| app_name |
Application name. Will be used as prefix to identify resources, such as OKE, VCN, ATP, and others |
string |
"K8s App" |
no |
| cert_manager_enabled |
Enable x509 Certificate Management |
bool |
false |
no |
| cluster_cni_type |
The CNI type to use for the cluster. Valid values are: FLANNEL_OVERLAY or OCI_VCN_IP_NATIVE |
string |
"FLANNEL_OVERLAY" |
no |
| cluster_endpoint_visibility |
The Kubernetes cluster that is created will be hosted on a public subnet with a public IP address auto-assigned or on a private subnet. If Private, additional configuration will be necessary to run kubectl commands |
string |
"Public" |
no |
| cluster_load_balancer_visibility |
The Load Balancer that is created will be hosted on a public subnet with a public IP address auto-assigned or on a private subnet. This affects the Kubernetes services, ingress controller and other load balancers resources |
string |
"Public" |
no |
| cluster_type |
The type of OKE cluster to create. Valid values are: BASIC_CLUSTER or ENHANCED_CLUSTER |
string |
"BASIC_CLUSTER" |
no |
| cluster_workers_visibility |
The Kubernetes worker nodes that are created will be hosted in public or private subnet(s) |
string |
"Private" |
no |
| compartment_ocid |
n/a |
any |
n/a |
yes |
| create_compartment_policies |
Creates policies that will reside on the compartment. e.g.: Policies to support Cluster Autoscaler, OCI Logging datasource on Grafana |
bool |
true |
no |
| create_dynamic_group_for_nodes_in_compartment |
Creates dynamic group of Nodes in the compartment. Note: You need to have proper rights on the Tenancy. If you only have rights in a compartment, uncheck and ask you administrator to create the Dynamic Group for you |
bool |
true |
no |
| create_new_compartment_for_oke |
Creates new compartment for OKE Nodes and OCI Services deployed. NOTE: The creation of the compartment increases the deployment time by at least 3 minutes, and can increase by 15 minutes when destroying |
bool |
false |
no |
| create_new_encryption_key |
Creates new vault and key on OCI Vault/Key Management/KMS and assign to boot volume of the worker nodes |
bool |
false |
no |
| create_new_oke_cluster |
Creates a new OKE cluster, node pool and network resources |
bool |
true |
no |
| create_new_vcn |
Creates a new Virtual Cloud Network (VCN). If false, the VCN must be provided in the variable 'existent_vcn_ocid'. |
bool |
true |
no |
| create_pod_network_subnet |
Create PODs Network subnet for OKE. To be used with CNI Type OCI_VCN_IP_NATIVE |
bool |
false |
no |
| create_subnets |
Create subnets for OKE: Endpoint, Nodes, Load Balancers. If CNI Type OCI_VCN_IP_NATIVE, also creates the PODs VCN. If FSS Mount Targets, also creates the FSS Mount Targets Subnet |
bool |
true |
no |
| create_vault_policies_for_group |
Creates policies to allow the user applying the stack to manage vault and keys. If you are on the Administrators group or already have the policies for a compartment, this policy is not needed. If you do not have access to allow the policy, ask your administrator to include it for you |
bool |
false |
no |
| existent_dynamic_group_for_nodes_in_compartment |
Enter previous created Dynamic Group for the policies |
string |
"" |
no |
| existent_encryption_key_id |
Use an existent master encryption key to encrypt boot volume and object storage bucket. NOTE: If the key resides in a different compartment or in a different tenancy, make sure you have the proper policies to access, or the provision of the worker nodes will fail |
string |
"" |
no |
| existent_oke_cluster_id |
Using existent OKE Cluster. Only the application and services will be provisioned. If select cluster autoscaler feature, you need to get the node pool id and enter when required |
string |
"" |
no |
| existent_oke_fss_mount_targets_subnet_ocid |
The OCID of the subnet where the Kubernetes FSS mount targets will be hosted |
string |
"" |
no |
| existent_oke_k8s_endpoint_subnet_ocid |
The OCID of the subnet where the Kubernetes cluster endpoint will be hosted |
string |
"" |
no |
| existent_oke_load_balancer_subnet_ocid |
The OCID of the subnet where the Kubernetes load balancers will be hosted |
string |
"" |
no |
| existent_oke_nodepool_id_for_autoscaler_1 |
Nodepool Id of the existent OKE to use with Cluster Autoscaler (pool1) |
string |
"" |
no |
| existent_oke_nodes_subnet_ocid |
The OCID of the subnet where the Kubernetes worker nodes will be hosted |
string |
"" |
no |
| existent_oke_vcn_native_pod_networking_subnet_ocid |
The OCID of the subnet where the Kubernetes VCN Native Pod Networking will be hosted |
string |
"" |
no |
| existent_vcn_compartment_ocid |
Compartment OCID for existent Virtual Cloud Network (VCN). |
string |
"" |
no |
| existent_vcn_ocid |
Using existent Virtual Cloud Network (VCN) OCID. |
string |
"" |
no |
| extra_initial_node_labels_1 |
Extra initial node labels to be added to the node pool 1 |
list |
[] |
no |
| extra_node_pools |
Extra node pools to be added to the cluster |
list |
[] |
no |
| extra_route_tables |
Extra route tables to be created. |
list |
[] |
no |
| extra_security_list_name_for_api_endpoint |
Extra security list name previosly created to be used by the K8s API Endpoint Subnet. |
any |
null |
no |
| extra_security_list_name_for_nodes |
Extra security list name previosly created to be used by the Nodes Subnet. |
any |
null |
no |
| extra_security_list_name_for_vcn_native_pod_networking |
Extra security list name previosly created to be used by the VCN Native Pod Networking Subnet. |
any |
null |
no |
| extra_security_lists |
Extra security lists to be created. |
list |
[] |
no |
| extra_subnets |
Extra subnets to be created. |
list |
[] |
no |
| fingerprint |
n/a |
string |
"" |
no |
| generate_public_ssh_key |
n/a |
bool |
true |
no |
| grafana_enabled |
Enable Grafana Dashboards. Includes example dashboards and Prometheus, OCI Logging and OCI Metrics datasources |
bool |
false |
no |
| image_operating_system_1 |
The OS/image installed on all nodes in the node pool. |
string |
"Oracle Linux" |
no |
| image_operating_system_version_1 |
The OS/image version installed on all nodes in the node pool. |
string |
"8" |
no |
| ingress_cluster_issuer |
Certificate issuer type. Currently supports the free Let's Encrypt and Self-Signed. Only letsencrypt-prod generates valid certificates |
string |
"letsencrypt-prod" |
no |
| ingress_email_issuer |
You must replace this email address with your own. The certificate provider will use this to contact you about expiring certificates, and issues related to your account. |
string |
"[email protected]" |
no |
| ingress_hosts |
Enter a valid full qualified domain name (FQDN). You will need to map the domain name to the EXTERNAL-IP address on your DNS provider (DNS Registry type - A). If you have multiple domain names, include separated by comma. e.g.: mushop.example.com,catshop.com |
string |
"" |
no |
| ingress_hosts_include_nip_io |
Include app_name.HEXXX.nip.io on the ingress hosts. e.g.: mushop.HEXXX.nip.io |
bool |
true |
no |
| ingress_load_balancer_shape |
Shape that will be included on the Ingress annotation for the OCI Load Balancer creation |
string |
"flexible" |
no |
| ingress_load_balancer_shape_flex_max |
Enter the maximum size of the flexible shape (Should be bigger than minimum size). The maximum service limit is set by your tenancy limits. |
string |
"100" |
no |
| ingress_load_balancer_shape_flex_min |
Enter the minimum size of the flexible shape. |
string |
"10" |
no |
| ingress_nginx_enabled |
Enable Ingress Nginx for Kubernetes Services (This option provision a Load Balancer) |
bool |
false |
no |
| ingress_tls |
If enabled, will generate SSL certificates to enable HTTPS for the ingress using the Certificate Issuer |
bool |
false |
no |
| ipv6private_cidr_blocks |
The list of one or more ULA or Private IPv6 CIDR blocks for the Virtual Cloud Network (VCN). |
list |
[] |
no |
| is_ipv6enabled |
Whether IPv6 is enabled for the Virtual Cloud Network (VCN). |
bool |
false |
no |
| k8s_version |
Kubernetes version installed on your Control Plane and worker nodes. If not version select, will use the latest available. |
string |
"Latest" |
no |
| metrics_server_enabled |
Enable Metrics Server for Metrics, HPA, VPA and Cluster Autoscaler |
bool |
true |
no |
| nip_io_domain |
Dynamic wildcard DNS for the application hostname. Should support hex notation. e.g.: nip.io |
string |
"nip.io" |
no |
| node_pool_autoscaler_enabled_1 |
Enable Cluster Autoscaler on the node pool (pool1). Node pools will auto scale based on the resources usage and will add or remove nodes (Compute) based on the min and max number of nodes |
bool |
true |
no |
| node_pool_boot_volume_size_in_gbs_1 |
Specify a custom boot volume size (in GB) |
string |
"60" |
no |
| node_pool_cloud_init_parts_1 |
Node Pool nodes Cloud init parts |
list(object({
content_type = string
content = string
filename = string
})) |
[] |
no |
| node_pool_cni_type_1 |
The CNI type to use for the cluster. Valid values are: FLANNEL_OVERLAY or OCI_VCN_IP_NATIVE |
string |
"FLANNEL_OVERLAY" |
no |
| node_pool_initial_num_worker_nodes_1 |
The number of worker nodes in the node pool. If enable Cluster Autoscaler, will assume the minimum number of nodes on the node pool to be scheduled by the Kubernetes (pool1) |
number |
3 |
no |
| node_pool_instance_shape_1 |
A shape is a template that determines the number of OCPUs, amount of memory, and other resources allocated to a newly created instance for the Worker Node. Select at least 2 OCPUs and 16GB of memory if using Flex shapes |
map(any) |
{
"instanceShape": "VM.Standard.E4.Flex",
"memory": 16,
"ocpus": 2
} |
no |
| node_pool_max_num_worker_nodes_1 |
Maximum number of nodes on the node pool to be scheduled by the Kubernetes (pool1) |
number |
10 |
no |
| node_pool_name_1 |
Name of the node pool 1 |
string |
"pool1" |
no |
| node_pool_oke_init_params_1 |
OKE Init params |
string |
"" |
no |
| node_pool_shape_specific_ad_1 |
The number of the AD to get the shape for the node pool |
number |
0 |
no |
| oke_compartment_description |
n/a |
string |
"Compartment for OKE, Nodes and Services" |
no |
| pods_network_visibility |
The PODs that are created will be hosted on a public subnet with a public IP address auto-assigned or on a private subnet. This affects the Kubernetes services and pods |
string |
"Private" |
no |
| private_key_path |
n/a |
string |
"" |
no |
| prometheus_enabled |
Enable Prometheus |
bool |
false |
no |
| public_ssh_key |
In order to access your private nodes with a public SSH key you will need to set up a bastion host (a.k.a. jump box). If using public nodes, bastion is not needed. Left blank to not import keys. |
string |
"" |
no |
| region |
n/a |
any |
n/a |
yes |
| tag_values |
Use Tagging to add metadata to resources. All resources created by this stack will be tagged with the selected tag values. |
map(any) |
{
"definedTags": {},
"freeformTags": {
"DeploymentType": "generic",
"Environment": "Development"
}
} |
no |
| tenancy_ocid |
############################################################################### OCI Provider Variables ############################################################################### |
any |
n/a |
yes |
| use_encryption_from_oci_vault |
By default, Oracle manages the keys that encrypts Kubernetes Secrets at Rest in Etcd, but you can choose a key from a vault that you have access to, if you want greater control over the key's lifecycle and how it's used |
bool |
false |
no |
| user_admin_group_for_vault_policy |
User Identity Group to allow manage vault and keys. The user running the Terraform scripts or Applying the ORM Stack need to be on this group |
string |
"Administrators" |
no |
| user_ocid |
n/a |
string |
"" |
no |
| vcn_cidr_blocks |
IPv4 CIDR Blocks for the Virtual Cloud Network (VCN). If use more than one block, separate them with comma. e.g.: 10.20.0.0/16,10.80.0.0/16. If you plan to peer this VCN with another VCN, the VCNs must not have overlapping CIDRs. |
string |
"10.20.0.0/16" |
no |