Skip to content

Instantly share code, notes, and snippets.

@lucasjellema

lucasjellema/ociResourcesForOKE.sh

Created October 20, 2018 04:23
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lucasjellema/d8dc67cf2c78a3fb40e10c17a808f892 to your computer and use it in GitHub Desktop.
Save lucasjellema/d8dc67cf2c78a3fb40e10c17a808f892 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ociResourcesForOKE.sh
#!/bin/bash
# in order to run, first install jq with: sudo apt-get install jq
oci() { docker run --rm --mount type=bind,source=$HOME/.oci,target=/root/.oci stephenpearson/oci-cli:latest "$@"; }
# set global variable OKE_COMPARTMENT_ID with the OCID for the compartment with name passed in $1
set_oke_compartment()
{
echo set_oke_compartments for $1
compartments=$(oci iam compartment list --compartment-id $ROOT_COMPARTMENT_ID --all)
# echo "Compartments: $compartments"
# echo $compartments | jq -r --arg cn "$1" '.data | map(select(.name == $cn)) | .[0]'
# echo $compartments | jq -r --arg compartment_name "$1" '.data | map(select(.name == $compartment_name)) | .[0] | .id'
OKE_COMPARTMENT_ID=`echo $compartments | jq -r --arg compartment_name "$1" '.data | map(select(.name == $compartment_name)) | .[0] | .id'`
# echo "OKE_COMPARTMENT_ID now is $OKE_COMPARTMENT_ID"
}
echo $ROOT_COMPARTMENT_ID
#policies=`oci iam policy list --compartment-id $ROOT_COMPARTMENT_ID --all`
#echo $policies
#echo $policies | jq '.data | .[1] '
set_oke_compartment "oke-compartment"
echo "OKE Compartment OCID : $OKE_COMPARTMENT_ID"
CREATE_VCN="false"
if [ $CREATE_VCN = "true" ]
then
# create a virtual cloud network
# https://docs.cloud.oracle.com/iaas/Content/ContEng/Concepts/contengnetworkconfigexample.htm
OKE_VCN=`oci network vcn create --compartment-id $OKE_COMPARTMENT_ID --cidr-block '10.0.0.0/16' --display-name oke-vcn --dns-label oke `
#echo $OKE_VCN
OKE_VCN_ID=`echo $OKE_VCN | jq '.data | .id'`
echo "VNC OCID $OKE_VCN_ID"
# create internet gateway
OKE_IGW=`oci network internet-gateway create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --is-enabled true --display-name internet-gateway-oke`
echo $OKE_IGW
OKE_IGW_ID=`echo $OKE_IGW | jq '.data | .id'`
echo "Internet Gateway OCID $OKE_IGW_ID"
# create routing table
ROUTE_RULES='[
{
"cidrBlock": "0.0.0.0/0",
"destination": "0.0.0.0/0",
"destinationType": "CIDR_BLOCK",
"networkEntityId": "'$OKE_IGW_ID'"
}
]'
echo $ROUTE_RULES
echo `oci network route-table list --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID `
OKE_RT=`oci network route-table create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --display-name routing-table-oke --route-rules "$ROUTE_RULES"`
echo $OKE_RT
OKE_RT_ID=`echo $OKE_RT | jq '.data | .id'`
echo "Routing Table OCID $OKE_RT_ID"
OKE_DHCP=`oci network dhcp-options create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --options '[{"type": "DomainNameServer", "customDnsServers": [], "serverType": "VcnLocalPlusInternet"}]'`
echo $OKE_DHCP
else
OKE_VCN_ID=ocid1.vcn.oc1.iad.aaaaaaaadzp2obutldz2aqpi22i7x5fic4ybimoaa47qk7qxle7feiwvtlca
OKE_IGW_ID=ocid1.internetgateway.oc1.iad.aaaaaaaavmgvzktyknzf6p3u74co5l6hjanll2x5iht2wtr3heirsnbnywqq
OKE_RT_ID=ocid1.routetable.oc1.iad.aaaaaaaaqpm7i2kgps4oo6yoliquoemoqmf7rkhpmgvqfihr3vjm6rq7s7ga
fi
echo Creating Security Lists
OKE_SL_WORKERS=`oci network security-list create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --display-name workersXX --ingress-security-rules '[
{
"icmp-options": null,
"is-stateless": true,
"protocol": "all",
"source": "10.0.10.0/24",
"source-type": "CIDR_BLOCK",
"tcp-options": null,
"udp-options": null
},
{
"icmp-options": null,
"is-stateless": true,
"protocol": "all",
"source": "10.0.11.0/24",
"source-type": "CIDR_BLOCK",
"tcp-options": null,
"udp-options": null
},
{
"icmp-options": null,
"is-stateless": true,
"protocol": "all",
"source": "10.0.12.0/24",
"source-type": "CIDR_BLOCK",
"tcp-options": null,
"udp-options": null
},
{
"icmp-options": {
"code": 4,
"type": 3
},
"is-stateless": false,
"protocol": "1",
"source": "0.0.0.0/0",
"source-type": "CIDR_BLOCK",
"tcp-options": null,
"udp-options": null
},
{
"icmp-options": null,
"is-stateless": false,
"protocol": "6",
"source": "130.35.0.0/16",
"source-type": "CIDR_BLOCK",
"tcp-options": {
"destination-port-range": {
"max": 22,
"min": 22
},
"source-port-range": null
},
"udp-options": null
},
{
"icmp-options": null,
"is-stateless": false,
"protocol": "6",
"source": "138.1.0.0/17",
"source-type": "CIDR_BLOCK",
"tcp-options": {
"destination-port-range": {
"max": 22,
"min": 22
},
"source-port-range": null
},
"udp-options": null
},
{
"icmp-options": null,
"is-stateless": false,
"protocol": "6",
"source": "0.0.0.0/0",
"source-type": "CIDR_BLOCK",
"tcp-options": {
"destination-port-range": {
"max": 22,
"min": 22
},
"source-port-range": null
},
"udp-options": null
},
{
"icmp-options": null,
"is-stateless": false,
"protocol": "6",
"source": "0.0.0.0/0",
"source-type": "CIDR_BLOCK",
"tcp-options": {
"destination-port-range": {
"max": 32767,
"min": 30000
},
"source-port-range": null
},
"udp-options": null
}
]' --egress-security-rules '[{
"destination": "10.0.10.0/24",
"destination-type": "CIDR_BLOCK",
"icmp-options": null,
"is-stateless": true,
"protocol": "all",
"tcp-options": null,
"udp-options": null
},
{
"destination": "10.0.11.0/24",
"destination-type": "CIDR_BLOCK",
"icmp-options": null,
"is-stateless": true,
"protocol": "all",
"tcp-options": null,
"udp-options": null
},
{
"destination": "10.0.12.0/24",
"destination-type": "CIDR_BLOCK",
"icmp-options": null,
"is-stateless": true,
"protocol": "all",
"tcp-options": null,
"udp-options": null
},
{
"destination": "0.0.0.0/0",
"destination-type": "CIDR_BLOCK",
"icmp-options": null,
"is-stateless": false,
"protocol": "all",
"tcp-options": null,
"udp-options": null
}]'`
oci network route-table create --generate-param-json-input route-rules
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment