Skip to content
This repository has been archived by the owner on Oct 31, 2019. It is now read-only.

Allow VCN CIDR to be optional parameter #77

Closed
j0nr33v3 opened this issue Jan 2, 2018 · 4 comments
Closed

Allow VCN CIDR to be optional parameter #77

j0nr33v3 opened this issue Jan 2, 2018 · 4 comments
Assignees
@j0nr33v3 @jlamillan

Comments

@j0nr33v3
Copy link
Contributor

j0nr33v3 commented Jan 2, 2018

Create an optional parameter for VCN CIDR for the created VCN.

This would give users more flexibility to leverage VCN peering which requires non-overlapping VCN CIDRs.
@jlamillan
Copy link
Contributor

jlamillan commented Jan 4, 2018
edited

This is probably trickier to implement than one might think at first blush since each subnet has its own CIDR block, which needs to be a subset of the VCN CIDR.

If we allow for arbitrary VCN CIDRs, each subnet will go from a known CIDR to having to dynamically calculate it by divide up the VCN's address range.

Not impossible, though ;)

@jlamillan
Copy link
Contributor

Alternatively, instead of allowing the user to override a single vcn_cidr variable and leaving it to Terraform to make sense of, we could define a combined map variable that contains the default values for all the CIDRs in the network - the VCN and all the subnets.

This would give the user complete control over the address space in the VCN, while still providing a sensible default e.g. :

variable "network_cidrs" {
type = "map"
default = {
 VCN-CIDR = "10.0.0.0/16"
 etcdSubnetAD1  =  "10.0.20.0/24"
 etcdSubnetAD2  =  "10.0.21.0/24"
 etcdSubnetAD3  =  "10.0.21.0/24"
 masterSubnetAD1 =  "10.0.30.0/24"
 masterSubnetAD2 =  "10.0.31.0/24"
 masterSubnetAD3 =  "10.0.32.0/24"
 workerSubnetAD1 =  "10.0.40.0/24"
 workerSubnetAD2 =  "10.0.41.0/24"
 workerSubnetAD3 =  "10.0.42.0/24"
...
}

@j0nr33v3
Copy link
Contributor Author

j0nr33v3 commented Jan 4, 2018 via email

@jlamillan jlamillan mentioned this issue Jan 4, 2018
Open
@jlamillan
Copy link
Contributor

FYI, this is would be the new default map:

variable "network_cidrs" {
  type = "map"
  default = {
    VCN-CIDR = "10.0.0.0/16"
    PublicSubnetAD1 = "10.0.10.0/24"
    PublicSubnetAD2 = "10.0.11.0/24"
    PublicSubnetAD3 = "10.0.12.0/24"
    etcdSubnetAD1 = "10.0.20.0/24"
    etcdSubnetAD2 = "10.0.21.0/24"
    etcdSubnetAD3 = "10.0.22.0/24"
    masterSubnetAD1 = "10.0.30.0/24"
    masterSubnetAD2 = "10.0.31.0/24"
    masterSubnetAD3 = "10.0.32.0/24"
    workerSubnetAD1 = "10.0.40.0/24"
    workerSubnetAD2 = "10.0.41.0/24"
    workerSubnetAD3 = "10.0.42.0/24"
    k8sCCMLBSubnetAD1 = "10.0.50.0/24"
    k8sCCMLBSubnetAD2 = "10.0.51.0/24"
    k8sCCMLBSubnetAD3 = "10.0.52.0/24"
  }
}

The trick is that the address ranges (CIDRs) in the security lists, which are also defined in input variables, also need to mach this.

For example, if a user overrode network_cidrs to something like:

variable "network_cidrs" {
  type = "map"
  default = {
    VCN-CIDR = "192.168.0.0/16"
    PublicSubnetAD1 = "192.168.10.0/24"
    PublicSubnetAD2 = "192.168.11.0/24"
    PublicSubnetAD3 = "192.168.12.0/24"
    etcdSubnetAD1 = "192.168.20.0/24"
    etcdSubnetAD2 = "192.168.21.0/24"
    etcdSubnetAD3 = "192.168.22.0/24"
    masterSubnetAD1 = "192.168.30.0/24"
    masterSubnetAD2 = "192.168.31.0/24"
    masterSubnetAD3 = "192.168.32.0/24"
    workerSubnetAD1 = "192.168.40.0/24"
    workerSubnetAD2 = "192.168.41.0/24"
    workerSubnetAD3 = "192.168.42.0/24"
    k8sCCMLBSubnetAD1 = "192.168.50.0/24"
    k8sCCMLBSubnetAD2 = "192.168.51.0/24"
    k8sCCMLBSubnetAD3 = "192.168.52.0/24"
  }
}

Then, defaults like the following would become a problem unless the user was careful to override them e.g.

etcd_cluster_ingress = 10.0.0.0/16
worker_ssh_ingress = 10.0.0.0/16

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@j0nr33v3 j0nr33v3

@jlamillan jlamillan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@j0nr33v3 @jlamillan