diff --git a/terraform/oci-capi-cluster/README.org b/terraform/oci-capi-cluster/README.org new file mode 100644 index 0000000..d1fc482 --- /dev/null +++ b/terraform/oci-capi-cluster/README.org @@ -0,0 +1,225 @@ +#+title: OCI CAPI cluster + +Write a tfvars file + +#+begin_src hcl +tenancy_ocid = "TENANCY OCID" +user_ocid = "YOUR USER OCID" +private_key_path = "YOUR PRIVATE KEY PATH" +fingerprint = "THE FINGERPRINT FOR YOUR PRIVATE KEY" +region = "us-sanjose-1" +compartment_ocid = "YOUR COMPARTMENT OCID" +#+end_src + +Provision network resources + +#+begin_src shell +tofu apply --var-file ./.tfvars +#+end_src + +Bring up Kubernetes locally + +#+begin_src bash +kind create cluster +#+end_src + +Define env + +#+begin_src bash :tangle .envrc +[ ! -f priv.env ] || . priv.env +# export OCI_TENANCY_ID= +# export OCI_USER_ID= +# export OCI_CREDENTIALS_FINGERPRINT= +# export OCI_CREDENTIALS_KEY_B64= # $(base64 < path/to/a/key.pem | tr -d '\n') +export OCI_REGION=us-sanjose-1 + +export OCI_TENANCY_ID_B64="$(echo -n "$OCI_TENANCY_ID" | base64 | tr -d '\n')" +export OCI_CREDENTIALS_FINGERPRINT_B64="$(echo -n "$OCI_CREDENTIALS_FINGERPRINT" | base64 | tr -d '\n')" +export OCI_USER_ID_B64="$(echo -n "$OCI_USER_ID" | base64 | tr -d '\n')" +export OCI_REGION_B64="$(echo -n "$OCI_REGION" | base64 | tr -d '\n')" + +# if bootstraping from inside OCI +export USE_INSTANCE_PRINCIPAL="false" +export USE_INSTANCE_PRINCIPAL_B64="$(echo -n "$USE_INSTANCE_PRINCIPAL" | base64 | tr -d '\n')" +#+end_src + +allow env from .envrc + +#+begin_src bash +direnv allow +#+end_src + +bootstrap capi with oci + +#+begin_src bash +clusterctl init --bootstrap talos:v0.6.5 --control-plane talos:v0.5.6 --infrastructure oci:v0.16.0 +#+end_src + +create a namespace + +#+begin_src bash +kubectl create ns sharingio +#+end_src + +#+RESULTS: +#+begin_example +namespace/sharingio created +#+end_example + +Define more env + +#+begin_src bash :tangle .envrc +# export OCI_COMPARTMENT_ID= +# export OCI_IMAGE_ID=ocid1.image.oc1.us-sanjose-1.aaaaaaaazpwpyk7kh6mbu2g6yihups2zf5uwt7moehbafxsu4idaew6nggxq # NOTE Oracle 8 +export OCI_IMAGE_ID=ocid1.image.oc1.us-sanjose-1.aaaaaaaaqemyxu4dnhuapt6dfzuhq6rp5h3f7ld3yqh3crwiu5qtzlk6woma +export OCI_CONTROL_PLANE_MACHINE_TYPE=VM.Standard.A1.Flex +export OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS=4 +export OCI_NODE_MACHINE_TYPE=VM.Standard.A1.Flex +export OCI_NODE_MACHINE_TYPE_OCPUS=8 +export OCI_SSH_KEY= +export OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true +export OCI_NODE_PV_TRANSIT_ENCRYPTION=true + +export TALOS_INSTALL_IMAGE=factory.talos.dev/installer/d01e4eb407f9a242831748cab07de55550fdcfe8be65ce4defd258a93d94562f:v1.7.6 +export CLUSTER_NAME=cncfocicapi +export CONTROL_PLANE_MACHINE_COUNT=3 +export KUBERNETES_VERSION=v1.30.1 +export NAMESPACE=sharingio +export POD_CIDR=192.168.0.0/16 +export SERVICE_CIDR=10.128.0.0/12 +export NODE_MACHINE_COUNT=6 +export OCI_NETWORK_SUBNET_NAME="${CLUSTER_NAME}-subnet" + +export OCI_NETWORK_SECURITY_GROUP_ID="$(tofu output --raw oci_network_security_group_id || false)" +export OCI_NETWORK_SUBNET_ID="$(tofu output --raw oci_network_subnet_id)" +#+end_src + +generate a cluster config + +#+begin_src bash :epilogue ". .envrc ; \n" +clusterctl -n sharingio generate cluster "$CLUSTER_NAME" --from ./cluster-template.yaml --write-to ./cluster.yaml +#+end_src + +#+RESULTS: +#+begin_example +#+end_example + +apply the cluster + +#+begin_src bash +kubectl -n sharingio apply -f ./cluster.yaml 2>&1 +#+end_src + +#+RESULTS: +#+begin_example +cluster.cluster.x-k8s.io/cncfocicapi created +ocicluster.infrastructure.cluster.x-k8s.io/cncfocicapi created +taloscontrolplane.controlplane.cluster.x-k8s.io/cncfocicapi-control-plane created +ocimachinetemplate.infrastructure.cluster.x-k8s.io/cncfocicapi-control-plane created +ocimachinetemplate.infrastructure.cluster.x-k8s.io/cncfocicapi-md-0 created +talosconfigtemplate.bootstrap.cluster.x-k8s.io/cncfocicapi-md-0 created +machinedeployment.cluster.x-k8s.io/cncfocicapi-md-0 created +#+end_example + +view the world + +#+begin_src shell +( +kubectl -n sharingio get "$(kubectl -n sharingio api-resources | grep x-k8s | awk '{print $1}' | tr '\n' ',' | sed 's/,$//g')" +) 2>&1 ; : +#+end_src + +#+RESULTS: +#+begin_example +NAME AGE +talosconfig.bootstrap.cluster.x-k8s.io/cncfocicapi-control-plane-2zmxv 2m53s +talosconfig.bootstrap.cluster.x-k8s.io/cncfocicapi-control-plane-6ntpr 2m53s +talosconfig.bootstrap.cluster.x-k8s.io/cncfocicapi-control-plane-zc7jw 2m53s +talosconfig.bootstrap.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-8lpll 4m13s +talosconfig.bootstrap.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-cv7jd 4m13s +talosconfig.bootstrap.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-kzjq5 4m13s +talosconfig.bootstrap.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-p4smf 4m13s +talosconfig.bootstrap.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-rmjb6 4m13s +talosconfig.bootstrap.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-s67hr 4m13s + +NAME AGE +talosconfigtemplate.bootstrap.cluster.x-k8s.io/cncfocicapi-md-0 4m13s + +NAME CLUSTERCLASS PHASE AGE VERSION +cluster.cluster.x-k8s.io/cncfocicapi Provisioned 4m14s + +NAME CLUSTER REPLICAS READY UPDATED UNAVAILABLE PHASE AGE VERSION +machinedeployment.cluster.x-k8s.io/cncfocicapi-md-0 cncfocicapi 6 6 6 ScalingUp 4m13s v1.30.1 + +NAME CLUSTER NODENAME PROVIDERID PHASE AGE VERSION +machine.cluster.x-k8s.io/cncfocicapi-control-plane-h59cd cncfocicapi Provisioning 2m53s v1.30.1 +machine.cluster.x-k8s.io/cncfocicapi-control-plane-mrmqj cncfocicapi Provisioning 2m53s v1.30.1 +machine.cluster.x-k8s.io/cncfocicapi-control-plane-st9j6 cncfocicapi Provisioning 2m53s v1.30.1 +machine.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-8lpll cncfocicapi Pending 4m13s v1.30.1 +machine.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-cv7jd cncfocicapi Pending 4m13s v1.30.1 +machine.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-kzjq5 cncfocicapi Pending 4m13s v1.30.1 +machine.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-p4smf cncfocicapi Pending 4m13s v1.30.1 +machine.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-rmjb6 cncfocicapi Pending 4m13s v1.30.1 +machine.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-s67hr cncfocicapi Pending 4m13s v1.30.1 + +NAME CLUSTER REPLICAS READY AVAILABLE AGE VERSION +machineset.cluster.x-k8s.io/cncfocicapi-md-0-h68x6 cncfocicapi 6 4m13s v1.30.1 + +NAME READY INITIALIZED REPLICAS READY REPLICAS UNAVAILABLE REPLICAS +taloscontrolplane.controlplane.cluster.x-k8s.io/cncfocicapi-control-plane 3 3 + +NAME AGE +ocicluster.infrastructure.cluster.x-k8s.io/cncfocicapi 4m14s + +NAME AGE +ocimachine.infrastructure.cluster.x-k8s.io/cncfocicapi-control-plane-4wq9n 2m53s +ocimachine.infrastructure.cluster.x-k8s.io/cncfocicapi-control-plane-g8jqg 2m53s +ocimachine.infrastructure.cluster.x-k8s.io/cncfocicapi-control-plane-jkhnf 2m53s +ocimachine.infrastructure.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-8lpll 4m13s +ocimachine.infrastructure.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-cv7jd 4m13s +ocimachine.infrastructure.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-kzjq5 4m13s +ocimachine.infrastructure.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-p4smf 4m13s +ocimachine.infrastructure.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-rmjb6 4m13s +ocimachine.infrastructure.cluster.x-k8s.io/cncfocicapi-md-0-h68x6-s67hr 4m13s + +NAME AGE +ocimachinetemplate.infrastructure.cluster.x-k8s.io/cncfocicapi-control-plane 4m13s +ocimachinetemplate.infrastructure.cluster.x-k8s.io/cncfocicapi-md-0 4m13s +#+end_example + +Get the Talosconfig + +#+begin_src shell +kubectl -n sharingio get secret cncfocicapi-talosconfig -o go-template='{{ .data.talosconfig | base64decode }}' > ./talosconfig +#+end_src + +#+RESULTS: +#+begin_example +#+end_example + +Get the Kubeconfig + +#+begin_src shell +kubectl -n sharingio get secret sharingio-kubeconfig -o go-template='{{ .data.value | base64decode }}' > ./kubeconfig +#+end_src + +#+RESULTS: +#+begin_example +#+end_example + +Tear down + +#+begin_src shell +kubectl -n sharingio delete cluster cncfocicapi +#+end_src + +#+RESULTS: +#+begin_example +cluster.cluster.x-k8s.io "cncfocicapi" deleted +taloscontrolplane.controlplane.cluster.x-k8s.io "cncfocicapi-control-plane" deleted +Error from server (NotFound): error when deleting "./cluster.yaml": ociclusters.infrastructure.cluster.x-k8s.io "cncfocicapi" not found +Error from server (NotFound): error when deleting "./cluster.yaml": ocimachinetemplates.infrastructure.cluster.x-k8s.io "cncfocicapi-control-plane" not found +Error from server (NotFound): error when deleting "./cluster.yaml": ocimachinetemplates.infrastructure.cluster.x-k8s.io "cncfocicapi-md-0" not found +Error from server (NotFound): error when deleting "./cluster.yaml": talosconfigtemplates.bootstrap.cluster.x-k8s.io "cncfocicapi-md-0" not found +Error from server (NotFound): error when deleting "./cluster.yaml": machinedeployments.cluster.x-k8s.io "cncfocicapi-md-0" not found +#+end_example diff --git a/terraform/oci-capi-cluster/cluster-template.yaml b/terraform/oci-capi-cluster/cluster-template.yaml new file mode 100644 index 0000000..775b8b0 --- /dev/null +++ b/terraform/oci-capi-cluster/cluster-template.yaml @@ -0,0 +1,191 @@ +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} + name: ${CLUSTER_NAME} + namespace: sharingio +spec: + clusterNetwork: + pods: + cidrBlocks: + - ${POD_CIDR} + serviceDomain: cluster.local + services: + cidrBlocks: + - ${SERVICE_CIDR} + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 + kind: TalosControlPlane + name: ${CLUSTER_NAME}-control-plane + namespace: sharingio + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: OCICluster + name: ${CLUSTER_NAME} + namespace: sharingio +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: OCICluster +metadata: + labels: + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} + name: ${CLUSTER_NAME} + namespace: sharingio +spec: + compartmentId: ${OCI_COMPARTMENT_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 +kind: TalosControlPlane +metadata: + name: "${CLUSTER_NAME}-control-plane" + namespace: sharingio + labels: + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} +spec: + version: ${KUBERNETES_VERSION} + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + infrastructureTemplate: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: OCIMachineTemplate + name: "${CLUSTER_NAME}-control-plane" + controlPlaneConfig: + controlplane: + generateType: controlplane + configPatches: + - op: replace + path: /machine/install + value: + disk: /dev/sda + image: ${TALOS_INSTALL_IMAGE} + bootloader: true + wipe: false + - op: add + path: /machine/kubelet/extraArgs + value: + cloud-provider: external + provider-id: oci://{{ ds["id"] }} + - op: add + path: /cluster/apiServer/extraArgs + value: + cloud-provider: external + - op: add + path: /cluster/controllerManager/extraArgs + value: + cloud-provider: external + - op: add + path: /cluster/allowSchedulingOnMasters + value: true + # - op: add + # path: /cluster/extraManifests + # value: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: OCIMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: sharingio + labels: + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} +spec: + template: + spec: + compartmentId: ${OCI_COMPARTMENT_ID} + # imageId: ocid1.image.oc1.us-sanjose-1.aaaaaaaazpwpyk7kh6mbu2g6yihups2zf5uwt7moehbafxsu4idaew6nggxq # NOTE Oracle 8 + imageId: ${OCI_IMAGE_ID} + isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION} + metadata: + ssh_authorized_keys: "" + shape: ${OCI_CONTROL_PLANE_MACHINE_TYPE} + shapeConfig: + ocpus: "${OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS}" + networkDetails: + assignPublicIp: true + nsgIds: + - ${OCI_NETWORK_SECURITY_GROUP_ID} + subnetId: ${OCI_NETWORK_SUBNET_ID} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: OCIMachineTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: sharingio + labels: + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} +spec: + template: + spec: + compartmentId: ${OCI_COMPARTMENT_ID} + # imageId: ocid1.image.oc1.us-sanjose-1.aaaaaaaazpwpyk7kh6mbu2g6yihups2zf5uwt7moehbafxsu4idaew6nggxq # NOTE Oracle 8 + imageId: ${OCI_IMAGE_ID} + isPvEncryptionInTransitEnabled: ${OCI_NODE_PV_TRANSIT_ENCRYPTION} + metadata: + ssh_authorized_keys: "" + shape: ${OCI_NODE_MACHINE_TYPE} + shapeConfig: + ocpus: "${OCI_NODE_MACHINE_TYPE_OCPUS}" + networkDetails: + assignPublicIp: true + nsgIds: + - ${OCI_NETWORK_SECURITY_GROUP_ID} + subnetId: ${OCI_NETWORK_SUBNET_ID} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3 +kind: TalosConfigTemplate +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: sharingio + labels: + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} +spec: + template: + spec: + generateType: join + configPatches: + - op: replace + path: /machine/install + value: + disk: /dev/sda + image: ${TALOS_INSTALL_IMAGE} + bootloader: true + wipe: false + - op: add + path: /machine/kubelet/extraArgs + value: + cloud-provider: external + provider-id: oci://{{ ds["id"] }} + - op: add + path: /cluster/apiServer/extraArgs + value: + cloud-provider: external + - op: add + path: /cluster/controllerManager/extraArgs + value: + cloud-provider: external +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: ${CLUSTER_NAME}-md-0 + namespace: sharingio + labels: + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${NODE_MACHINE_COUNT} + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3 + kind: TalosConfigTemplate + name: ${CLUSTER_NAME}-md-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: OCIMachineTemplate + name: ${CLUSTER_NAME}-md-0 + version: ${KUBERNETES_VERSION} diff --git a/terraform/oci-capi-cluster/locals.tf b/terraform/oci-capi-cluster/locals.tf new file mode 100644 index 0000000..7e7373c --- /dev/null +++ b/terraform/oci-capi-cluster/locals.tf @@ -0,0 +1,5 @@ +locals { + common_labels = { + "TalosCluster" = var.cluster_name + } +} diff --git a/terraform/oci-capi-cluster/network.tf b/terraform/oci-capi-cluster/network.tf new file mode 100644 index 0000000..9492d45 --- /dev/null +++ b/terraform/oci-capi-cluster/network.tf @@ -0,0 +1,91 @@ +resource "oci_core_vcn" "vcn" { + #Required + compartment_id = var.compartment_ocid + + #Optional + cidr_blocks = var.cidr_blocks + display_name = "${var.cluster_name}-vcn" + freeform_tags = local.common_labels + is_ipv6enabled = true +} +resource "oci_core_subnet" "subnet" { + #Required + cidr_block = var.subnet_block + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn.id + prohibit_internet_ingress = false + prohibit_public_ip_on_vnic = false + + #Optional + display_name = "${var.cluster_name}-subnet" + freeform_tags = local.common_labels + security_list_ids = [oci_core_security_list.security_list.id] + route_table_id = oci_core_route_table.route_table.id +} +resource "oci_core_network_security_group" "network_security_group" { + #Required + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn.id + + #Optional + display_name = "${var.cluster_name}-security-group" + freeform_tags = local.common_labels +} +resource "oci_core_network_security_group_security_rule" "allow_all" { + network_security_group_id = oci_core_network_security_group.network_security_group.id + destination_type = "CIDR_BLOCK" + destination = "0.0.0.0/0" + protocol = "all" + direction = "EGRESS" + stateless = false +} +resource "oci_core_route_table" "route_table" { + #Required + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn.id + + #Optional + display_name = "${var.cluster_name}-route-table" + freeform_tags = local.common_labels + route_rules { + #Required + network_entity_id = oci_core_internet_gateway.internet_gateway.id + + #Optional + destination_type = "CIDR_BLOCK" + destination = "0.0.0.0/0" + } +} +resource "oci_core_security_list" "security_list" { + #Required + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn.id + + #Optional + display_name = "${var.cluster_name}-security-list" + egress_security_rules { + #Required + destination = "0.0.0.0/0" + protocol = "all" + + stateless = true + } + freeform_tags = local.common_labels + ingress_security_rules { + #Required + source = "0.0.0.0/0" + protocol = "all" + + stateless = true + } +} +resource "oci_core_internet_gateway" "internet_gateway" { + #Required + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn.id + + #Optional + enabled = true + display_name = "${var.cluster_name}-internet-gateway" + freeform_tags = local.common_labels +} diff --git a/terraform/oci-capi-cluster/output.tf b/terraform/oci-capi-cluster/output.tf new file mode 100644 index 0000000..c1f41fe --- /dev/null +++ b/terraform/oci-capi-cluster/output.tf @@ -0,0 +1,7 @@ +output "oci_network_security_group_id" { + value = oci_core_network_security_group.network_security_group.id +} + +output "oci_network_subnet_id" { + value = oci_core_subnet.subnet.id +} diff --git a/terraform/oci-capi-cluster/variables.tf b/terraform/oci-capi-cluster/variables.tf new file mode 100644 index 0000000..9aa482f --- /dev/null +++ b/terraform/oci-capi-cluster/variables.tf @@ -0,0 +1,66 @@ +variable "compartment_ocid" { + sensitive = true +} +variable "tenancy_ocid" { + sensitive = true +} +variable "user_ocid" { + sensitive = true +} +variable "fingerprint" { + sensitive = true +} +variable "private_key_path" { + default = "~/.oci/oci_main_terraform.pem" + sensitive = true +} +variable "instance_availability_domain" { + default = null +} +variable "region" { + description = "the OCI region where resources will be created" + type = string + default = null +} +variable "cluster_name" { + type = string + default = "cncfocicapi" +} +variable "cidr_blocks" { + type = set(string) + default = ["10.0.0.0/16"] +} +variable "subnet_block" { + type = string + default = "10.0.0.0/24" +} +variable "talos_version" { + type = string + default = "v1.7.6" +} +variable "kubernetes_version" { + type = string + default = "v1.30.3" +} +variable "instance_shape" { + default = "VM.Standard.A1.Flex" +} +variable "oracle_cloud_ccm_version" { + default = "v1.29.0" +} +variable "talos_ccm_version" { + type = string + default = "v1.6.0" +} +variable "pod_subnet_block" { + type = string + default = "10.32.0.0/12" +} +variable "service_subnet_block" { + type = string + default = "10.200.0.0/22" +} +variable "node_subnet_block" { + type = string + default = "192.168.0.0/16" +} diff --git a/terraform/oci-capi-cluster/versions.tf b/terraform/oci-capi-cluster/versions.tf new file mode 100644 index 0000000..c056b79 --- /dev/null +++ b/terraform/oci-capi-cluster/versions.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = "6.7.0" # TODO include version in project root providers + } + } + required_version = ">= 1.2" +} + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + private_key_path = var.private_key_path + fingerprint = var.fingerprint + region = var.region +}