feat: New example with basic usage of the module (#5)

.gitignore

@@ -13,6 +13,7 @@ crash.log
 # version control.
 #
 # example.tfvars
+terraform.tfvars
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in

.pre-commit-config.yaml

@@ -53,10 +53,10 @@ repos:
           --soft-fail,
           --skip-check, "CKV_OCI_4,CKV_OCI_5"
         ]
--   repo: https://github.com/tenable/terrascan
-    rev: v1.19.1
-    hooks:
-      - id: terraform-pre-commit
-        args: [ '-i terraform --non-recursive' ]
-        files: ^.*\.tf$
-        exclude: ^\.github/.*  # Exclude the .github directory
+# -   repo: https://github.com/tenable/terrascan
+#     rev: v1.19.1
+#     hooks:
+#       - id: terraform-pre-commit
+#         args: [ '-i terraform --non-recursive' ]
+#         files: ^.*\.tf$
+#         exclude: ^\.github/.*  # Exclude the .github directory

README.md

@@ -10,21 +10,33 @@ Terraform module to provision infrastructure used to create free Kubernetes clus
 
 ## Usage
 
-1. Initialize Terraform:
+1. Authenticate to Oracle Cloud:
+
+```bash
+oci session authenticate --region eu-frankfurt-1 --profile-name k8s-oci
+```
+
+Token can be later refreshed by command:
+
+```bash
+oci session refresh --profile k8s-oci
+```
+
+2. Initialize Terraform:
 
 ```bash
 cd examples/basic
 terraform init
 ```
 
-2. Prepare file with variables values:
+3. Prepare file with variables values:
 
 ```bash
 cp example.tfvars terraform.tfvars
 vi terraform.tfvars
 ```
 
-3. Apply code for infrastructure:
+4. Apply code for infrastructure:
 
 ```bash
 terraform apply

examples/basic/README.md

@@ -0,0 +1,51 @@
+# Basic example
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_http"></a> [http](#requirement\_http) | ~> 3.4.4 |
+| <a name="requirement_oci"></a> [oci](#requirement\_oci) | ~> 6.8.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_http"></a> [http](#provider\_http) | ~> 3.4.4 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_infra_k8s_oracle_cloud"></a> [infra\_k8s\_oracle\_cloud](#module\_infra\_k8s\_oracle\_cloud) | ../../ | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [http_http.this](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_availability_domains"></a> [availability\_domains](#input\_availability\_domains) | Availability domains in which instances are going to be created | `list(number)` | <pre>[<br>  1,<br>  1<br>]</pre> | no |
+| <a name="input_compartment_id"></a> [compartment\_id](#input\_compartment\_id) | Compartment ID | `string` | n/a | yes |
+| <a name="input_egress_security_rules"></a> [egress\_security\_rules](#input\_egress\_security\_rules) | Egress security rules | `list(map(string))` | <pre>[<br>  {<br>    "description": "Allow all outgoing traffic",<br>    "destination": "0.0.0.0/0",<br>    "destination_type": "CIDR_BLOCK",<br>    "protocol": "all"<br>  }<br>]</pre> | no |
+| <a name="input_id_rsa"></a> [id\_rsa](#input\_id\_rsa) | Path to SSH public key | `string` | `"~/.ssh/id_rsa.pub"` | no |
+| <a name="input_ingress_security_rules"></a> [ingress\_security\_rules](#input\_ingress\_security\_rules) | Ingress security rules | `list(map(string))` | <pre>[<br>  {<br>    "description": "Allow all for SSH",<br>    "port": 22,<br>    "protocol": 6,<br>    "source": "0.0.0.0/0",<br>    "source_type": "CIDR_BLOCK"<br>  },<br>  {<br>    "description": "Allow all for HTTP",<br>    "port": 80,<br>    "protocol": 6,<br>    "source": "0.0.0.0/0",<br>    "source_type": "CIDR_BLOCK"<br>  },<br>  {<br>    "description": "Allow all for HTTPS",<br>    "port": 443,<br>    "protocol": 6,<br>    "source": "0.0.0.0/0",<br>    "source_type": "CIDR_BLOCK"<br>  },<br>  {<br>    "description": "Allow all for ICMP",<br>    "icmp_code": 4,<br>    "icmp_type": 3,<br>    "protocol": 1,<br>    "source": "0.0.0.0/0",<br>    "source_type": "CIDR_BLOCK"<br>  }<br>]</pre> | no |
+| <a name="input_instance_count"></a> [instance\_count](#input\_instance\_count) | Number of instances to create | `number` | `2` | no |
+| <a name="input_region"></a> [region](#input\_region) | Oracle Cloud region | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_availability_domain"></a> [availability\_domain](#output\_availability\_domain) | availability domain |
+| <a name="output_compute_instances"></a> [compute\_instances](#output\_compute\_instances) | names and IPs of created instances |
+| <a name="output_lb_public_ip"></a> [lb\_public\_ip](#output\_lb\_public\_ip) | public IPs of LB |
+| <a name="output_subnet_cidr"></a> [subnet\_cidr](#output\_subnet\_cidr) | CIDR block of the core subnet |
+| <a name="output_vcn_cidr"></a> [vcn\_cidr](#output\_vcn\_cidr) | CIDR block of the core VCN |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/basic/example.tfvars

@@ -0,0 +1,2 @@
+region         = "YOUR_REGION"
+compartment_id = "YOUR_COMPARTMENT_ID"

examples/basic/main.tf

@@ -0,0 +1,15 @@
+data "http" "this" {
+  url = "https://ifconfig.me"
+}
+
+module "infra_k8s_oracle_cloud" {
+  source = "../../"
+
+  compartment_id         = var.compartment_id
+  id_rsa_pub             = try(file(var.id_rsa), null)
+  instance_count         = var.instance_count
+  availability_domains   = var.availability_domains
+  egress_security_rules  = var.egress_security_rules
+  ingress_security_rules = var.ingress_security_rules
+  my_public_ip           = "${data.http.this.response_body}/32"
+}

examples/basic/outputs.tf

@@ -0,0 +1,54 @@
+output "availability_domain" {
+  description = "availability domain"
+  value       = module.infra_k8s_oracle_cloud.availability_domain
+}
+
+# output "vcn_state" {
+#   description = "the state of the VCN"
+#   value       = module.infra_k8s_oracle_cloud.vcn_state
+# }
+
+output "vcn_cidr" {
+  description = "CIDR block of the core VCN"
+  value       = module.infra_k8s_oracle_cloud.vcn_cidr
+}
+
+# output "vcn_id" {
+#   description = "ID of the core VCN"
+#   value       = module.infra_k8s_oracle_cloud.vcn_id
+# }
+
+# output "subnet_state" {
+#   description = "the state of the subnet"
+#   value       = module.infra_k8s_oracle_cloud.subnet_state
+# }
+
+# output "subnet_id" {
+#   description = "ID of the core subnet"
+#   value       = module.infra_k8s_oracle_cloud.subnet_id
+# }
+
+output "subnet_cidr" {
+  description = "CIDR block of the core subnet"
+  value       = module.infra_k8s_oracle_cloud.subnet_cidr
+}
+
+# output "compute_instances_public_ip" {
+#   description = "public IPs of created nodes"
+#   value       = module.infra_k8s_oracle_cloud.compute_instances_public_ip
+# }
+
+output "compute_instances" {
+  value       = module.infra_k8s_oracle_cloud.compute_instances
+  description = "names and IPs of created instances"
+}
+
+# output "compute_image" {
+#   description = "image used for compute instances"
+#   value       = module.infra_k8s_oracle_cloud.oci_ubuntu_images
+# }
+
+output "lb_public_ip" {
+  description = "public IPs of LB"
+  value       = module.infra_k8s_oracle_cloud.lb_public_ip
+}

examples/basic/variables.tf

@@ -0,0 +1,109 @@
+variable "region" {
+  description = "Oracle Cloud region"
+  type        = string
+}
+
+variable "compartment_id" {
+  description = "Compartment ID"
+  type        = string
+}
+
+variable "id_rsa" {
+  description = "Path to SSH public key"
+  type        = string
+  default     = "~/.ssh/id_rsa.pub"
+}
+
+variable "instance_count" {
+  description = "Number of instances to create"
+  type        = number
+  default     = 2
+}
+
+variable "availability_domains" {
+  description = "Availability domains in which instances are going to be created"
+  type        = list(number)
+  default     = [1, 1]
+}
+
+variable "egress_security_rules" {
+  description = "Egress security rules"
+  type        = list(map(string))
+  default = [{
+    destination      = "0.0.0.0/0"
+    protocol         = "all"
+    destination_type = "CIDR_BLOCK"
+    description      = "Allow all outgoing traffic"
+  }]
+  validation {
+    condition     = (length(var.egress_security_rules) > 0 && anytrue([for rule in var.egress_security_rules : rule["destination"] == "0.0.0.0/0"]))
+    error_message = "At least 1 rule should be defined for 0.0.0.0/0 destination."
+  }
+  validation {
+    condition     = (length(var.egress_security_rules) > 0 && alltrue([for rule in var.egress_security_rules : can(rule["protocol"])]))
+    error_message = "Every item in the egress security rules has to contain procotol."
+  }
+  validation {
+    condition     = (length(var.egress_security_rules) > 0 && alltrue([for rule in var.egress_security_rules : can(rule["destination"])]))
+    error_message = "Every item in the egress security rules has to contain destination."
+  }
+  validation {
+    condition     = (length(var.egress_security_rules) > 0 && alltrue([for rule in var.egress_security_rules : can(rule["destination_type"])]))
+    error_message = "Every item in the egress security rules has to contain destination_type."
+  }
+  validation {
+    condition     = (length(var.egress_security_rules) > 0 && alltrue([for rule in var.egress_security_rules : can(rule["description"])]))
+    error_message = "Every item in the egress security rules has to contain description."
+  }
+}
+
+variable "ingress_security_rules" {
+  description = "Ingress security rules"
+  type        = list(map(string))
+  default = [{
+    protocol    = 6
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    description = "Allow all for SSH"
+    port        = 22
+    }, {
+    protocol    = 6
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    description = "Allow all for HTTP"
+    port        = 80
+    }, {
+    protocol    = 6
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    description = "Allow all for HTTPS"
+    port        = 443
+    }, {
+    protocol    = 1
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    description = "Allow all for ICMP"
+    icmp_type   = 3
+    icmp_code   = 4
+  }]
+  validation {
+    condition     = (length(var.ingress_security_rules) > 0 && anytrue([for rule in var.ingress_security_rules : rule["source"] == "0.0.0.0/0"]))
+    error_message = "At least 1 rule should be defined for 0.0.0.0/0 source."
+  }
+  validation {
+    condition     = (length(var.ingress_security_rules) > 0 && alltrue([for rule in var.ingress_security_rules : can(rule["protocol"])]))
+    error_message = "Every item in the ingress security rules has to contain procotol."
+  }
+  validation {
+    condition     = (length(var.ingress_security_rules) > 0 && alltrue([for rule in var.ingress_security_rules : can(rule["source"])]))
+    error_message = "Every item in the ingress security rules has to contain source."
+  }
+  validation {
+    condition     = (length(var.ingress_security_rules) > 0 && alltrue([for rule in var.ingress_security_rules : can(rule["source_type"])]))
+    error_message = "Every item in the ingress security rules has to contain source_type."
+  }
+  validation {
+    condition     = (length(var.ingress_security_rules) > 0 && alltrue([for rule in var.ingress_security_rules : can(rule["description"])]))
+    error_message = "Every item in the ingress security rules has to contain description."
+  }
+}

examples/basic/versions.tf

@@ -0,0 +1,21 @@
+terraform {
+  required_version = ">= 1.3.0"
+
+  required_providers {
+    oci = {
+      source  = "hashicorp/oci"
+      version = "~> 6.8.0"
+    }
+
+    http = {
+      source  = "hashicorp/http"
+      version = "~> 3.4.4"
+    }
+  }
+}
+
+provider "oci" {
+  region              = var.region
+  auth                = "SecurityToken"
+  config_file_profile = "k8s-oci"
+}