource "oci_core_subnet" "k8sWorkerSubnetAD2" {
   availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[1],"name")}"
-  cidr_block                 = "10.0.41.0/24"
+  cidr_block                 = "${lookup(var.network_cidrs, "workerSubnetAD2")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD2"
   dns_label                  = "k8sworkerad2"
@@ -181,7 +181,7 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD2" {
 
 resource "oci_core_subnet" "k8sWorkerSubnetAD3" {
   availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[2],"name")}"
-  cidr_block                 = "10.0.42.0/24"
+  cidr_block                 = "${lookup(var.network_cidrs, "workerSubnetAD3")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD3"
   dns_label                  = "k8sworkerad3"
@@ -201,7 +201,7 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD3" {
 
 resource "oci_core_subnet" "k8sCCMLBSubnetAD1" {
   availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
-  cidr_block                 = "10.0.50.0/24"
+  cidr_block                 = "${lookup(var.network_cidrs, "k8sCCMLBSubnetAD1")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}PublicK8SCCMLBSubnetAD1"
   dns_label                  = "k8sccmlbad1"
@@ -218,7 +218,7 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD1" {
 
 resource "oci_core_subnet" "k8sCCMLBSubnetAD2" {
   availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[1],"name")}"
-  cidr_block                 = "10.0.51.0/24"
+  cidr_block                 = "${lookup(var.network_cidrs, "k8sCCMLBSubnetAD2")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}PublicK8SCCMLBSubnetAD2"
   dns_label                  = "k8sccmlbad2"
@@ -235,7 +235,7 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD2" {
 
 resource "oci_core_subnet" "k8sCCMLBSubnetAD3" {
   availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[2],"name")}"
-  cidr_block                 = "10.0.52.0/24"
+  cidr_block                 = "${lookup(var.network_cidrs, "k8sCCMLBSubnetAD3")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}PublicK8SCCMLBSubnetAD3"
   dns_label                  = "k8sccmlbad3"

network/vcn/variables.tf

@@ -1,3 +1,26 @@
+variable "network_cidrs" {
+  type = "map"
+
+  default = {
+    VCN-CIDR          = "10.0.0.0/16"
+    PublicSubnetAD1   = "10.0.10.0/24"
+    PublicSubnetAD2   = "10.0.11.0/24"
+    PublicSubnetAD3   = "10.0.12.0/24"
+    etcdSubnetAD1     = "10.0.20.0/24"
+    etcdSubnetAD2     = "10.0.21.0/24"
+    etcdSubnetAD3     = "10.0.22.0/24"
+    masterSubnetAD1   = "10.0.30.0/24"
+    masterSubnetAD2   = "10.0.31.0/24"
+    masterSubnetAD3   = "10.0.32.0/24"
+    workerSubnetAD1   = "10.0.40.0/24"
+    workerSubnetAD2   = "10.0.41.0/24"
+    workerSubnetAD3   = "10.0.42.0/24"
+    k8sCCMLBSubnetAD1 = "10.0.50.0/24"
+    k8sCCMLBSubnetAD2 = "10.0.51.0/24"
+    k8sCCMLBSubnetAD3 = "10.0.52.0/24"
+  }
+}
+
 variable "tenancy_ocid" {}
 
 variable "control_plane_subnet_access" {
@@ -34,14 +57,6 @@ variable "label_prefix" {
 variable "compartment_ocid" {}
 variable "vcn_dns_name" {}
 
-variable "ingress_cidrs" {
-  type = "map"
-
-  default = {
-    VPC-CIDR = "10.0.0.0/16"
-  }
-}
-
 # Security lists
 
 variable "bmc_ingress_cidrs" {

network/vcn/vcn.tf

@@ -1,5 +1,5 @@
 resource "oci_core_virtual_network" "CompleteVCN" {
-  cidr_block     = "${lookup(var.ingress_cidrs, "VPC-CIDR")}"
+  cidr_block     = "${lookup(var.network_cidrs, "VCN-CIDR")}"
   compartment_id = "${var.compartment_ocid}"
   display_name   = "${var.label_prefix}${var.vcn_dns_name}"
   dns_label      = "${var.vcn_dns_name}"

variables.tf

@@ -3,6 +3,28 @@ variable "tenancy_ocid" {}
 
 variable "compartment_ocid" {}
 
+variable "network_cidrs" {
+  type = "map"
+  default = {
+    VCN-CIDR          = "10.0.0.0/16"
+    PublicSubnetAD1   = "10.0.10.0/24"
+    PublicSubnetAD2   = "10.0.11.0/24"
+    PublicSubnetAD3   = "10.0.12.0/24"
+    etcdSubnetAD1     = "10.0.20.0/24"
+    etcdSubnetAD2     = "10.0.21.0/24"
+    etcdSubnetAD3     = "10.0.22.0/24"
+    masterSubnetAD1   = "10.0.30.0/24"
+    masterSubnetAD2   = "10.0.31.0/24"
+    masterSubnetAD3   = "10.0.32.0/24"
+    workerSubnetAD1   = "10.0.40.0/24"
+    workerSubnetAD2   = "10.0.41.0/24"
+    workerSubnetAD3   = "10.0.42.0/24"
+    k8sCCMLBSubnetAD1 = "10.0.50.0/24"
+    k8sCCMLBSubnetAD2 = "10.0.51.0/24"
+    k8sCCMLBSubnetAD3 = "10.0.52.0/24"
+  }
+}
+
 variable "domain_name" {
   default = "k8sbmcs.oraclevcn.com"
 }
@@ -361,9 +383,11 @@ variable "flannel_backend" {
 variable "cloud_controller_user_ocid" {
   default = ""
 }
+
 variable "cloud_controller_user_fingerprint" {
   default = ""
 }
+
 variable "cloud_controller_user_private_key_path" {
   default = ""
 }