From 114f0ce3d50894fdfe81e1345ea71bff9799bb3e Mon Sep 17 00:00:00 2001
From: Vargha Csongor <Culisa1023@gmail.com>
Date: Sun, 3 Mar 2024 14:03:14 +0100
Subject: [PATCH] Add oci managed terraform + create snet module

---
 oci-managed/main.tf                |  32 +++++++++
 oci-managed/output.tf              |   0
 oci-managed/provider.tf            |  17 +++++
 oci-managed/snet/output.tf         |   0
 oci-managed/snet/security_rules.tf | 108 +++++++++++++++++++++++++++++
 oci-managed/snet/subnets.tf        |  20 ++++++
 oci-managed/snet/variables.tf      |  16 +++++
 oci-managed/variables.tf           |  29 ++++++++
 8 files changed, 222 insertions(+)
 create mode 100644 oci-managed/main.tf
 create mode 100644 oci-managed/output.tf
 create mode 100644 oci-managed/provider.tf
 create mode 100644 oci-managed/snet/output.tf
 create mode 100644 oci-managed/snet/security_rules.tf
 create mode 100644 oci-managed/snet/subnets.tf
 create mode 100644 oci-managed/snet/variables.tf
 create mode 100644 oci-managed/variables.tf

diff --git a/oci-managed/main.tf b/oci-managed/main.tf
new file mode 100644
index 0000000..cf32140
--- /dev/null
+++ b/oci-managed/main.tf
@@ -0,0 +1,32 @@
+
+module "vcn" {
+  source  = "oracle-terraform-modules/vcn/oci"
+  version = "3.6.0"
+
+  compartment_id = var.compartment_ocid
+  region         = var.region
+
+  internet_gateway_route_rules = null
+  local_peering_gateways       = null
+  nat_gateway_route_rules      = null
+
+  vcn_name      = "${var.cluster_name}-${var.environment}-vcn"
+  vcn_dns_label = "${var.cluster_name}${var.environment}vcn"
+  vcn_cidrs     = ["10.0.0.0/16"]
+
+  create_internet_gateway = true
+  create_nat_gateway      = true
+  create_service_gateway  = true
+}
+
+module "snet" {
+  source = "./snet"
+
+  compartment_ocid = var.compartment_ocid
+  cluster_name     = var.cluster_name
+  environment      = var.environment
+
+  vcn_id           = module.vcn.vcn_id
+  vcn_nat_route_id = module.vcn.vcn_nat_route_table_id
+  vcn_ig_route_id  = module.vcn.vcn_ig_route_table_id
+}
diff --git a/oci-managed/output.tf b/oci-managed/output.tf
new file mode 100644
index 0000000..e69de29
diff --git a/oci-managed/provider.tf b/oci-managed/provider.tf
new file mode 100644
index 0000000..b470495
--- /dev/null
+++ b/oci-managed/provider.tf
@@ -0,0 +1,17 @@
+terraform {
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = ">= 5.30.0"
+    }
+  }
+}
+
+provider "oci" {
+  tenancy_ocid         = var.tenancy_ocid
+  user_ocid            = var.user_ocid
+  private_key_path = pathexpand(var.private_key_path)
+  fingerprint          = var.fingerprint
+  region               = var.region
+  retry_duration_seconds = 120
+}
diff --git a/oci-managed/snet/output.tf b/oci-managed/snet/output.tf
new file mode 100644
index 0000000..e69de29
diff --git a/oci-managed/snet/security_rules.tf b/oci-managed/snet/security_rules.tf
new file mode 100644
index 0000000..1cfad95
--- /dev/null
+++ b/oci-managed/snet/security_rules.tf
@@ -0,0 +1,108 @@
+resource "oci_core_security_list" "private_subnet_sl" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = var.vcn_id
+
+  display_name = "${var.cluster_name}-${var.environment}-private-subnet-sl"
+
+  egress_security_rules {
+    stateless        = false
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "all"
+  }
+  
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/16"
+    source_type = "CIDR_BLOCK"
+    protocol    = "all"
+  }
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/24"
+    source_type = "CIDR_BLOCK"
+    protocol    = "6"
+    tcp_options {
+      min = 10256
+      max = 10256
+    }
+  }
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/24"
+    source_type = "CIDR_BLOCK"
+    protocol    = "6"
+    tcp_options {
+      min = 31600
+      max = 31600
+    }
+  }
+}
+
+resource "oci_core_security_list" "public_subnet_sl" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = var.vcn_id
+
+  display_name = "${var.cluster_name}-${var.environment}-public-subnet-sl"
+
+  egress_security_rules {
+    stateless        = false
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "all"
+  }
+  
+  egress_security_rules {
+    stateless        = false
+    destination      = "10.0.1.0/24"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "6"
+    tcp_options {
+      min = 31600
+      max = 31600
+    }
+  }
+
+  egress_security_rules {
+    stateless        = false
+    destination      = "10.0.1.0/24"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "6"
+    tcp_options {
+      min = 10256
+      max = 10256
+    }
+  }
+
+  ingress_security_rules {
+    protocol    = "6"
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    stateless   = false
+
+    tcp_options {
+      max = 80
+      min = 80
+    }
+  } 
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/16"
+    source_type = "CIDR_BLOCK"
+    protocol    = "all"
+  }
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    protocol    = "6"
+    tcp_options {
+      min = 6443
+      max = 6443
+    }
+  }
+}
\ No newline at end of file
diff --git a/oci-managed/snet/subnets.tf b/oci-managed/snet/subnets.tf
new file mode 100644
index 0000000..dc901c4
--- /dev/null
+++ b/oci-managed/snet/subnets.tf
@@ -0,0 +1,20 @@
+resource "oci_core_subnet" "vcn_private_subnet" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = var.vcn_id
+  cidr_block     = "10.0.1.0/24"
+
+  route_table_id             = var.vcn_nat_route_id
+  security_list_ids          = [oci_core_security_list.private_subnet_sl.id]
+  display_name               = "${var.cluster_name}-${var.environment}-private-subnet"
+  prohibit_public_ip_on_vnic = true
+}
+
+resource "oci_core_subnet" "vcn_public_subnet" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = var.vcn_id
+  cidr_block     = "10.0.0.0/24"
+
+  route_table_id    = var.vcn_ig_route_id
+  security_list_ids = [oci_core_security_list.public_subnet_sl.id]
+  display_name      = "${var.cluster_name}-${var.environment}-public-subnet"
+}
diff --git a/oci-managed/snet/variables.tf b/oci-managed/snet/variables.tf
new file mode 100644
index 0000000..0757acc
--- /dev/null
+++ b/oci-managed/snet/variables.tf
@@ -0,0 +1,16 @@
+variable "compartment_ocid" {}
+variable "vcn_id" {}
+variable "vcn_nat_route_id" {
+  type = string
+}
+variable "vcn_ig_route_id" {
+  type = string
+}
+
+variable "cluster_name" {
+  type = string
+}
+
+variable "environment" {
+  default = "prod"
+}
diff --git a/oci-managed/variables.tf b/oci-managed/variables.tf
new file mode 100644
index 0000000..c3b960e
--- /dev/null
+++ b/oci-managed/variables.tf
@@ -0,0 +1,29 @@
+variable "compartment_ocid" {}
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "availability_domain" {}
+variable "my_public_ip_cidr" {}
+variable "cluster_name" {}
+variable "agent_os_image_id" {}
+variable "server_os_image_id" {}
+variable "certmanager_email_address" {}
+variable "region" {}
+variable "public_key_path" {}
+
+variable "k3s_server_pool_size" {
+  default = 2
+}
+variable "k3s_worker_pool_size" {
+  default = 2
+}
+variable "k3s_extra_worker_node" {
+  default = false
+}
+variable "expose_kubeapi" {
+  default = false
+}
+variable "environment" {
+  default = "prod"
+}
\ No newline at end of file