3deep5me · July 10, 2024 10:59 · 3deep5me · Jul 3, 2024
diff --git a/main.tf b/main.tf
 variable "oci_compartment_id" {
  description = "ID des Oracle Cloud Compartments"
  type        = string
 }

 data "oci_core_images" "ampere-ubuntu-images" {
  compartment_id           = var.oci_compartment_id
  operating_system         = "Canonical Ubuntu"
  operating_system_version = "22.04 Minimal aarch64"
  shape                    = "VM.Standard.A1.Flex"
  sort_by                  = "TIMECREATED"
  sort_order               = "DESC"
 }

 data "template_file" "cloud-config" {
  template = <<YAML
 #cloud-config
 write_files:
  - path: /var/lib/rancher/k3s/server/manifests/plan.yaml
    content: |
      apiVersion: upgrade.cattle.io/v1
      kind: Plan
      metadata:
        name: plan
        namespace: system-upgrade
      spec:
        channel: https://update.k3s.io/v1-release/channels/stable
        serviceAccountName: system-upgrade
        upgrade:
          image: rancher/k3s-upgrade
  - path: /etc/systemd/system/allow-port-6443.service
    content: |
      [Unit]
      Description=Allow incoming traffic on port 6443
      
      [Service]
      Type=oneshot
      ExecStart=/sbin/iptables -I INPUT -i enp0s6 -p tcp --dport 6443 -j ACCEPT
      
      [Install]
      WantedBy=multi-user.target
 package_upgrade: true
 package_reboot_if_required: true
 runcmd:
 # install k3sup
 - curl -sLS https://get.k3sup.dev | sh
 - sudo cp k3sup-arm64 /usr/local/bin/k3sup
 - sudo install k3sup-arm64 /usr/local/bin/
 # install k3s with k3sup
 - export PUBLIC_IP=$(curl -s ifconfig.me)
 - k3sup install --local --ip $PUBLIC_IP
 # install (auto)-upgrade-controller for k3s
 - sudo k3s kubectl create ns system-upgrade # is needed otherwise rolebinding does not work
 - sudo k3s kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/latest/download/system-upgrade-controller.yaml
 - sudo k3s kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/latest/download/crd.yaml
 # allow port for incoming api traffic
 - sudo systemctl daemon-reload
 - sudo systemctl enable allow-port-6443.service
 - sudo systemctl start allow-port-6443.service
 YAML
 }

 resource "oci_core_instance" "oracle-arm" {
  metadata = {
    ssh_authorized_keys = ""
    user_data = "${base64encode(data.template_file.cloud-config.rendered)}"
  }
  compartment_id = var.oci_compartment_id
  shape = data.oci_core_images.ampere-ubuntu-images.shape
  shape_config {
    memory_in_gbs = "24"
    ocpus         = "4"
  }
  source_details {
    boot_volume_size_in_gbs = "200"
    # Platform Image: Ubuntu 20.04
    # source_id   = "ocid1.image.oc1.iad.aaaaaaaa2tex34yxzqunbwnfnat6pkh2ztqchvfyygnnrhfv7urpbhozdw2a"
    source_id   = data.oci_core_images.ampere-ubuntu-images.images[0].id
    source_type = "image"
    boot_volume_vpus_per_gb = "120"
  }
  create_vnic_details {
    assign_private_dns_record = "true"
    assign_public_ip          = "true" # this instance has a Public IP
    hostname_label            = "oracle-arm"
    subnet_id                 = oci_core_subnet.subnet_0.id
  }
  availability_config {
    recovery_action = "RESTORE_INSTANCE"
  }
  availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
 }

 resource "oci_core_subnet" "subnet_0" {
  compartment_id = var.oci_compartment_id
  cidr_block     = "10.0.0.0/24"  # Adjust the subnet CIDR block
  vcn_id         = oci_core_vcn.test_vcn.id
  availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
  dns_label      = "mysn"
  route_table_id =  oci_core_route_table.public_route_table.id
  security_list_ids = [oci_core_security_list.public_arm_security_list.id]
 }

 data "oci_identity_availability_domains" "ads" {
  compartment_id = var.oci_compartment_id
 }

 resource "oci_core_vcn" "test_vcn" {
  compartment_id = var.oci_compartment_id
  cidr_block     = "10.0.0.0/16"  # Adjust the CIDR block as needed
  display_name   = "My VCN"
  dns_label      = "myvcn"
 }

 # its the local firewall do not even try to change this here
 resource "oci_core_security_list" "public_arm_security_list" {
  compartment_id = var.oci_compartment_id
  vcn_id = oci_core_vcn.test_vcn.id
  egress_security_rules {
    destination = "0.0.0.0/0"
    protocol = "all"
  } 
  ingress_security_rules {
    tcp_options {
      max = 22
      min = 22
    }
    protocol = "6"
    source   = "0.0.0.0/0"
  } 
  ingress_security_rules {
    tcp_options {
      max = 6443
      min = 6443
    }
    protocol = "6"
    source   = "0.0.0.0/0"
  } 
  ingress_security_rules {
    tcp_options {
      max = 443
      min = 443
    }
    protocol = "6"
    source   = "0.0.0.0/0"
  } 
  ingress_security_rules {
    tcp_options {
      max = 80
      min = 80
    }
    protocol = "6"
    source   = "0.0.0.0/0"
  } 
 }

 resource "oci_core_internet_gateway" "internet_gateway_for_arm" {
  compartment_id = var.oci_compartment_id
  vcn_id = oci_core_vcn.test_vcn.id
 }

 resource "oci_core_route_table" "public_route_table" {
  compartment_id = var.oci_compartment_id
  vcn_id = oci_core_vcn.test_vcn.id
  display_name = "RouteTableForArmPublic"
  route_rules {
    destination = "0.0.0.0/0"
    network_entity_id = oci_core_internet_gateway.internet_gateway_for_arm.id
  }
 }
	variable "oci_compartment_id" {
	description = "ID des Oracle Cloud Compartments"
	type = string
	}

	data "oci_core_images" "ampere-ubuntu-images" {
	compartment_id = var.oci_compartment_id
	operating_system = "Canonical Ubuntu"
	operating_system_version = "22.04 Minimal aarch64"
	shape = "VM.Standard.A1.Flex"
	sort_by = "TIMECREATED"
	sort_order = "DESC"
	}

	data "template_file" "cloud-config" {
	template = <<YAML
	#cloud-config
	write_files:
	- path: /var/lib/rancher/k3s/server/manifests/plan.yaml
	content: \|
	apiVersion: upgrade.cattle.io/v1
	kind: Plan
	metadata:
	name: plan
	namespace: system-upgrade
	spec:
	channel: https://update.k3s.io/v1-release/channels/stable
	serviceAccountName: system-upgrade
	upgrade:
	image: rancher/k3s-upgrade
	- path: /etc/systemd/system/allow-port-6443.service
	content: \|
	[Unit]
	Description=Allow incoming traffic on port 6443

	[Service]
	Type=oneshot
	ExecStart=/sbin/iptables -I INPUT -i enp0s6 -p tcp --dport 6443 -j ACCEPT

	[Install]
	WantedBy=multi-user.target
	package_upgrade: true
	package_reboot_if_required: true
	runcmd:
	# install k3sup
	- curl -sLS https://get.k3sup.dev \| sh
	- sudo cp k3sup-arm64 /usr/local/bin/k3sup
	- sudo install k3sup-arm64 /usr/local/bin/
	# install k3s with k3sup
	- export PUBLIC_IP=$(curl -s ifconfig.me)
	- k3sup install --local --ip $PUBLIC_IP
	# install (auto)-upgrade-controller for k3s
	- sudo k3s kubectl create ns system-upgrade # is needed otherwise rolebinding does not work
	- sudo k3s kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/latest/download/system-upgrade-controller.yaml
	- sudo k3s kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/latest/download/crd.yaml
	# allow port for incoming api traffic
	- sudo systemctl daemon-reload
	- sudo systemctl enable allow-port-6443.service
	- sudo systemctl start allow-port-6443.service
	YAML
	}

	resource "oci_core_instance" "oracle-arm" {
	metadata = {
	ssh_authorized_keys = ""
	user_data = "${base64encode(data.template_file.cloud-config.rendered)}"
	}
	compartment_id = var.oci_compartment_id
	shape = data.oci_core_images.ampere-ubuntu-images.shape
	shape_config {
	memory_in_gbs = "24"
	ocpus = "4"
	}
	source_details {
	boot_volume_size_in_gbs = "200"
	# Platform Image: Ubuntu 20.04
	# source_id = "ocid1.image.oc1.iad.aaaaaaaa2tex34yxzqunbwnfnat6pkh2ztqchvfyygnnrhfv7urpbhozdw2a"
	source_id = data.oci_core_images.ampere-ubuntu-images.images[0].id
	source_type = "image"
	boot_volume_vpus_per_gb = "120"
	}
	create_vnic_details {
	assign_private_dns_record = "true"
	assign_public_ip = "true" # this instance has a Public IP
	hostname_label = "oracle-arm"
	subnet_id = oci_core_subnet.subnet_0.id
	}
	availability_config {
	recovery_action = "RESTORE_INSTANCE"
	}
	availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
	}

	resource "oci_core_subnet" "subnet_0" {
	compartment_id = var.oci_compartment_id
	cidr_block = "10.0.0.0/24" # Adjust the subnet CIDR block
	vcn_id = oci_core_vcn.test_vcn.id
	availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
	dns_label = "mysn"
	route_table_id = oci_core_route_table.public_route_table.id
	security_list_ids = [oci_core_security_list.public_arm_security_list.id]
	}

	data "oci_identity_availability_domains" "ads" {
	compartment_id = var.oci_compartment_id
	}

	resource "oci_core_vcn" "test_vcn" {
	compartment_id = var.oci_compartment_id
	cidr_block = "10.0.0.0/16" # Adjust the CIDR block as needed
	display_name = "My VCN"
	dns_label = "myvcn"
	}

	# its the local firewall do not even try to change this here
	resource "oci_core_security_list" "public_arm_security_list" {
	compartment_id = var.oci_compartment_id
	vcn_id = oci_core_vcn.test_vcn.id
	egress_security_rules {
	destination = "0.0.0.0/0"
	protocol = "all"
	}
	ingress_security_rules {
	tcp_options {
	max = 22
	min = 22
	}
	protocol = "6"
	source = "0.0.0.0/0"
	}
	ingress_security_rules {
	tcp_options {
	max = 6443
	min = 6443
	}
	protocol = "6"
	source = "0.0.0.0/0"
	}
	ingress_security_rules {
	tcp_options {
	max = 443
	min = 443
	}
	protocol = "6"
	source = "0.0.0.0/0"
	}
	ingress_security_rules {
	tcp_options {
	max = 80
	min = 80
	}
	protocol = "6"
	source = "0.0.0.0/0"
	}
	}

	resource "oci_core_internet_gateway" "internet_gateway_for_arm" {
	compartment_id = var.oci_compartment_id
	vcn_id = oci_core_vcn.test_vcn.id
	}

	resource "oci_core_route_table" "public_route_table" {
	compartment_id = var.oci_compartment_id
	vcn_id = oci_core_vcn.test_vcn.id
	display_name = "RouteTableForArmPublic"
	route_rules {
	destination = "0.0.0.0/0"
	network_entity_id = oci_core_internet_gateway.internet_gateway_for_arm.id
	}
	}