Created
October 20, 2018 04:23
-
-
Save lucasjellema/d8dc67cf2c78a3fb40e10c17a808f892 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# in order to run, first install jq with: sudo apt-get install jq | |
oci() { docker run --rm --mount type=bind,source=$HOME/.oci,target=/root/.oci stephenpearson/oci-cli:latest "$@"; } | |
# set global variable OKE_COMPARTMENT_ID with the OCID for the compartment with name passed in $1 | |
set_oke_compartment() | |
{ | |
echo set_oke_compartments for $1 | |
compartments=$(oci iam compartment list --compartment-id $ROOT_COMPARTMENT_ID --all) | |
# echo "Compartments: $compartments" | |
# echo $compartments | jq -r --arg cn "$1" '.data | map(select(.name == $cn)) | .[0]' | |
# echo $compartments | jq -r --arg compartment_name "$1" '.data | map(select(.name == $compartment_name)) | .[0] | .id' | |
OKE_COMPARTMENT_ID=`echo $compartments | jq -r --arg compartment_name "$1" '.data | map(select(.name == $compartment_name)) | .[0] | .id'` | |
# echo "OKE_COMPARTMENT_ID now is $OKE_COMPARTMENT_ID" | |
} | |
echo $ROOT_COMPARTMENT_ID | |
#policies=`oci iam policy list --compartment-id $ROOT_COMPARTMENT_ID --all` | |
#echo $policies | |
#echo $policies | jq '.data | .[1] ' | |
set_oke_compartment "oke-compartment" | |
echo "OKE Compartment OCID : $OKE_COMPARTMENT_ID" | |
CREATE_VCN="false" | |
if [ $CREATE_VCN = "true" ] | |
then | |
# create a virtual cloud network | |
# https://docs.cloud.oracle.com/iaas/Content/ContEng/Concepts/contengnetworkconfigexample.htm | |
OKE_VCN=`oci network vcn create --compartment-id $OKE_COMPARTMENT_ID --cidr-block '10.0.0.0/16' --display-name oke-vcn --dns-label oke ` | |
#echo $OKE_VCN | |
OKE_VCN_ID=`echo $OKE_VCN | jq '.data | .id'` | |
echo "VNC OCID $OKE_VCN_ID" | |
# create internet gateway | |
OKE_IGW=`oci network internet-gateway create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --is-enabled true --display-name internet-gateway-oke` | |
echo $OKE_IGW | |
OKE_IGW_ID=`echo $OKE_IGW | jq '.data | .id'` | |
echo "Internet Gateway OCID $OKE_IGW_ID" | |
# create routing table | |
ROUTE_RULES='[ | |
{ | |
"cidrBlock": "0.0.0.0/0", | |
"destination": "0.0.0.0/0", | |
"destinationType": "CIDR_BLOCK", | |
"networkEntityId": "'$OKE_IGW_ID'" | |
} | |
]' | |
echo $ROUTE_RULES | |
echo `oci network route-table list --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID ` | |
OKE_RT=`oci network route-table create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --display-name routing-table-oke --route-rules "$ROUTE_RULES"` | |
echo $OKE_RT | |
OKE_RT_ID=`echo $OKE_RT | jq '.data | .id'` | |
echo "Routing Table OCID $OKE_RT_ID" | |
OKE_DHCP=`oci network dhcp-options create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --options '[{"type": "DomainNameServer", "customDnsServers": [], "serverType": "VcnLocalPlusInternet"}]'` | |
echo $OKE_DHCP | |
else | |
OKE_VCN_ID=ocid1.vcn.oc1.iad.aaaaaaaadzp2obutldz2aqpi22i7x5fic4ybimoaa47qk7qxle7feiwvtlca | |
OKE_IGW_ID=ocid1.internetgateway.oc1.iad.aaaaaaaavmgvzktyknzf6p3u74co5l6hjanll2x5iht2wtr3heirsnbnywqq | |
OKE_RT_ID=ocid1.routetable.oc1.iad.aaaaaaaaqpm7i2kgps4oo6yoliquoemoqmf7rkhpmgvqfihr3vjm6rq7s7ga | |
fi | |
echo Creating Security Lists | |
OKE_SL_WORKERS=`oci network security-list create --compartment-id $COMPARTMENT_ID --vcn-id $VCN_ID --display-name workersXX --ingress-security-rules '[ | |
{ | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"source": "10.0.10.0/24", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"source": "10.0.11.0/24", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"source": "10.0.12.0/24", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": { | |
"code": 4, | |
"type": 3 | |
}, | |
"is-stateless": false, | |
"protocol": "1", | |
"source": "0.0.0.0/0", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": false, | |
"protocol": "6", | |
"source": "130.35.0.0/16", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": { | |
"destination-port-range": { | |
"max": 22, | |
"min": 22 | |
}, | |
"source-port-range": null | |
}, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": false, | |
"protocol": "6", | |
"source": "138.1.0.0/17", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": { | |
"destination-port-range": { | |
"max": 22, | |
"min": 22 | |
}, | |
"source-port-range": null | |
}, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": false, | |
"protocol": "6", | |
"source": "0.0.0.0/0", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": { | |
"destination-port-range": { | |
"max": 22, | |
"min": 22 | |
}, | |
"source-port-range": null | |
}, | |
"udp-options": null | |
}, | |
{ | |
"icmp-options": null, | |
"is-stateless": false, | |
"protocol": "6", | |
"source": "0.0.0.0/0", | |
"source-type": "CIDR_BLOCK", | |
"tcp-options": { | |
"destination-port-range": { | |
"max": 32767, | |
"min": 30000 | |
}, | |
"source-port-range": null | |
}, | |
"udp-options": null | |
} | |
]' --egress-security-rules '[{ | |
"destination": "10.0.10.0/24", | |
"destination-type": "CIDR_BLOCK", | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"destination": "10.0.11.0/24", | |
"destination-type": "CIDR_BLOCK", | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"destination": "10.0.12.0/24", | |
"destination-type": "CIDR_BLOCK", | |
"icmp-options": null, | |
"is-stateless": true, | |
"protocol": "all", | |
"tcp-options": null, | |
"udp-options": null | |
}, | |
{ | |
"destination": "0.0.0.0/0", | |
"destination-type": "CIDR_BLOCK", | |
"icmp-options": null, | |
"is-stateless": false, | |
"protocol": "all", | |
"tcp-options": null, | |
"udp-options": null | |
}]'` | |
oci network route-table create --generate-param-json-input route-rules |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment