Add oci managed terraform + create snet module

oci-managed/main.tf

@@ -0,0 +1,32 @@
+
+module "vcn" {
+  source  = "oracle-terraform-modules/vcn/oci"
+  version = "3.6.0"
+
+  compartment_id = var.compartment_ocid
+  region         = var.region
+
+  internet_gateway_route_rules = null
+  local_peering_gateways       = null
+  nat_gateway_route_rules      = null
+
+  vcn_name      = "${var.cluster_name}-${var.environment}-vcn"
+  vcn_dns_label = "${var.cluster_name}${var.environment}vcn"
+  vcn_cidrs     = ["10.0.0.0/16"]
+
+  create_internet_gateway = true
+  create_nat_gateway      = true
+  create_service_gateway  = true
+}
+
+module "snet" {
+  source = "./snet"
+
+  compartment_ocid = var.compartment_ocid
+  cluster_name     = var.cluster_name
+  environment      = var.environment
+
+  vcn_id           = module.vcn.vcn_id
+  vcn_nat_route_id = module.vcn.vcn_nat_route_table_id
+  vcn_ig_route_id  = module.vcn.vcn_ig_route_table_id
+}

oci-managed/provider.tf

@@ -0,0 +1,17 @@
+terraform {
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = ">= 5.30.0"
+    }
+  }
+}
+
+provider "oci" {
+  tenancy_ocid         = var.tenancy_ocid
+  user_ocid            = var.user_ocid
+  private_key_path = pathexpand(var.private_key_path)
+  fingerprint          = var.fingerprint
+  region               = var.region
+  retry_duration_seconds = 120
+}

oci-managed/snet/security_rules.tf

@@ -0,0 +1,108 @@
+resource "oci_core_security_list" "private_subnet_sl" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = var.vcn_id
+
+  display_name = "${var.cluster_name}-${var.environment}-private-subnet-sl"
+
+  egress_security_rules {
+    stateless        = false
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "all"
+  }
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/16"
+    source_type = "CIDR_BLOCK"
+    protocol    = "all"
+  }
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/24"
+    source_type = "CIDR_BLOCK"
+    protocol    = "6"
+    tcp_options {
+      min = 10256
+      max = 10256
+    }
+  }
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/24"
+    source_type = "CIDR_BLOCK"
+    protocol    = "6"
+    tcp_options {
+      min = 31600
+      max = 31600
+    }
+  }
+}
+
+resource "oci_core_security_list" "public_subnet_sl" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = var.vcn_id
+
+  display_name = "${var.cluster_name}-${var.environment}-public-subnet-sl"
+
+  egress_security_rules {
+    stateless        = false
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "all"
+  }
+
+  egress_security_rules {
+    stateless        = false
+    destination      = "10.0.1.0/24"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "6"
+    tcp_options {
+      min = 31600
+      max = 31600
+    }
+  }
+
+  egress_security_rules {
+    stateless        = false
+    destination      = "10.0.1.0/24"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "6"
+    tcp_options {
+      min = 10256
+      max = 10256
+    }
+  }
+
+  ingress_security_rules {
+    protocol    = "6"
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    stateless   = false
+
+    tcp_options {
+      max = 80
+      min = 80
+    }
+  } 
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/16"
+    source_type = "CIDR_BLOCK"
+    protocol    = "all"
+  }
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    protocol    = "6"
+    tcp_options {
+      min = 6443
+      max = 6443
+    }
+  }
+}

oci-managed/snet/subnets.tf

@@ -0,0 +1,20 @@
+resource "oci_core_subnet" "vcn_private_subnet" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = var.vcn_id
+  cidr_block     = "10.0.1.0/24"
+
+  route_table_id             = var.vcn_nat_route_id
+  security_list_ids          = [oci_core_security_list.private_subnet_sl.id]
+  display_name               = "${var.cluster_name}-${var.environment}-private-subnet"
+  prohibit_public_ip_on_vnic = true
+}
+
+resource "oci_core_subnet" "vcn_public_subnet" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = var.vcn_id
+  cidr_block     = "10.0.0.0/24"
+
+  route_table_id    = var.vcn_ig_route_id
+  security_list_ids = [oci_core_security_list.public_subnet_sl.id]
+  display_name      = "${var.cluster_name}-${var.environment}-public-subnet"
+}

oci-managed/snet/variables.tf

@@ -0,0 +1,16 @@
+variable "compartment_ocid" {}
+variable "vcn_id" {}
+variable "vcn_nat_route_id" {
+  type = string
+}
+variable "vcn_ig_route_id" {
+  type = string
+}
+
+variable "cluster_name" {
+  type = string
+}
+
+variable "environment" {
+  default = "prod"
+}

oci-managed/variables.tf

@@ -0,0 +1,29 @@
+variable "compartment_ocid" {}
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "availability_domain" {}
+variable "my_public_ip_cidr" {}
+variable "cluster_name" {}
+variable "agent_os_image_id" {}
+variable "server_os_image_id" {}
+variable "certmanager_email_address" {}
+variable "region" {}
+variable "public_key_path" {}
+
+variable "k3s_server_pool_size" {
+  default = 2
+}
+variable "k3s_worker_pool_size" {
+  default = 2
+}
+variable "k3s_extra_worker_node" {
+  default = false
+}
+variable "expose_kubeapi" {
+  default = false
+}
+variable "environment" {
+  default = "prod"
+}