feat: add port ranges for inter-cluster communication

Signed-off-by: Ali Mukadam <ali.mukadam@oracle.com>

Author: hyder

admin.tf

@@ -82,7 +82,7 @@ module "admin" {
   load_balancers            = "both"
   preferred_load_balancer   = "public"
   internal_lb_allowed_cidrs = ["0.0.0.0/0"]
-  internal_lb_allowed_ports = [80, 443]
+  internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
   public_lb_allowed_ports   = [80, 443, 15021]
 

docs/src/multi/pub-ep.md

@@ -286,7 +286,23 @@ for cluster in admin phoenix; do
 done
 ```
 
-3. Install the Verrazzano Admin cluster:
+3. Obtain the manifest for DNS:
+
+```bash
+cd /home/opc/vz/oci
+bash  get_oci_secret.sh
+echo >> oci.yaml
+```
+
+4. Create the secret in each cluster:
+
+```bash, editable
+for cluster in admin phoenix ; do
+  bash create_oci_secret_$cluster.sh
+done
+```
+
+5. Install the Verrazzano Admin cluster:
 
 ```
 cd /home/opc/vz/clusters
@@ -296,15 +312,16 @@ bash install_vz_cluster_admin.sh
 The Admin cluster has more components to install and takes longer, so we install it separately. This allows us to install the managed clusters in parallel.
 ```
 
-4. While the Admin cluster is being installed in the background, you can install the managed clusters in parallel:
+6. While the Admin cluster is being installed in the background, you can install the managed clusters in parallel:
 
 ```bash, editable
+cd /home/opc/vz/clusters
 for cluster in phoenix ; do
   bash install_vz_cluster_$cluster.sh
 done
 ```
 
-5. Wait for Verrazzano to be installed in all clusters:
+7. Wait for Verrazzano to be installed in all clusters:
 
 ```
 # check managed clusters' status
@@ -315,7 +332,7 @@ kubectx admin
 kubectl wait --timeout=20m --for=condition=InstallComplete verrazzano/admin
 ```
 
-6. Create the certificates secrets for each managed cluster:
+8. Create the certificates secrets for each managed cluster:
 
 ```bash, editable
 cd /home/opc/vz/certs
@@ -324,14 +341,14 @@ for cluster in phoenix; do
 done
 ```
 
-7. Create the ConfigMap for the API Server:
+9. Create the ConfigMap for the API Server:
 
 ```
 cd /home/opc/vz/cm
 bash create_api_cm.sh
 ```
 
-8. Create the Verrazzano managed cluster objects for each managed cluster:    
+10. Create the Verrazzano managed cluster objects for each managed cluster:    
 
 ```bash, editable
 cd /home/opc/vz/clusters
@@ -340,7 +357,7 @@ for cluster in phoenix; do
 done
 ```
 
-9. Register all the managed clusters:
+11. Register all the managed clusters:
 
 ```bash, editable
 for cluster in phoenix; do

modules/clusters/africa.tf

@@ -72,7 +72,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 

modules/clusters/australia.tf

@@ -72,7 +72,7 @@ module "melbourne" {
   load_balancers            = "both"
   preferred_load_balancer   = "public"
   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-  internal_lb_allowed_ports = [80, 443]
+  internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
   public_lb_allowed_ports   = [80, 443]
 
@@ -158,7 +158,7 @@ module "sydney" {
   load_balancers            = "both"
   preferred_load_balancer   = "public"
   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-  internal_lb_allowed_ports = [80, 443]
+  internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
   public_lb_allowed_ports   = [80, 443]
 

modules/clusters/brazil.tf

@@ -72,7 +72,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 
@@ -156,7 +156,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 

modules/clusters/canada.tf

@@ -72,7 +72,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 
@@ -156,7 +156,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 

modules/clusters/europe.tf

@@ -72,7 +72,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 
@@ -157,7 +157,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 
@@ -242,7 +242,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 
@@ -326,7 +326,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 
@@ -410,7 +410,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 
@@ -494,7 +494,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 

modules/clusters/france.tf

@@ -72,7 +72,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 
@@ -156,7 +156,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 

modules/clusters/india.tf

@@ -72,7 +72,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 
@@ -156,7 +156,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 

modules/clusters/japan.tf

@@ -72,7 +72,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]
 
@@ -156,7 +156,7 @@
 #   load_balancers            = "both"
 #   preferred_load_balancer   = "public"
 #   internal_lb_allowed_cidrs = [lookup(var.admin_region, "vcn_cidr")]
-#   internal_lb_allowed_ports = [80, 443]
+#   internal_lb_allowed_ports = var.connectivity_mode == "mesh" ? [80, 443, 15012, 15017, 15021, 15443] : [80, 443]
 #   public_lb_allowed_cidrs   = ["0.0.0.0/0"]
 #   public_lb_allowed_ports   = [80, 443]