Internet Connectivity for OCI Compute Instances

Question

Pulumi · Accepted Answer

To enable internet connectivity for Oracle Cloud Infrastructure (OCI) Compute instances, one typically needs to create a Virtual Cloud Network (VCN), attach an Internet Gateway to that VCN, set up a Route Table with a rule that directs traffic to the Internet Gateway, configure Security Lists or Network Security Groups to allow traffic, and finally, ensure that your Compute instances are configured with a public IP if they need to be accessible from the internet.

Let's go through the process step by step with Pulumi in Python:

1. **Virtual Cloud Network (VCN)**: This acts as your own isolated cloud network within the OCI environment. It's where your compute resources live.

2. **Internet Gateway**: An Internet Gateway allows resources within your VCN to access the internet and vice versa.

3. **Route Table**: This contains a set of rules, known as routes, that are used to determine where network traffic is directed.

4. **Security Lists**: These act as virtual firewalls for your Compute instances, defining what kind of traffic is allowed in and out.

5. **Public IP**: Assigning a Public IP to your instance will make it accessible from the internet.

Below is a Pulumi program that sets up these components and ensures that a Compute instance in OCI has internet connectivity.

```python
import pulumi
import pulumi_oci as oci

# Configure your OCI region
oci.config.region = 'us-ashburn-1'

# Create a Virtual Cloud Network (VCN) for your compute instances
vcn = oci.core.VirtualNetwork(
    "myVcn",
    cidr_block="10.0.0.0/16",
    display_name="my-virtual-cloud-network",
    compartment_id=oci.config.compartment
)

# Create an Internet Gateway for the VCN
internet_gateway = oci.core.InternetGateway(
    "myInternetGateway",
    vcn_id=vcn.id,
    enabled=True,  # Make sure the Internet Gateway is enabled
    compartment_id=vci.config.compartment
)

# Create a Route Table for the VCN that directs internet-bound traffic to the Internet Gateway
route_table = oci.core.RouteTable(
    "myRouteTable",
    vcn_id=vcn.id,
    route_rules=[{
        'cidrBlock': '0.0.0.0/0',
        'networkEntityId': internet_gateway.id,
    }],
    compartment_id=oci.config.compartment
)

# Create a Security List for the VCN that allows SSH and HTTP traffic
security_list = oci.core.SecurityList(
    "mySecurityList",
    vcn_id=vcn.id,
    egress_security_rules=[{'destination': '0.0.0.0/0', 'protocol': 'all'}],
    ingress_security_rules=[{
        'source': '0.0.0.0/0',
        'protocol': '6',
        'source_port_range': {'max': 22, 'min': 22},
    }, {
        'source': '0.0.0.0/0',
        'protocol': '6',
        'source_port_range': {'max': 80, 'min': 80},
    }],
    compartment_id=oci.config.compartment
)

# Now, you would typically launch a Compute instance attached to this VCN, using the route table,
# Internet Gateway, and Security List configurations to provide internet access.
# Ensure you assign a public IP to the instance if you want it to be reachable from the internet.

# Note: Be sure to replace the placeholders with actual instance configurations.
# And bind the instance to the VCN's subnet and assign a public IP.

compute_instance = oci.core.Instance(
    "myComputeInstance",
    availability_domain='REPLACE_THIS_WITH_YOUR_AD',  # Replace with your Availability Domain
    compartment_id=oci.config.compartment,
    shape="VM.Standard2.1",  # Replace with your compute shape
    subnet_id=oci.core.Subnet(
        "mySubnet",
        vcn_id=vcn.id,
        cidr_block="10.0.1.0/24",
        route_table_id=route_table.id,
        security_list_ids=[security_list.id],
        compartment_id=oci.config.compartment,
        assign_public_ip=True  # Enable public IP
    ).id,
    source_details={
        'sourceType': 'image',
        'imageId': 'REPLACE_THIS_WITH_YOUR_IMAGE_ID'  # Replace with the OCID of the image to use
    },
    display_name="my-compute-instance"
)

# Export the public IP of the compute instance
compute_instance_public_ip = pulumi.Output.all(compute_instance).apply(
    lambda instance: instance.public_ip
)
pulumi.export('computeInstancePublicIP', compute_instance_public_ip)
```

In this program:

- We create a VCN that acts as a private network for your compute resources.
- We set up an Internet Gateway, which is a necessity for the instances inside the VCN to have internet access.
- We configure a Route Table to direct internet-bound traffic out through the Internet Gateway.
- We outline Security Rules in a Security List which will apply to our Compute instance for allowing that traffic.
- For the `oci.core.Instance` resource, we would need to provide an Availability Domain, Shape, and Image ID specific to your OCI account and needs, which are crucial for the instantiation of the compute instance.
- Finally, we export the public IP address of the compute instance so you can know how to access it externally.

Keep in mind that you need to replace the placeholders for `availability_domain`, `shape`, and `imageId` with actual values that are applicable to your OCI account. The provided code assumes you've set up your OCI provider and have an available compartment into which these resources will be provisioned.