Merge pull request #77 from hyder/calico

hyder · web-flow · commit 05035e502aef · 2019-09-17T19:47:48.000+10:00
update for calico 3.9
diff --git a/docs/terraformoptions.adoc b/docs/terraformoptions.adoc
@@ -474,7 +474,7 @@ Refer to {uri-topology}[topology] for more thorough examples.
 |calico_version
 |Version of {uri-calico}[Calico] to install.
 |
-|3.6
+|3.9
 
 |install_calico
 |Whether to install {uri-calico}[Calico] as {uri-calico-policy}[pod network policy].
diff --git a/modules/oke/calico.tf b/modules/oke/calico.tf
@@ -1,43 +1,43 @@
 ## Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
 ## Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl
 
-#data "template_file" "install_calico" {
-#  template = file("${path.module}/scripts/install_calico.template.sh")
-
-#  vars = {
-#    calico_version     = var.calico.calico_version
-#    number_of_nodes    = var.node_pools.nodepool_topology * var.node_pools.node_pools * var.node_pools.node_pool_quantity_per_subnet
-#    pod_cidr           = var.oke_cluster.cluster_options_kubernetes_network_config_pods_cidr
-#    number_of_replicas = min(20,max((var.node_pools.nodepool_topology * var.node_pools.node_pools * var.node_pools.node_pool_quantity_per_subnet)/200,3))
-#    user_ocid          = var.oke_identity.user_ocid
-#  }
-
-#  count = var.calico.install_calico == true   ? 1 : 0
-#}
-
-#resource null_resource "install_calico" {
-#  connection {
-#    host        = var.oke_bastion.bastion_public_ip
-#    private_key = file(var.oke_ssh_keys.ssh_private_key_path)
-#    timeout     = "40m"
-#    type        = "ssh"
-#    user        = var.oke_bastion.image_operating_system == "Canonical Ubuntu"   ? "ubuntu" : "opc"
-#  }
-
-#  depends_on = ["null_resource.install_kubectl_bastion", "null_resource.write_kubeconfig_bastion"]
-
-#  provisioner "file" {
-#    content     = data.template_file.install_calico[0].rendered
-#    destination = "~/install_calico.sh"
-#  }
-
-#  provisioner "remote-exec" {
-#    inline = [
-#      "chmod +x $HOME/install_calico.sh",
-#      "$HOME/install_calico.sh",
-#      "rm -f $HOME/install_calico.sh"
-#    ]
-#  }
-
-#  count = var.oke_bastion.create_bastion == true  && var.calico.install_calico == true   ? 1 : 0
-#}
+data "template_file" "install_calico" {
+ template = file("${path.module}/scripts/install_calico.template.sh")
+
+ vars = {
+   calico_version     = var.calico.calico_version
+   number_of_nodes    = local.total_nodes
+   pod_cidr           = var.oke_cluster.cluster_options_kubernetes_network_config_pods_cidr
+   number_of_replicas = min(20,max((local.total_nodes)/200,3))
+   user_ocid          = var.oke_identity.user_ocid
+ }
+
+ count = var.calico.install_calico == true   ? 1 : 0
+}
+
+resource null_resource "install_calico" {
+ connection {
+   host        = var.oke_bastion.bastion_public_ip
+   private_key = file(var.oke_ssh_keys.ssh_private_key_path)
+   timeout     = "40m"
+   type        = "ssh"
+   user        = var.oke_bastion.image_operating_system == "Canonical Ubuntu"   ? "ubuntu" : "opc"
+ }
+
+ depends_on = ["null_resource.install_kubectl_bastion", "null_resource.write_kubeconfig_bastion"]
+
+ provisioner "file" {
+   content     = data.template_file.install_calico[0].rendered
+   destination = "~/install_calico.sh"
+ }
+
+ provisioner "remote-exec" {
+   inline = [
+     "chmod +x $HOME/install_calico.sh",
+     "$HOME/install_calico.sh",
+     "rm -f $HOME/install_calico.sh"
+   ]
+ }
+
+ count = var.oke_bastion.create_bastion == true  && var.calico.install_calico == true   ? 1 : 0
+}
diff --git a/modules/oke/datasources.tf b/modules/oke/datasources.tf
@@ -14,3 +14,9 @@ data "oci_containerengine_cluster_option" "k8s_cluster_option" {
   #Required
   cluster_option_id = "all"
 }
+
+data "oci_containerengine_node_pools" "all_node_pools" {
+  compartment_id = var.oke_identity.compartment_ocid
+  cluster_id     = oci_containerengine_cluster.k8s_cluster.id
+  depends_on = ["oci_containerengine_node_pool.nodepools"]
+}
diff --git a/modules/oke/locals.tf b/modules/oke/locals.tf
@@ -9,5 +9,14 @@ locals {
   available_kubernetes_versions = data.oci_containerengine_cluster_option.k8s_cluster_option.kubernetes_versions
   num_kubernetes_versions       = length(local.available_kubernetes_versions)
   kubernetes_version            = var.oke_cluster.cluster_kubernetes_version == "LATEST" ? element(sort(local.available_kubernetes_versions), (local.num_kubernetes_versions - 1)) : var.oke_cluster.cluster_kubernetes_version
-}
 
+  node_pools_size_list =  [
+    for node_pool in data.oci_containerengine_node_pools.all_node_pools.node_pools:
+      node_pool.node_config_details[0].size
+  ]
+  
+  # workaround for summing a list of numbers: https://github.com/hashicorp/terraform/issues/17239
+  total_nodes = length(flatten([
+    for nodes in local.node_pools_size_list : range(nodes)
+  ]))
+}
diff --git a/modules/oke/scripts/install_calico.template.sh b/modules/oke/scripts/install_calico.template.sh
@@ -8,17 +8,17 @@ cd calico
 
 kubectl create clusterrolebinding clusteradminrole --clusterrole=cluster-admin --user=${user_ocid}
 
-curl https://docs.projectcalico.org/v${calico_version}/getting-started/kubernetes/installation/hosted/kubernetes-datastore/policy-only/1.7/calico.yaml -O
+curl https://docs.projectcalico.org/v${calico_version}/manifests/calico-policy-only.yaml -O
 
-sed -i -e "s?192.168.0.0/16?${pod_cidr}?g" calico.yaml
+sed -i -e "s?192.168.0.0/16?${pod_cidr}?g" calico-policy-only.yaml
 
 sleep 10
 
 if [ ${number_of_nodes} -gt 50 ]; then
   echo "More than 50 nodes detected. Setting the typha service name"
-  sed -i -e 's/typha_service_name:\s"none"/typha_service_name: calico-typha/g' calico.yaml
-  kubectl apply -f calico.yaml
+  sed -i -e 's/typha_service_name:\s"none"/typha_service_name: calico-typha/g' calico-policy-only.yaml
+  kubectl apply -f calico-policy-only.yaml
   kubectl -n kube-system scale --current-replicas=1 --replicas=${number_of_replicas} deployment/calico-typha
 else
-  kubectl apply -f calico.yaml
+  kubectl apply -f calico-policy-only.yaml
 fi
diff --git a/outputs.tf b/outputs.tf
@@ -16,4 +16,4 @@ output "kubeconfig" {
 output "ocirtoken" {
   value     = module.auth.ocirtoken
   sensitive = true
-}
+}
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -139,7 +139,7 @@ install_helm = true
 
 # calico
 
-calico_version = "3.6"
+calico_version = "3.9"
 
 install_calico = false
 
diff --git a/variables.tf b/variables.tf
@@ -329,7 +329,7 @@ variable "install_helm" {
 # calico
 variable "calico_version" {
   description = "version of calico to install"
-  default     = "3.6"
+  default     = "3.9"
 }
 
 variable "install_calico" {

Original file line number	Diff line number	Diff line change
`@@ -474,7 +474,7 @@ Refer to {uri-topology}[topology] for more thorough examples.`
`474`	`474`	`\|calico_version`
`475`	`475`	`\|Version of {uri-calico}[Calico] to install.`
`476`	`476`	`\|`
`477`		`-\|3.6`
	`477`	`+\|3.9`
`478`	`478`
`479`	`479`	`\|install_calico`
`480`	`480`	`\|Whether to install {uri-calico}[Calico] as {uri-calico-policy}[pod network policy].`
Original file line number	Diff line number	Diff line change
`@@ -329,7 +329,7 @@ variable "install_helm" {`
`329`	`329`	`# calico`
`330`	`330`	`variable "calico_version" {`
`331`	`331`	`description = "version of calico to install"`
`332`		`- default = "3.6"`
	`332`	`+ default = "3.9"`
`333`	`333`	`}`
`334`	`334`
`335`	`335`	`variable "install_calico" {`