a1994sc/ansible.tf

## ansible.tf
resource "local_file" "pro_hosts_yaml" {
  content = templatefile("${path.module}/templates/pro-hosts.tftpl",
    {
      trunks = local.trunk-l
      leafs  = local.leaf-l
    }
  )
  filename = "${path.module}/provision/hosts.yaml"
  file_permission = "0644"
}

resource "local_file" "hosts_yaml" {
  content = templatefile("${path.module}/templates/hosts.tftpl",
    {
      trunks = local.trunk-l
      leafs  = local.leaf-l
    }
  )
  filename = "${path.module}/hosts.yaml"
  file_permission = "0644"
}

resource "local_file" "hosts_ini" {
  content = templatefile("${path.module}/templates/k3s.tftpl",
    {
      trunks = local.trunk-l
      leafs  = local.leaf-l
    }
  )
  filename = "${local.k3s-inv-path}/hosts.ini"
  file_permission = "0644"
}

## cat pro-hosts.tftpl
all:
  children:
    trunk:
      hosts:
%{ for trunk in trunks ~}
        ${trunk.name}:
          ansible_host: ${trunk.ip}
          %{if trunk.is_oracle}ansible_user: ubuntu
          is_oracle: true%{else}ansible_user: root
          is_oracle: false%{endif}
%{ endfor ~}
    linode:
      hosts:%{ for trunk in trunks ~}%{if !trunk.is_oracle}
        ${trunk.name}:
          ansible_host: ${trunk.ip}
          host: "${trunk.name}"
          pass: "{{ ${trunk.name}_ascii }}"
          ansible_user: root%{endif}%{endfor ~}%{ for leaf in leafs ~}%{if !leaf.is_oracle}
        ${leaf.name}:
          ansible_host: ${leaf.ip}
          host: "${leaf.name}"
          pass: "{{ ${leaf.name}_ascii }}"
          ansible_user: root%{endif}%{endfor ~}

    oracle:
      hosts:%{ for trunk in trunks ~}%{if trunk.is_oracle}
        ${trunk.name}:
          ansible_host: ${trunk.ip}
          host: "${trunk.name}"
          pass: "{{ ${trunk.name}_ascii }}"
          ansible_user: root%{endif}%{endfor ~}%{ for leaf in leafs ~}%{if leaf.is_oracle}
        ${leaf.name}:
          ansible_host: ${leaf.ip}
          host: "${leaf.name}"
          pass: "{{ ${leaf.name}_ascii }}"
          ansible_user: ubuntu%{endif}%{endfor ~}

  vars:
    user: "ascii"
    ansible_ssh_private_key_file: /home/ascii/.ssh/oracle
    ansible_python_interpreter: /usr/bin/python3

## hosts.tftpl
trunk:
  hosts:
%{ for trunk in trunks ~}
    ${trunk.name}:
      ansible_host: ${trunk.ip}
      ansible_become_pass: "{{ ${trunk.name}_ascii }}"
%{ endfor ~}
leaf:
  hosts:
%{ for leaf in leafs ~}
    ${leaf.name}:
      ansible_host: ${leaf.ip}
      ansible_become_pass: "{{ ${leaf.name}_ascii }}"
%{ endfor ~}
all:
  children:
    trunk:
    leaf:
  vars:
    ansible_user: ascii
    ansible_ssh_private_key_file: /home/ascii/.ssh/oracle
    ansible_python_interpreter: /usr/bin/python3

## k3s.tftpl
[master]
%{ for trunk in trunks ~}
${trunk.ip}     ansible_become_pass="{{ ${trunk.name}_ascii }}"
%{ endfor ~}

[node]
%{ for leaf in leafs ~}
${leaf.ip}      ansible_become_pass="{{ ${leaf.name}_ascii }}"
%{ endfor ~}

[k3s_cluster:children]
master
node

## linode.tf
provider "linode" {
  token = data.sops_file.linode_sops.data["linode_api"]
  api_version = "v4beta"
}

resource "linode_firewall" "firewall" {
  label = "firewall"

  inbound {
    label    = "allow-http"
    action   = "ACCEPT"
    protocol = "TCP"
    ports    = "80"
    ipv4     = ["0.0.0.0/0"]
    ipv6     = ["::/0"]
  }

  inbound {
    label    = "allow-https"
    action   = "ACCEPT"
    protocol = "TCP"
    ports    = "443"
    ipv4     = ["0.0.0.0/0"]
    ipv6     = ["::/0"]
  }

  inbound {
    label    = "allow-ssh"
    action   = "ACCEPT"
    protocol = "TCP"
    ports    = "22"
    ipv4     = [join("", [data.sops_file.linode_sops.data["home_ip"], "/32"])]
    ipv6     = []
  }

  inbound {
    label    = "allow-k8s-TCP"
    action   = "ACCEPT"
    protocol = "TCP"
    ports    = "1-65535"
    ipv4     = [
      join("", [linode_instance.trunk40.ip_address, "/32"]),
      join("", [linode_instance.trunk41.ip_address, "/32"]),
      join("", [oci_core_instance.trunk42.public_ip, "/32"]),
      join("", [oci_core_instance.leaf40.public_ip, "/32"]),
      join("", [oci_core_instance.leaf41.public_ip, "/32"]),
      join("", [oci_core_instance.leaf42.public_ip, "/32"])
    ]
  }

  inbound {
    label    = "allow-k8s-UDP"
    action   = "ACCEPT"
    protocol = "UDP"
    ports    = "1-65535"
    ipv4     = [
      join("", [linode_instance.trunk40.ip_address, "/32"]),
      join("", [linode_instance.trunk41.ip_address, "/32"]),
      join("", [oci_core_instance.trunk42.public_ip, "/32"]),
      join("", [oci_core_instance.leaf40.public_ip, "/32"]),
      join("", [oci_core_instance.leaf41.public_ip, "/32"]),
      join("", [oci_core_instance.leaf42.public_ip, "/32"])
    ]
  }

  inbound_policy = "DROP"

  outbound_policy = "ACCEPT"

  linodes = [linode_instance.trunk40.id, linode_instance.trunk41.id]
}

resource "linode_database_mysql" "k3s-mysql" {
  label = "k3s-cluster"
  engine_id = "mysql/8.0.26"
  region = "us-west"
  type = "g6-nanode-1"
  cluster_size = 3
  encrypted = true
  ssl_connection = true
  replication_type = "semi_synch"
  allow_list = [
    join("", [linode_instance.trunk40.ip_address, "/32"]),
    join("", [linode_instance.trunk41.ip_address, "/32"]),
    join("", [oci_core_instance.trunk42.public_ip, "/32"]),
    join("", [oci_core_instance.leaf40.public_ip, "/32"]),
    join("", [oci_core_instance.leaf41.public_ip, "/32"]),
    join("", [oci_core_instance.leaf42.public_ip, "/32"]),
    join("", [data.sops_file.linode_sops.data["home_ip"], "/32"])
  ]
}

resource "linode_instance" "trunk40" {
  image = "linode/debian11"
  label = "trunk40"
  group = "Terraform"
  # https://api.linode.com/v4/regions
  region = "us-west"
  # https://api.linode.com/v4/linode/types
  type = "g6-standard-1"
  authorized_keys = [ data.sops_file.linode_sops.data["ssh-key"] ]
  root_pass = data.sops_file.linode_sops.data["trunk_40_pass"]
  backups_enabled = false
}

resource "linode_instance" "trunk41" {
  image = "linode/debian11"
  label = "trunk41"
  group = "Terraform"
  region = "us-west"
  type = "g6-standard-1"
  authorized_keys = [ data.sops_file.linode_sops.data["ssh-key"] ]
  root_pass = data.sops_file.linode_sops.data["trunk_40_pass"]
  backups_enabled = false
}

## main.tf
terraform {
  required_providers {
    linode = {
      source = "linode/linode",
      version = "1.27.0"
    }
    oci = {
      source = "oracle/oci"
    }
    sops = {
      source = "carlpett/sops"
    }
  }
}

locals {
  ubuntu_arm_id  = "ocid1.image.oc1.us-sanjose-1.aaaaaaaacdzh2e4tcrxowru2ygh62eiqp4iu2q2io3ippaqdtxks2ojtw5uq"
  ubuntu_amd_id  = "ocid1.image.oc1.us-sanjose-1.aaaaaaaahdd7i2sp2yxu5skd72cefntfwizg7sop4bnzeziooavzmwyufynq"

  k3s-inv-path = "/home/ascii/git/ansible-k3s/inventory/san-jose"

  trunk-l = [
    {
        "name" : "trunk40",
        "ip"   : linode_instance.trunk40.ip_address,
        "is_oracle": false
    },
    {
        "name" : "trunk41",
        "ip"   : linode_instance.trunk41.ip_address,
        "is_oracle": false
    },
    {
        "name" : "trunk42",
        "ip"   : oci_core_instance.trunk42.public_ip,
        "is_oracle": true
    }
  ]

  leaf-l = [
    {
        "name" : "leaf40",
        "ip"   : oci_core_instance.leaf40.public_ip,
        "is_oracle": true
    },
    {
        "name" : "leaf41",
        "ip"   : oci_core_instance.leaf41.public_ip,
        "is_oracle": true
    },
    {
        "name" : "leaf42",
        "ip"   : oci_core_instance.leaf42.public_ip,
        "is_oracle": true
    }
  ]
}

## oracle.tf
provider "oci" {
  region = "us-sanjose-1"
  private_key_path = data.sops_file.linode_sops.data["oci_key_path"]
  fingerprint = data.sops_file.linode_sops.data["oci_key_fp"]
  config_file_profile = "key"
}

resource "oci_core_vcn" "kubernetes" {
  dns_label      = "internal"
  cidr_blocks    = ["10.17.0.0/16"]
  compartment_id = data.sops_file.linode_sops.data["compartment_id"]
  display_name   = "K8S cluter Network"
}

resource "oci_core_subnet" "k3s" {
  cidr_block        = "10.17.9.0/24"
  compartment_id    = data.sops_file.linode_sops.data["compartment_id"]
  vcn_id            = oci_core_vcn.kubernetes.id
  display_name      = "K3S"
  dns_label         = "dns"
  security_list_ids = [oci_core_vcn.kubernetes.default_security_list_id]
  route_table_id    = oci_core_vcn.kubernetes.default_route_table_id
  dhcp_options_id   = oci_core_vcn.kubernetes.default_dhcp_options_id
}

resource "oci_core_internet_gateway" "kubernetes_internet_gateway" {
  compartment_id = data.sops_file.linode_sops.data["compartment_id"]
  display_name   = "TestInternetGateway"
  vcn_id         = oci_core_vcn.kubernetes.id
}

resource "oci_core_default_route_table" "default_route_table" {
  manage_default_resource_id = oci_core_vcn.kubernetes.default_route_table_id
  display_name               = "DefaultRouteTable"

  route_rules {
    destination       = "0.0.0.0/0"
    destination_type  = "CIDR_BLOCK"
    network_entity_id = oci_core_internet_gateway.kubernetes_internet_gateway.id
  }
}

resource "oci_core_instance" "trunk42" {
  availability_domain = "FsEQ:US-SANJOSE-1-AD-1"
  compartment_id      = data.sops_file.linode_sops.data["compartment_id"]
  shape               = "VM.Standard.A1.Flex"

  create_vnic_details {
    assign_public_ip = "true"
    private_ip       = "10.17.9.10"
    subnet_id        = oci_core_subnet.k3s.id
    hostname_label   = "trunk42"
  }

  display_name = "Trunk42"

  metadata = {
    ssh_authorized_keys = data.sops_file.linode_sops.data["ssh-key"]
  }

  shape_config {
    ocpus         = "2"
    memory_in_gbs = "12"
  }

  source_details {
    source_id   = local.ubuntu_arm_id
    source_type = "image"
  }
}

resource "oci_core_instance" "leaf40" {
  availability_domain = "FsEQ:US-SANJOSE-1-AD-1"
  compartment_id      = data.sops_file.linode_sops.data["compartment_id"]
  shape               = "VM.Standard.A1.Flex"

  create_vnic_details {
    assign_public_ip = "true"
    private_ip       = "10.17.9.11"
    subnet_id        = oci_core_subnet.k3s.id
    hostname_label   = "leaf40"
  }

  display_name = "Leaf40"

  metadata = {
    ssh_authorized_keys = data.sops_file.linode_sops.data["ssh-key"]
  }

  shape_config {
    ocpus         = "2"
    memory_in_gbs = "12"
  }

  source_details {
    source_id   = local.ubuntu_arm_id
    source_type = "image"
  }
}

resource "oci_core_instance" "leaf41" {
  availability_domain = "FsEQ:US-SANJOSE-1-AD-1"
  compartment_id      = data.sops_file.linode_sops.data["compartment_id"]
  shape               = "VM.Standard.E2.1.Micro"

  create_vnic_details {
    assign_public_ip = "true"
    private_ip       = "10.17.9.12"
    subnet_id        = oci_core_subnet.k3s.id
    hostname_label   = "leaf41"
  }

  display_name = "Leaf41"

  metadata = {
    ssh_authorized_keys = data.sops_file.linode_sops.data["ssh-key"]
  }

  source_details {
    source_id   = local.ubuntu_amd_id
    source_type = "image"
  }
}

resource "oci_core_instance" "leaf42" {
  availability_domain = "FsEQ:US-SANJOSE-1-AD-1"
  compartment_id      = data.sops_file.linode_sops.data["compartment_id"]
  shape               = "VM.Standard.E2.1.Micro"

  create_vnic_details {
    assign_public_ip = "true"
    private_ip       = "10.17.9.13"
    subnet_id        = oci_core_subnet.k3s.id
    hostname_label   = "leaf42"
  }

  display_name = "Leaf42"

  metadata = {
    ssh_authorized_keys = data.sops_file.linode_sops.data["ssh-key"]
  }

  source_details {
    source_id   = local.ubuntu_amd_id
    source_type = "image"
  }
}

## sops.tf
provider "sops" {}

data "sops_file" "linode_sops" {
  source_file = "sops.enc.json"
}
	resource "local_file" "pro_hosts_yaml" {
	content = templatefile("${path.module}/templates/pro-hosts.tftpl",
	{
	trunks = local.trunk-l
	leafs = local.leaf-l
	}
	)
	filename = "${path.module}/provision/hosts.yaml"
	file_permission = "0644"
	}

	resource "local_file" "hosts_yaml" {
	content = templatefile("${path.module}/templates/hosts.tftpl",
	{
	trunks = local.trunk-l
	leafs = local.leaf-l
	}
	)
	filename = "${path.module}/hosts.yaml"
	file_permission = "0644"
	}

	resource "local_file" "hosts_ini" {
	content = templatefile("${path.module}/templates/k3s.tftpl",
	{
	trunks = local.trunk-l
	leafs = local.leaf-l
	}
	)
	filename = "${local.k3s-inv-path}/hosts.ini"
	file_permission = "0644"
	}
	all:
	children:
	trunk:
	hosts:
	%{ for trunk in trunks ~}
	${trunk.name}:
	ansible_host: ${trunk.ip}
	%{if trunk.is_oracle}ansible_user: ubuntu
	is_oracle: true%{else}ansible_user: root
	is_oracle: false%{endif}
	%{ endfor ~}
	linode:
	hosts:%{ for trunk in trunks ~}%{if !trunk.is_oracle}
	${trunk.name}:
	ansible_host: ${trunk.ip}
	host: "${trunk.name}"
	pass: "{{ ${trunk.name}_ascii }}"
	ansible_user: root%{endif}%{endfor ~}%{ for leaf in leafs ~}%{if !leaf.is_oracle}
	${leaf.name}:
	ansible_host: ${leaf.ip}
	host: "${leaf.name}"
	pass: "{{ ${leaf.name}_ascii }}"
	ansible_user: root%{endif}%{endfor ~}

	oracle:
	hosts:%{ for trunk in trunks ~}%{if trunk.is_oracle}
	${trunk.name}:
	ansible_host: ${trunk.ip}
	host: "${trunk.name}"
	pass: "{{ ${trunk.name}_ascii }}"
	ansible_user: root%{endif}%{endfor ~}%{ for leaf in leafs ~}%{if leaf.is_oracle}
	${leaf.name}:
	ansible_host: ${leaf.ip}
	host: "${leaf.name}"
	pass: "{{ ${leaf.name}_ascii }}"
	ansible_user: ubuntu%{endif}%{endfor ~}

	vars:
	user: "ascii"
	ansible_ssh_private_key_file: /home/ascii/.ssh/oracle
	ansible_python_interpreter: /usr/bin/python3
	[master]
	%{ for trunk in trunks ~}
	${trunk.ip} ansible_become_pass="{{ ${trunk.name}_ascii }}"
	%{ endfor ~}

	[node]
	%{ for leaf in leafs ~}
	${leaf.ip} ansible_become_pass="{{ ${leaf.name}_ascii }}"
	%{ endfor ~}

	[k3s_cluster:children]
	master
	node
	provider "linode" {
	token = data.sops_file.linode_sops.data["linode_api"]
	api_version = "v4beta"
	}

	resource "linode_firewall" "firewall" {
	label = "firewall"

	inbound {
	label = "allow-http"
	action = "ACCEPT"
	protocol = "TCP"
	ports = "80"
	ipv4 = ["0.0.0.0/0"]
	ipv6 = ["::/0"]
	}

	inbound {
	label = "allow-https"
	action = "ACCEPT"
	protocol = "TCP"
	ports = "443"
	ipv4 = ["0.0.0.0/0"]
	ipv6 = ["::/0"]
	}

	inbound {
	label = "allow-ssh"
	action = "ACCEPT"
	protocol = "TCP"
	ports = "22"
	ipv4 = [join("", [data.sops_file.linode_sops.data["home_ip"], "/32"])]
	ipv6 = []
	}

	inbound {
	label = "allow-k8s-TCP"
	action = "ACCEPT"
	protocol = "TCP"
	ports = "1-65535"
	ipv4 = [
	join("", [linode_instance.trunk40.ip_address, "/32"]),
	join("", [linode_instance.trunk41.ip_address, "/32"]),
	join("", [oci_core_instance.trunk42.public_ip, "/32"]),
	join("", [oci_core_instance.leaf40.public_ip, "/32"]),
	join("", [oci_core_instance.leaf41.public_ip, "/32"]),
	join("", [oci_core_instance.leaf42.public_ip, "/32"])
	]
	}

	inbound {
	label = "allow-k8s-UDP"
	action = "ACCEPT"
	protocol = "UDP"
	ports = "1-65535"
	ipv4 = [
	join("", [linode_instance.trunk40.ip_address, "/32"]),
	join("", [linode_instance.trunk41.ip_address, "/32"]),
	join("", [oci_core_instance.trunk42.public_ip, "/32"]),
	join("", [oci_core_instance.leaf40.public_ip, "/32"]),
	join("", [oci_core_instance.leaf41.public_ip, "/32"]),
	join("", [oci_core_instance.leaf42.public_ip, "/32"])
	]
	}

	inbound_policy = "DROP"

	outbound_policy = "ACCEPT"

	linodes = [linode_instance.trunk40.id, linode_instance.trunk41.id]
	}

	resource "linode_database_mysql" "k3s-mysql" {
	label = "k3s-cluster"
	engine_id = "mysql/8.0.26"
	region = "us-west"
	type = "g6-nanode-1"
	cluster_size = 3
	encrypted = true
	ssl_connection = true
	replication_type = "semi_synch"
	allow_list = [
	join("", [linode_instance.trunk40.ip_address, "/32"]),
	join("", [linode_instance.trunk41.ip_address, "/32"]),
	join("", [oci_core_instance.trunk42.public_ip, "/32"]),
	join("", [oci_core_instance.leaf40.public_ip, "/32"]),
	join("", [oci_core_instance.leaf41.public_ip, "/32"]),
	join("", [oci_core_instance.leaf42.public_ip, "/32"]),
	join("", [data.sops_file.linode_sops.data["home_ip"], "/32"])
	]
	}

	resource "linode_instance" "trunk40" {
	image = "linode/debian11"
	label = "trunk40"
	group = "Terraform"
	# https://api.linode.com/v4/regions
	region = "us-west"
	# https://api.linode.com/v4/linode/types
	type = "g6-standard-1"
	authorized_keys = [ data.sops_file.linode_sops.data["ssh-key"] ]
	root_pass = data.sops_file.linode_sops.data["trunk_40_pass"]
	backups_enabled = false
	}

	resource "linode_instance" "trunk41" {
	image = "linode/debian11"
	label = "trunk41"
	group = "Terraform"
	region = "us-west"
	type = "g6-standard-1"
	authorized_keys = [ data.sops_file.linode_sops.data["ssh-key"] ]
	root_pass = data.sops_file.linode_sops.data["trunk_40_pass"]
	backups_enabled = false
	}
	terraform {
	required_providers {
	linode = {
	source = "linode/linode",
	version = "1.27.0"
	}
	oci = {
	source = "oracle/oci"
	}
	sops = {
	source = "carlpett/sops"
	}
	}
	}

	locals {
	ubuntu_arm_id = "ocid1.image.oc1.us-sanjose-1.aaaaaaaacdzh2e4tcrxowru2ygh62eiqp4iu2q2io3ippaqdtxks2ojtw5uq"
	ubuntu_amd_id = "ocid1.image.oc1.us-sanjose-1.aaaaaaaahdd7i2sp2yxu5skd72cefntfwizg7sop4bnzeziooavzmwyufynq"

	k3s-inv-path = "/home/ascii/git/ansible-k3s/inventory/san-jose"

	trunk-l = [
	{
	"name" : "trunk40",
	"ip" : linode_instance.trunk40.ip_address,
	"is_oracle": false
	},
	{
	"name" : "trunk41",
	"ip" : linode_instance.trunk41.ip_address,
	"is_oracle": false
	},
	{
	"name" : "trunk42",
	"ip" : oci_core_instance.trunk42.public_ip,
	"is_oracle": true
	}
	]

	leaf-l = [
	{
	"name" : "leaf40",
	"ip" : oci_core_instance.leaf40.public_ip,
	"is_oracle": true
	},
	{
	"name" : "leaf41",
	"ip" : oci_core_instance.leaf41.public_ip,
	"is_oracle": true
	},
	{
	"name" : "leaf42",
	"ip" : oci_core_instance.leaf42.public_ip,
	"is_oracle": true
	}
	]
	}
	provider "oci" {
	region = "us-sanjose-1"
	private_key_path = data.sops_file.linode_sops.data["oci_key_path"]
	fingerprint = data.sops_file.linode_sops.data["oci_key_fp"]
	config_file_profile = "key"
	}

	resource "oci_core_vcn" "kubernetes" {
	dns_label = "internal"
	cidr_blocks = ["10.17.0.0/16"]
	compartment_id = data.sops_file.linode_sops.data["compartment_id"]
	display_name = "K8S cluter Network"
	}

	resource "oci_core_subnet" "k3s" {
	cidr_block = "10.17.9.0/24"
	compartment_id = data.sops_file.linode_sops.data["compartment_id"]
	vcn_id = oci_core_vcn.kubernetes.id
	display_name = "K3S"
	dns_label = "dns"
	security_list_ids = [oci_core_vcn.kubernetes.default_security_list_id]
	route_table_id = oci_core_vcn.kubernetes.default_route_table_id
	dhcp_options_id = oci_core_vcn.kubernetes.default_dhcp_options_id
	}

	resource "oci_core_internet_gateway" "kubernetes_internet_gateway" {
	compartment_id = data.sops_file.linode_sops.data["compartment_id"]
	display_name = "TestInternetGateway"
	vcn_id = oci_core_vcn.kubernetes.id
	}

	resource "oci_core_default_route_table" "default_route_table" {
	manage_default_resource_id = oci_core_vcn.kubernetes.default_route_table_id
	display_name = "DefaultRouteTable"

	route_rules {
	destination = "0.0.0.0/0"
	destination_type = "CIDR_BLOCK"
	network_entity_id = oci_core_internet_gateway.kubernetes_internet_gateway.id
	}
	}

	resource "oci_core_instance" "trunk42" {
	availability_domain = "FsEQ:US-SANJOSE-1-AD-1"
	compartment_id = data.sops_file.linode_sops.data["compartment_id"]
	shape = "VM.Standard.A1.Flex"

	create_vnic_details {
	assign_public_ip = "true"
	private_ip = "10.17.9.10"
	subnet_id = oci_core_subnet.k3s.id
	hostname_label = "trunk42"
	}

	display_name = "Trunk42"

	metadata = {
	ssh_authorized_keys = data.sops_file.linode_sops.data["ssh-key"]
	}

	shape_config {
	ocpus = "2"
	memory_in_gbs = "12"
	}

	source_details {
	source_id = local.ubuntu_arm_id
	source_type = "image"
	}
	}

	resource "oci_core_instance" "leaf40" {
	availability_domain = "FsEQ:US-SANJOSE-1-AD-1"
	compartment_id = data.sops_file.linode_sops.data["compartment_id"]
	shape = "VM.Standard.A1.Flex"

	create_vnic_details {
	assign_public_ip = "true"
	private_ip = "10.17.9.11"
	subnet_id = oci_core_subnet.k3s.id
	hostname_label = "leaf40"
	}

	display_name = "Leaf40"

	metadata = {
	ssh_authorized_keys = data.sops_file.linode_sops.data["ssh-key"]
	}

	shape_config {
	ocpus = "2"
	memory_in_gbs = "12"
	}

	source_details {
	source_id = local.ubuntu_arm_id
	source_type = "image"
	}
	}

	resource "oci_core_instance" "leaf41" {
	availability_domain = "FsEQ:US-SANJOSE-1-AD-1"
	compartment_id = data.sops_file.linode_sops.data["compartment_id"]
	shape = "VM.Standard.E2.1.Micro"

	create_vnic_details {
	assign_public_ip = "true"
	private_ip = "10.17.9.12"
	subnet_id = oci_core_subnet.k3s.id
	hostname_label = "leaf41"
	}

	display_name = "Leaf41"

	metadata = {
	ssh_authorized_keys = data.sops_file.linode_sops.data["ssh-key"]
	}

	source_details {
	source_id = local.ubuntu_amd_id
	source_type = "image"
	}
	}

	resource "oci_core_instance" "leaf42" {
	availability_domain = "FsEQ:US-SANJOSE-1-AD-1"
	compartment_id = data.sops_file.linode_sops.data["compartment_id"]
	shape = "VM.Standard.E2.1.Micro"

	create_vnic_details {
	assign_public_ip = "true"
	private_ip = "10.17.9.13"
	subnet_id = oci_core_subnet.k3s.id
	hostname_label = "leaf42"
	}

	display_name = "Leaf42"

	metadata = {
	ssh_authorized_keys = data.sops_file.linode_sops.data["ssh-key"]
	}

	source_details {
	source_id = local.ubuntu_amd_id
	source_type = "image"
	}
	}
	provider "sops" {}

	data "sops_file" "linode_sops" {
	source_file = "sops.enc.json"
	}