add half done self managed version

.github/workflows/ci.yml

@@ -0,0 +1,40 @@
+name: Terraform CI
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  validate:
+    name: Validate
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./example
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v1
+
+      - name: Run a Terraform init
+        uses: docker://hashicorp/terraform:light
+        with:
+          entrypoint: terraform
+          args: init
+
+      - name: Run a Terraform validate
+        uses: docker://hashicorp/terraform:light
+        with:
+          entrypoint: terraform
+          args: validate
+
+      - name: Run a Terraform fmt
+        uses: docker://hashicorp/terraform:light
+        with:
+          entrypoint: terraform
+          args: fmt  --recursive -check=true --diff ../

.gitignore

@@ -33,3 +33,5 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+*tf.plan
+*.terraform.lock.hcl

self-managed/data.tf

@@ -0,0 +1,85 @@
+resource "random_password" "k3s_token" {
+  length  = 55
+  special = false
+}
+
+data "cloudinit_config" "k3s_server_tpl" {
+  gzip          = true
+  base64_encode = true
+
+  part {
+    content_type = "text/x-shellscript"
+    content = templatefile("${path.module}/files/k3s-install-server.sh", {
+      k3s_version                       = var.k3s_version,
+      k3s_subnet                        = var.k3s_subnet,
+      k3s_token                         = random_password.k3s_token.result,
+      is_k3s_server                     = true,
+      disable_ingress                   = var.disable_ingress,
+      ingress_controller                = var.ingress_controller,
+      nginx_ingress_release             = var.nginx_ingress_release,
+      istio_release                     = var.istio_release,
+      install_certmanager               = var.install_certmanager,
+      certmanager_release               = var.certmanager_release,
+      certmanager_email_address         = var.certmanager_email_address,
+      compartment_ocid                  = var.compartment_ocid,
+      availability_domain               = var.availability_domain,
+      k3s_url                           = oci_load_balancer_load_balancer.k3s_load_balancer.ip_address_details[0].ip_address,
+      k3s_tls_san                       = oci_load_balancer_load_balancer.k3s_load_balancer.ip_address_details[0].ip_address,
+      expose_kubeapi                    = var.expose_kubeapi,
+      k3s_tls_san_public                = local.public_lb_ip[0],
+      argocd_image_updater_release      = var.argocd_image_updater_release,
+      install_argocd_image_updater      = var.install_argocd_image_updater,
+      install_argocd                    = var.install_argocd,
+      argocd_release                    = var.argocd_release,
+      install_longhorn                  = var.install_longhorn,
+      longhorn_release                  = var.longhorn_release,
+      ingress_controller_http_nodeport  = var.ingress_controller_http_nodeport,
+      ingress_controller_https_nodeport = var.ingress_controller_https_nodeport,
+    })
+  }
+}
+
+data "cloudinit_config" "k3s_worker_tpl" {
+  gzip          = true
+  base64_encode = true
+
+  part {
+    content_type = "text/x-shellscript"
+    content = templatefile("${path.module}/files/k3s-install-agent.sh", {
+      k3s_version                       = var.k3s_version,
+      k3s_subnet                        = var.k3s_subnet,
+      k3s_token                         = random_password.k3s_token.result,
+      is_k3s_server                     = false,
+      disable_ingress                   = var.disable_ingress,
+      k3s_url                           = oci_load_balancer_load_balancer.k3s_load_balancer.ip_address_details[0].ip_address,
+      http_lb_port                      = var.http_lb_port,
+      install_longhorn                  = var.install_longhorn,
+      https_lb_port                     = var.https_lb_port,
+      ingress_controller_http_nodeport  = var.ingress_controller_http_nodeport,
+      ingress_controller_https_nodeport = var.ingress_controller_https_nodeport,
+    })
+  }
+}
+
+data "oci_core_instance_pool_instances" "k3s_workers_instances" {
+  compartment_id   = var.compartment_ocid
+  instance_pool_id = oci_core_instance_pool.k3s_workers.id
+}
+
+data "oci_core_instance" "k3s_workers_instances_ips" {
+  count       = var.k3s_worker_pool_size
+  instance_id = data.oci_core_instance_pool_instances.k3s_workers_instances.instances[count.index].id
+}
+
+data "oci_core_instance_pool_instances" "k3s_servers_instances" {
+  depends_on = [
+    oci_core_instance_pool.k3s_servers,
+  ]
+  compartment_id   = var.compartment_ocid
+  instance_pool_id = oci_core_instance_pool.k3s_servers.id
+}
+
+data "oci_core_instance" "k3s_servers_instances_ips" {
+  count       = var.k3s_server_pool_size
+  instance_id = data.oci_core_instance_pool_instances.k3s_servers_instances.instances[count.index].id
+}

self-managed/example/main.tf

@@ -0,0 +1,66 @@
+variable "compartment_ocid" {}
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "availability_domain" {}
+variable "my_public_ip_cidr" {}
+variable "cluster_name" {}
+variable "agent_os_image_id" {}
+variable "server_os_image_id" {}
+variable "certmanager_email_address" {}
+variable "region" {}
+variable "public_key_path" {}
+
+variable "k3s_server_pool_size" {
+  default = 2
+}
+variable "k3s_worker_pool_size" {
+  default = 2
+}
+variable "k3s_extra_worker_node" {
+  default = false
+}
+variable "expose_kubeapi" {
+  default = false
+}
+variable "environment" {
+  default = "prod"
+}
+
+module "k3s_cluster" {
+  # k3s_version               = "v1.23.8+k3s2" # Fix kubectl exec failure
+  # k3s_version               = "v1.24.4+k3s1" # Kubernetes version compatible with longhorn
+  region                    = var.region
+  availability_domain       = var.availability_domain
+  tenancy_ocid              = var.tenancy_ocid
+  compartment_ocid          = var.compartment_ocid
+  my_public_ip_cidr         = var.my_public_ip_cidr
+  cluster_name              = var.cluster_name
+  environment               = var.environment
+  agent_os_image_id         = var.agent_os_image_id
+  server_os_image_id        = var.server_os_image_id
+  certmanager_email_address = var.certmanager_email_address
+  certmanager_release       = "v1.13.3"
+  k3s_server_pool_size      = var.k3s_server_pool_size
+  k3s_worker_pool_size      = var.k3s_worker_pool_size
+  k3s_extra_worker_node     = var.k3s_extra_worker_node
+  expose_kubeapi            = var.expose_kubeapi
+  public_key_path           = var.public_key_path
+  install_longhorn          = false
+  # fault_domains = [ "FAULT-DOMAIN-3" ]
+  ingress_controller = "traefik2"
+  source             = "../"
+}
+
+output "k3s_servers_ips" {
+  value = module.k3s_cluster.k3s_servers_ips
+}
+
+output "k3s_workers_ips" {
+  value = module.k3s_cluster.k3s_workers_ips
+}
+
+output "public_lb_ip" {
+  value = module.k3s_cluster.public_lb_ip
+}

self-managed/example/provider.tf

@@ -0,0 +1,17 @@
+terraform {
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = ">= 4.64.0"
+    }
+  }
+}
+
+provider "oci" {
+  tenancy_ocid         = var.tenancy_ocid
+  user_ocid            = var.user_ocid
+  private_key_path = pathexpand(var.private_key_path)
+  fingerprint          = var.fingerprint
+  region               = var.region
+  retry_duration_seconds = 120
+}