fix: updated admin templates for using nip.io (#22)

Signed-off-by: Ali Mukadam <ali.mukadam@oracle.com>

Author: hyder

main.tf

@@ -73,6 +73,8 @@ module "clusters" {
 module "verrazzano" {
   source = "./modules/verrazzano"
 
+  label_prefix = var.label_prefix
+  
   bastion_ip = module.admin.bastion_public_ip
 
   operator_ip = module.admin.operator_private_ip

modules/verrazzano/resources/vz_admin.template.yaml

@@ -4,7 +4,7 @@ metadata:
   name: admin
 spec:
   profile: ${profile}
-  environmentName: admin
+  environmentName: ${environment}
   components:
     argoCD:
       enabled: ${argocd}
@@ -72,37 +72,6 @@ spec:
                       service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "${flex_max}"
                       service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode: "None"
                       oci.oraclecloud.com/oci-network-security-groups: "${data_plane_nsg}"
-                # - name: istio-eastwestgateway
-                #   enabled: true
-                #   k8s:
-                #     serviceAnnotations:
-                #       service.beta.kubernetes.io/oci-load-balancer-internal: "true"
-                #       service.beta.kubernetes.io/oci-load-balancer-shape: "10Mbps"
-                #       service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "50"
-                #       service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"
-                #       service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode: "None"
-                #       oci.oraclecloud.com/oci-network-security-groups: "${int-nsg-id}"
-                #     env:
-                #     - name: ISTIO_META_REQUESTED_NETWORK_VIEW
-                #       value: admin
-                #     service:
-                #       ports:
-                #       - name: status-port
-                #         port: 15021
-                #         targetPort: 15021
-                #       - name: tls
-                #         port: 15443
-                #         targetPort: 15443
-                #       - name: tls-istiod
-                #         port: 15012
-                #         targetPort: 15012
-                #       - name: tls-webhook
-                #         port: 15017
-                #         targetPort: 15017
-                #   label:
-                #     app: istio-eastwestgateway
-                #     istio: eastwestgateway
-                #     topology.istio.io/network: admin
     jaegerOperator:
       enabled: ${jaeger}
     kiali:

modules/verrazzano/resources/vz_admin_nip.template.yaml

@@ -4,7 +4,7 @@ metadata:
   name: admin
 spec:
   profile: ${profile}
-  environmentName: admin
+  environmentName: ${environment}
   components:
     argoCD:
       enabled: ${argocd}
@@ -69,37 +69,7 @@ spec:
                       service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "${flex_max}"
                       service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode: "None"
                       oci.oraclecloud.com/oci-network-security-groups: "${data_plane_nsg}"
-                - name: istio-eastwestgateway
-                  enabled: true
-                  k8s:
-                    serviceAnnotations:
-                      service.beta.kubernetes.io/oci-load-balancer-internal: "true"
-                      service.beta.kubernetes.io/oci-load-balancer-shape: "10Mbps"
-                      service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "50"
-                      service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"
-                      service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode: "None"
-                      oci.oraclecloud.com/oci-network-security-groups: "${int-nsg-id}"
-                    env:
-                    - name: ISTIO_META_REQUESTED_NETWORK_VIEW
-                      value: admin
-                    service:
-                      ports:
-                      - name: status-port
-                        port: 15021
-                        targetPort: 15021
-                      - name: tls
-                        port: 15443
-                        targetPort: 15443
-                      - name: tls-istiod
-                        port: 15012
-                        targetPort: 15012
-                      - name: tls-webhook
-                        port: 15017
-                        targetPort: 15017
-                  label:
-                    app: istio-eastwestgateway
-                    istio: eastwestgateway
-                    topology.istio.io/network: admin
+
     jaegerOperator:
       enabled: ${jaeger}
     kiali:

modules/verrazzano/resources/vz_mc.template.yaml

@@ -56,37 +56,6 @@ spec:
                       service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "${flex_max}"
                       service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode: "None"
                       oci.oraclecloud.com/oci-network-security-groups: "${data_plane_nsg}"
-                # - name: istio-eastwestgateway
-                #   enabled: true
-                #   k8s:
-                #     serviceAnnotations:
-                #       service.beta.kubernetes.io/oci-load-balancer-internal: "true"
-                #       service.beta.kubernetes.io/oci-load-balancer-shape: "10Mbps"
-                #       service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "50"
-                #       service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"
-                #       service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode: "None"
-                #       oci.oraclecloud.com/oci-network-security-groups: "${int-nsg-id}"
-                #     env:
-                #     - name: ISTIO_META_REQUESTED_NETWORK_VIEW
-                #       value: ${mesh_network}
-                #     service:
-                #       ports:
-                #       - name: status-port
-                #         port: 15021
-                #         targetPort: 15021
-                #       - name: tls
-                #         port: 15443
-                #         targetPort: 15443
-                #       - name: tls-istiod
-                #         port: 15012
-                #         targetPort: 15012
-                #       - name: tls-webhook
-                #         port: 15017
-                #         targetPort: 15017
-                #   label:
-                #     app: istio-eastwestgateway
-                #     istio: eastwestgateway
-                #     topology.istio.io/network: ${mesh_network}
     jaegerOperator:
       enabled: ${jaeger}                    
     kiali:

modules/verrazzano/resources/vz_mc_nip.template.yaml

@@ -53,37 +53,6 @@ spec:
                       service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "${flex_max}"
                       service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode: "None"
                       oci.oraclecloud.com/oci-network-security-groups: "${data_plane_nsg}"
-                - name: istio-eastwestgateway
-                  enabled: true
-                  k8s:
-                    serviceAnnotations:
-                      service.beta.kubernetes.io/oci-load-balancer-internal: "true"
-                      service.beta.kubernetes.io/oci-load-balancer-shape: "10Mbps"
-                      service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "50"
-                      service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"
-                      service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode: "None"
-                      oci.oraclecloud.com/oci-network-security-groups: "${int-nsg-id}"
-                    env:
-                    - name: ISTIO_META_REQUESTED_NETWORK_VIEW
-                      value: admin
-                    service:
-                      ports:
-                      - name: status-port
-                        port: 15021
-                        targetPort: 15021
-                      - name: tls
-                        port: 15443
-                        targetPort: 15443
-                      - name: tls-istiod
-                        port: 15012
-                        targetPort: 15012
-                      - name: tls-webhook
-                        port: 15017
-                        targetPort: 15017
-                  label:
-                    app: istio-eastwestgateway
-                    istio: eastwestgateway
-                    topology.istio.io/network: ${mesh_network}
     jaegerOperator:
       enabled: ${jaeger}
     kiali:

modules/verrazzano/templates.tf

@@ -86,6 +86,7 @@ locals {
     compartment_id        = var.dns_compartment_id
     dns_zone_id           = var.dns_zone_id
     dns_zone_name         = var.dns_zone_name
+    environment           = "${var.label_prefix}-admin"
     fluentd               = var.fluentd
     grafana               = var.grafana
     control_plane         = var.verrazzano_control_plane == "public" ? false : true
@@ -111,25 +112,32 @@ locals {
     weblogic_operator     = var.weblogic_operator
     }
     ) : templatefile("${path.module}/resources/vz_admin_nip.template.yaml", {
-      compartment_id      = var.dns_compartment_id
-      profile             = var.verrazzano_profile
-      control_plane       = var.verrazzano_control_plane == "public" ? false : true
-      control_plane_nsg   = var.verrazzano_control_plane == "public" ? lookup(var.pub_nsg_ids, "admin") : lookup(var.int_nsg_ids, "admin")
-      data_plane          = var.verrazzano_data_plane == "public" ? false : true
-      data_plane_nsg      = var.verrazzano_data_plane == "public" ? lookup(var.pub_nsg_ids, "admin") : lookup(var.int_nsg_ids, "admin")
-      lb_shape            = lookup(var.verrazzano_load_balancer, "shape")
-      flex_min            = lookup(var.verrazzano_load_balancer, "flex_min")
-      flex_max            = lookup(var.verrazzano_load_balancer, "flex_max")
-      int-nsg-id          = lookup(var.int_nsg_ids, "admin")
-      jaeger              = var.jaeger
-      kiali               = var.kiali
-      kube_state_metrics  = var.kube_state_metrics
-      mesh_id             = var.mesh_id
-      mesh_network        = "admin"
-      prometheus          = var.prometheus
-      prometheus_operator = var.prometheus_operator
-      velero              = var.velero
-      weblogic_operator   = var.weblogic_operator
+      profile               = var.verrazzano_profile
+      argocd                = var.argocd
+      coherence             = var.coherence
+      console               = var.console
+      environment           = "${var.label_prefix}-admin"
+      fluentd               = var.fluentd
+      grafana               = var.grafana
+      control_plane         = var.verrazzano_control_plane == "public" ? false : true
+      control_plane_nsg     = var.verrazzano_control_plane == "public" ? lookup(var.pub_nsg_ids, "admin") : lookup(var.int_nsg_ids, "admin")
+      data_plane            = var.verrazzano_data_plane == "public" ? false : true
+      data_plane_nsg        = var.verrazzano_data_plane == "public" ? lookup(var.pub_nsg_ids, "admin") : lookup(var.int_nsg_ids, "admin")
+      lb_shape              = lookup(var.verrazzano_load_balancer, "shape")
+      flex_min              = lookup(var.verrazzano_load_balancer, "flex_min")
+      flex_max              = lookup(var.verrazzano_load_balancer, "flex_max")
+      int-nsg-id            = lookup(var.int_nsg_ids, "admin")
+      jaeger                = var.jaeger
+      kiali                 = var.kiali
+      kube_state_metrics    = var.kube_state_metrics
+      mesh_id               = var.mesh_id
+      mesh_network          = "admin"
+      opensearch            = var.opensearch
+      opensearch_dashboards = var.opensearch_dashboards
+      prometheus            = var.prometheus
+      prometheus_operator   = var.prometheus_operator
+      velero                = var.velero
+      weblogic_operator     = var.weblogic_operator
     }
   )
 
@@ -177,7 +185,8 @@ locals {
     k => templatefile("${path.module}/resources/vz_mc_nip.template.yaml",
       {
         cluster             = k
-        compartment_id      = var.dns_compartment_id
+        coherence           = var.coherence
+        fluentd = var.fluentd
         control_plane       = var.verrazzano_control_plane == "public" ? false : true
         control_plane_nsg   = var.verrazzano_control_plane == "public" ? lookup(var.pub_nsg_ids, k) : lookup(var.int_nsg_ids, k)
         data_plane          = var.verrazzano_data_plane == "public" ? false : true

modules/verrazzano/variables.tf

@@ -1,6 +1,10 @@
 # Copyright (c) 2023 Oracle Corporation and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 
+variable "label_prefix" {
+  type        = string
+}
+
 variable "bastion_ip" {
   type = string
 }