#!/bin/bash | |
# in order to run, first install jq with: sudo apt-get install jq | |
oci() { docker run --rm --mount type=bind,source=$HOME/.oci,target=/root/.oci stephenpearson/oci-cli:latest "$@"; } | |
# set global variable OKE_COMPARTMENT_ID with the OCID for the compartment with name passed in $1 | |
set_oke_compartment() | |
{ | |
echo set_oke_compartments for $1 | |
compartments=$(oci iam compartment list --compartment-id $ROOT_COMPARTMENT_ID --all) | |
# echo "Compartments: $compartments" | |
# echo $compartments | jq -r --arg cn "$1" '.data | map(select(.name == $cn)) | .[0]' | |
# echo $compartments | jq -r --arg compartment_name "$1" '.data | map(select(.name == $compartment_name)) | .[0] | .id' | |
OKE_COMPARTMENT_ID=`echo $compartments | jq -r --arg compartment_name "$1" '.data | map(select(.name == $compartment_name)) | .[0] | .id'` | |
# echo "OKE_COMPARTMENT_ID now is $OKE_COMPARTMENT_ID" | |
} | |
echo $ROOT_COMPARTMENT_ID | |
#policies=`oci iam policy list --compartment-id $ROOT_COMPARTMENT_ID --all` | |
#echo $policies | |
#echo $policies | jq '.data | .[1] ' | |
set_oke_compartment "oke-compartment" | |
echo "OKE Compartment OCID : $OKE_COMPARTMENT_ID" | |
CREATE_VCN="false" | |
if [ $CREATE_VCN = "true" ] | |
then | |
# create a virtual cloud network | |
# https://docs.cloud.oracle.com/iaas/Content/ContEng/Concepts/contengnetworkconfigexample.htm | |
OKE_VCN=`oci network vcn create --compartment-id $OKE_COMPARTMENT_ID --cidr-block '10.0.0.0/16' --display-name oke-vcn --dns-label oke ` | |
#echo $OKE_VCN | |
OKE_VCN_ID=`echo $OKE_VCN | jq '.data | .id'` | |
echo "VNC OCID $OKE_VCN_ID" | |
# create internet gateway | |
OKE_IGW=`oci network internet-gateway create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --is-enabled true --display-name internet-gateway-oke` | |
echo $OKE_IGW | |
OKE_IGW_ID=`echo $OKE_IGW | jq '.data | .id'` | |
echo "Internet Gateway OCID $OKE_IGW_ID" | |
# create routing table | |
ROUTE_RULES='[ | |
{ | |
"cidrBlock": "0.0.0.0/0", | |
"destination": "0.0.0.0/0", | |
"destinationType": "CIDR_BLOCK", | |
"networkEntityId": "'$OKE_IGW_ID'" | |
} | |
]' | |
echo $ROUTE_RULES | |
echo `oci network route-table list --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID ` | |
OKE_RT=`oci network route-table create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --display-name routing-table-oke --route-rules "$ROUTE_RULES"` | |
echo $OKE_RT | |
OKE_RT_ID=`echo $OKE_RT | jq '.data | .id'` | |
echo "Routing Table OCID $OKE_RT_ID" | |
OKE_DHCP=`oci network dhcp-options create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --options '[{"type": "DomainNameServer", "customDnsServers": [], "serverType": "VcnLocalPlusInternet"}]'` | |
echo $OKE_DHCP | |
else | |
OKE_VCN_ID=ocid1.vcn.oc1.iad.aaaaaaaadzp2obutldz2aqpi22i7x5fic4ybimoaa47qk7qxle7feiwvtlca | |
OKE_IGW_ID=ocid1.internetgateway.oc1.iad.aaaaaaaavmgvzktyknzf6p3u74co5l6hjanll2x5iht2wtr3heirsnbnywqq | |
OKE_RT_ID=ocid1.routetable.oc1.iad.aaaaaaaaqpm7i2kgps4oo6yoliquoemoqmf7rkhpmgvqfihr3vjm6rq7s7ga | |
fi | |
echo Creating Security Lists | |
OKE_SL_WORKERS=`oci network security-list create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --display-name workersXX --ingress-security-rules '[ | |
{ | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"source": "10.0.10.0/24", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"source": "10.0.11.0/24", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"source": "10.0.12.0/24", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": { | |
"code": 4, | |
"type": 3 | |
}, | |
"is-stateless": false, | |
"protocol": "1", | |
"source": "0.0.0.0/0", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": false, | |
"protocol": "6", | |
"source": "130.35.0.0/16", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": { | |
"destination-port-range": { | |
"max": 22, | |
"min": 22 | |
}, | |
"source-port-range": null | |
}, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": false, | |
"protocol": "6", | |
"source": "138.1.0.0/17", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": { | |
"destination-port-range": { | |
"max": 22, | |
"min": 22 | |
}, | |
"source-port-range": null | |
}, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": false, | |
"protocol": "6", | |
"source": "0.0.0.0/0", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": { | |
"destination-port-range": { | |
"max": 22, | |
"min": 22 | |
}, | |
"source-port-range": null | |
}, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": false, | |
"protocol": "6", | |
"source": "0.0.0.0/0", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": { | |
"destination-port-range": { | |
"max": 32767, | |
"min": 30000 | |
}, | |
"source-port-range": null | |
}, | |
"udp-options": null | |
} | |
]' --egress-security-rules '[{ | |
"destination": "10.0.10.0/24", | |
"destination-type": "CIDR_BLOCK", | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"destination": "10.0.11.0/24", | |
"destination-type": "CIDR_BLOCK", | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"destination": "10.0.12.0/24", | |
"destination-type": "CIDR_BLOCK", | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"destination": "0.0.0.0/0", | |
"destination-type": "CIDR_BLOCK", | |
"icmp-options": null, | |
"is-stateless": false, | |
"protocol": "all", | |
"tcp-options": null, | |
"udp-options": null | |
}]'` | |
oci network route-table create --generate-param-json-input route-rules |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment