Inputs
The module supports the following configuration for created resources:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_rules_internal_lb | A map of additional rules to allow incoming traffic for internal load balancers. | any | {} | no |
| allow_rules_public_lb | A map of additional rules to allow incoming traffic for public load balancers. | any | {} | no |
| allow_rules_workers | A map of additional rules to allow traffic for the workers. | any | {} | no |
| defined_tags | Defined tags to be applied to created resources. Must already exist in the tenancy. | any | { "bastion": {}, "cluster": {}, "iam": {}, "network": {}, "operator": {}, "persistent_volume": {}, "service_lb": {}, "workers": {} } | no |
| drg_attachments | DRG attachment configurations. | any | {} | no |
| freeform_tags | Freeform tags to be applied to created resources. | any | { "bastion": {}, "cluster": {}, "iam": {}, "network": {}, "operator": {}, "persistent_volume": {}, "service_lb": {}, "workers": {} } | no |
| worker_pools | Tuple of OKE worker pools where each key maps to the OCID of an OCI resource, and value contains its definition. | any | {} | no |
| allow_bastion_cluster_access | Whether to allow access to the Kubernetes cluster endpoint from the bastion host. | bool | false | no |
| allow_node_port_access | Whether to allow access from worker NodePort range to load balancers. | bool | false | no |
| allow_pod_internet_access | Allow pods to egress to internet. Ignored when cni_type != 'npn'. | bool | true | no |
| allow_worker_internet_access | Allow worker nodes to egress to internet. Required if container images are in a registry other than OCIR. | bool | true | no |
| allow_worker_ssh_access | Whether to allow SSH access to worker nodes. | bool | false | no |
| assign_dns | Whether to assign DNS records to created instances or disable DNS resolution of hostnames in the VCN. | bool | true | no |
| assign_public_ip_to_control_plane | Whether to assign a public IP address to the API endpoint for public access. Requires the control plane subnet to be public to assign a public IP address. | bool | false | no |
| bastion_is_public | Whether to create allocate a public IP and subnet for the created bastion host. | bool | true | no |
| bastion_upgrade | Whether to upgrade bastion packages after provisioning. | bool | false | no |
| cilium_install | Whether to deploy the Cilium Helm chart. May only be enabled when cni_type = 'flannel'. See https://docs.cilium.io. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| cilium_reapply | Whether to force reapply of the chart when no changes are detected, e.g. with state modified externally. | bool | false | no |
| cluster_autoscaler_install | Whether to deploy the Kubernetes Cluster Autoscaler Helm chart. See kubernetes/autoscaler. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| control_plane_is_public | Whether the Kubernetes control plane endpoint should be allocated a public IP address to enable access over public internet. | bool | false | no |
| create_bastion | Whether to create a bastion host. | bool | true | no |
| create_cluster | Whether to create the OKE cluster and dependent resources. | bool | true | no |
| create_drg | Whether to create a Dynamic Routing Gateway and attach it to the VCN. | bool | false | no |
| create_iam_defined_tags | Whether to create defined tags used for IAM policy and tracking. Ignored when 'create_iam_resources' is false. | bool | false | no |
| create_iam_resources | Whether to create IAM dynamic groups, policies, and tags. Resources for components may be controlled individually with 'create_iam_*' variables when enabled. Ignored when 'create_iam_resources' is false. | bool | false | no |
| create_iam_tag_namespace | Whether to create a namespace for defined tags used for IAM policy and tracking. Ignored when 'create_iam_resources' is false. | bool | false | no |
| create_operator | Whether to create an operator server in a private subnet. | bool | true | no |
| create_service_account | Wether to create a service account or not. | bool | false | no |
| create_vcn | Whether to create a Virtual Cloud Network. | bool | true | no |
| dcgm_exporter_install | Whether to deploy the DCGM exporter Helm chart. See DCGM-Exporter. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| dcgm_exporter_reapply | Whether to force reapply of the Helm chart when no changes are detected, e.g. with state modified externally. | bool | false | no |
| enable_waf | Whether to enable WAF monitoring of load balancers. | bool | false | no |
| gatekeeper_install | Whether to deploy the Gatekeeper Helm chart. See https://github.com/open-policy-agent/gatekeeper. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| lockdown_default_seclist | Whether to remove all default security rules from the VCN Default Security List. | bool | true | no |
| metrics_server_install | Whether to deploy the Kubernetes Metrics Server Helm chart. See kubernetes-sigs/metrics-server. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| mpi_operator_install | Whether to deploy the MPI Operator. See kubeflow/mpi-operator. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| multus_install | Whether to deploy Multus. See k8snetworkplumbingwg/multus-cni. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| operator_install_helm | Whether to install Helm on the created operator host. | bool | true | no |
| operator_install_istioctl | Whether to install istioctl on the created operator host. | bool | false | no |
| operator_install_k9s | Whether to install k9s on the created operator host. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| operator_install_kubectl_from_repo | Whether to install kubectl on the created operator host from olcne repo. | bool | true | no |
| operator_install_kubectx | Whether to install kubectx/kubens on the created operator host. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | true | no |
| operator_pv_transit_encryption | Whether to enable in-transit encryption for the data volume's paravirtualized attachment. | bool | false | no |
| operator_upgrade | Whether to upgrade operator packages after provisioning. | bool | false | no |
| output_detail | Whether to include detailed output in state. | bool | false | no |
| prometheus_install | Whether to deploy the Prometheus Helm chart. See https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| prometheus_reapply | Whether to force reapply of the Prometheus Helm chart when no changes are detected, e.g. with state modified externally. | bool | false | no |
| rdma_cni_plugin_install | Whether to deploy the SR-IOV CNI Plugin. See <a href=https://github.com/openshift/sriov-cni. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| sriov_cni_plugin_install | Whether to deploy the SR-IOV CNI Plugin. See <a href=https://github.com/openshift/sriov-cni. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| sriov_device_plugin_install | Whether to deploy the SR-IOV Network Device Plugin. See k8snetworkplumbingwg/sriov-network-device-plugin. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| use_defined_tags | Whether to apply defined tags to created resources for IAM policy and tracking. | bool | false | no |
| use_signed_images | Whether to enforce the use of signed images. If set to true, at least 1 RSA key must be provided through image_signing_keys. | bool | false | no |
| whereabouts_install | Whether to deploy the MPI Operator. See k8snetworkplumbingwg/whereabouts. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk. | bool | false | no |
| worker_disable_default_cloud_init | Whether to disable the default OKE cloud init and only use the cloud init explicitly passed to the worker pool in 'worker_cloud_init'. | bool | false | no |
| worker_drain_delete_local_data | Whether to accept removal of data stored locally on draining worker pools. See kubectl drain for more information. | bool | true | no |
| worker_drain_ignore_daemonsets | Whether to ignore DaemonSet-managed Pods when draining worker pools. See kubectl drain for more information. | bool | true | no |
| worker_is_public | Whether to provision workers with public IPs allocated by default when unspecified on a pool. | bool | false | no |
| worker_pv_transit_encryption | Whether to enable in-transit encryption for the data volume's paravirtualized attachment by default when unspecified on a pool. | bool | false | no |
| internet_gateway_route_rules | (Updatable) List of routing rules to add to Internet Gateway Route Table. | list(map(string)) | null | no |
| nat_gateway_route_rules | (Updatable) List of routing rules to add to NAT Gateway Route Table. | list(map(string)) | null | no |
| operator_cloud_init | List of maps containing cloud init MIME part configuration for operator host. See https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/cloudinit_config.html#part for expected schema of each element. | list(map(string)) | [] | no |
| worker_cloud_init | List of maps containing cloud init MIME part configuration for worker nodes. Merged with pool-specific definitions. See https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/cloudinit_config.html#part for expected schema of each element. | list(map(string)) | [] | no |
| bastion_allowed_cidrs | A list of CIDR blocks to allow SSH access to the bastion host. NOTE: Default is empty i.e. no access permitted. Allow access from anywhere with '0.0.0.0/0'. | list(string) | [] | no |
| bastion_nsg_ids | An additional list of network security group (NSG) IDs for bastion security. | list(string) | [] | no |
| cilium_helm_values_files | Paths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags]. | list(string) | [] | no |
| cluster_autoscaler_helm_values_files | Paths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags]. | list(string) | [] | no |
| control_plane_allowed_cidrs | The list of CIDR blocks from which the control plane can be accessed. | list(string) | [] | no |
| dcgm_exporter_helm_values_files | Paths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags]. | list(string) | [] | no |
| gatekeeper_helm_values_files | Paths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags]. | list(string) | [] | no |
| metrics_server_helm_values_files | Paths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags]. | list(string) | [] | no |
| operator_nsg_ids | An optional and updatable list of network security groups that the operator will be part of. | list(string) | [] | no |
| pod_nsg_ids | An additional list of network security group (NSG) IDs for pod security. Combined with 'pod_nsg_ids' specified on each pool. | list(string) | [] | no |
| prometheus_helm_values_files | Paths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags]. | list(string) | [] | no |
| vcn_cidrs | The list of IPv4 CIDR blocks the VCN will use. | list(string) | [ "10.0.0.0/16" ] | no |
| worker_nsg_ids | An additional list of network security group (NSG) IDs for node security. Combined with 'nsg_ids' specified on each pool. | list(string) | [] | no |
| bastion_shape | The shape of bastion instance. | map(any) | { "boot_volume_size": 50, "memory": 4, "ocpus": 1, "shape": "VM.Standard.E4.Flex" } | no |
| local_peering_gateways | Map of Local Peering Gateways to attach to the VCN. | map(any) | null | no |
| operator_shape | Shape of the created operator instance. | map(any) | { "boot_volume_size": 50, "memory": 4, "ocpus": 1, "shape": "VM.Standard.E4.Flex" } | no |
| remote_peering_connections | Map of parameters to add and optionally to peer to remote peering connections. Key-only items represent local acceptors and no peering attempted; items containing key and values represent local requestor and must have the OCID and region of the remote acceptor to peer to | map(any) | {} | no |
| service_accounts | Map of service accounts and associated parameters. | map(any) | { "kubeconfigsa": { "sa_cluster_role": "cluster-admin", "sa_cluster_role_binding": "kubeconfigsa-crb", "sa_name": "kubeconfigsa", "sa_namespace": "kube-system" } } | no |
| worker_preemptible_config | Default preemptible Compute configuration when unspecified on a pool. See Preemptible Worker Nodes for more information. | map(any) | { "enable": false, "is_preserve_boot_volume": false } | no |
| worker_shape | Default shape of the created worker instance when unspecified on a pool. | map(any) | { "boot_volume_size": 50, "boot_volume_vpus_per_gb": 10, "memory": 16, "ocpus": 2, "shape": "VM.Standard.E4.Flex" } | no |
| subnets | Configuration for standard subnets. The 'create' parameter of each entry defaults to 'auto', creating subnets when other enabled components are expected to utilize them, and may be configured with 'never' or 'always' to force disabled/enabled. | map(object({ create = optional(string) id = optional(string) newbits = optional(string) netnum = optional(string) cidr = optional(string) dns_label = optional(string) })) | { "bastion": { "newbits": 13 }, "cp": { "newbits": 13 }, "int_lb": { "newbits": 11 }, "operator": { "newbits": 13 }, "pods": { "newbits": 2 }, "pub_lb": { "newbits": 11 }, "workers": { "newbits": 4 } } | no |
| nsgs | Configuration for standard network security groups (NSGs). The 'create' parameter of each entry defaults to 'auto', creating NSGs when other enabled components are expected to utilize them, and may be configured with 'never' or 'always' to force disabled/enabled. | map(object({ create = optional(string) id = optional(string) })) | { "bastion": {}, "cp": {}, "int_lb": {}, "operator": {}, "pods": {}, "pub_lb": {}, "workers": {} } | no |
| bastion_defined_tags | Defined tags applied to created resources. | map(string) | {} | no |
| bastion_freeform_tags | Freeform tags applied to created resources. | map(string) | {} | no |
| cilium_helm_values | Map of individual Helm chart values. See https://registry.terraform.io/providers/hashicorp/helm/latest/docs/data-sources/template. | map(string) | {} | no |
| cluster_autoscaler_helm_values | Map of individual Helm chart values. See data.helm_template. | map(string) | {} | no |
| cluster_defined_tags | Defined tags applied to created resources. | map(string) | {} | no |
| cluster_freeform_tags | Freeform tags applied to created resources. | map(string) | {} | no |
| dcgm_exporter_helm_values | Map of individual Helm chart values. See data.helm_template. | map(string) | {} | no |
| gatekeeper_helm_values | Map of individual Helm chart values. See data.helm_template. | map(string) | {} | no |
| iam_defined_tags | Defined tags applied to created resources. | map(string) | {} | no |
| iam_freeform_tags | Freeform tags applied to created resources. | map(string) | {} | no |
| metrics_server_helm_values | Map of individual Helm chart values. See data.helm_template. | map(string) | {} | no |
| network_defined_tags | Defined tags applied to created resources. | map(string) | {} | no |
| network_freeform_tags | Freeform tags applied to created resources. | map(string) | {} | no |
| operator_defined_tags | Defined tags applied to created resources. | map(string) | {} | no |
| operator_freeform_tags | Freeform tags applied to created resources. | map(string) | {} | no |
| persistent_volume_defined_tags | Defined tags applied to created resources. | map(string) | {} | no |
| persistent_volume_freeform_tags | Freeform tags applied to created resources. | map(string) | {} | no |
| prometheus_helm_values | Map of individual Helm chart values. See data.helm_template. | map(string) | {} | no |
| service_lb_defined_tags | Defined tags applied to created resources. | map(string) | {} | no |
| service_lb_freeform_tags | Freeform tags applied to created resources. | map(string) | {} | no |
| worker_node_labels | Default worker node labels. Merged with labels defined on each pool. | map(string) | {} | no |
| worker_node_metadata | Map of additional worker node instance metadata. Merged with metadata defined on each pool. | map(string) | {} | no |
| workers_defined_tags | Defined tags applied to created resources. | map(string) | {} | no |
| workers_freeform_tags | Freeform tags applied to created resources. | map(string) | {} | no |
| max_pods_per_node | The default maximum number of pods to deploy per node when unspecified on a pool. Absolute maximum is 110. Ignored when when cni_type != 'npn'. | number | 31 | no |
| worker_drain_timeout_seconds | The length of time to wait before giving up on draining nodes in a pool. See kubectl drain for more information. | number | 900 | no |
| worker_pool_size | Default size for worker pools when unspecified on a pool. | number | 0 | no |
| agent_config | Default agent_config for self-managed worker pools created with mode: 'instance', 'instance-pool', or 'cluster-network'. See <a href=https://docs.oracle.com/en-us/iaas/api/#/en/iaas/20160918/datatypes/InstanceAgentConfig for more information. | object({ are_all_plugins_disabled = bool, is_management_disabled = bool, is_monitoring_disabled = bool, plugins_config = map(string), }) | null | no |
| platform_config | Default platform_config for self-managed worker pools created with mode: 'instance', 'instance-pool', or 'cluster-network'. See PlatformConfig for more information. | object({ type = optional(string), are_virtual_instructions_enabled = optional(bool), is_access_control_service_enabled = optional(bool), is_input_output_memory_management_unit_enabled = optional(bool), is_measured_boot_enabled = optional(bool), is_memory_encryption_enabled = optional(bool), is_secure_boot_enabled = optional(bool), is_symmetric_multi_threading_enabled = optional(bool), is_trusted_platform_module_enabled = optional(bool), numa_nodes_per_socket = optional(number), percentage_of_cores_enabled = optional(bool), }) | null | no |
| control_plane_nsg_ids | An additional list of network security groups (NSG) ids for the cluster endpoint. | set(string) | [] | no |
| image_signing_keys | A list of KMS key ids used by the worker nodes to verify signed images. The keys must use RSA algorithm. | set(string) | [] | no |
| api_fingerprint | Fingerprint of the API private key to use with OCI API. | string | null | no |
| api_private_key | The contents of the private key file to use with OCI API, optionally base64-encoded. This takes precedence over private_key_path if both are specified in the provider. | string | null | no |
| api_private_key_password | The corresponding private key password to use with the api private key if it is encrypted. | string | null | no |
| api_private_key_path | The path to the OCI API private key. | string | null | no |
| await_node_readiness | Optionally block completion of Terraform apply until one/all worker nodes become ready. | string | "none" | no |
| bastion_availability_domain | The availability domain for bastion placement. Defaults to first available. | string | null | no |
| bastion_image_id | Image ID for created bastion instance. | string | null | no |
| bastion_image_os | Bastion image operating system name when bastion_image_type = 'platform'. | string | "Oracle Autonomous Linux" | no |
| bastion_image_os_version | Bastion image operating system version when bastion_image_type = 'platform'. | string | "8" | no |
| bastion_image_type | Whether to use a platform or custom image for the created bastion instance. When custom is set, the bastion_image_id must be specified. | string | "platform" | no |
| bastion_public_ip | The IP address of an existing bastion host, if create_bastion = false. | string | null | no |
| bastion_user | User for SSH access through bastion host. | string | "opc" | no |
| cilium_helm_version | Version of the Helm chart to install. List available releases using helm search repo [keyword] --versions. | string | "1.14.4" | no |
| cilium_namespace | Kubernetes namespace for deployed resources. | string | "kube-system" | no |
| cluster_autoscaler_helm_version | Version of the Helm chart to install. List available releases using helm search repo [keyword] --versions. | string | "9.24.0" | no |
| cluster_autoscaler_namespace | Kubernetes namespace for deployed resources. | string | "kube-system" | no |
| cluster_ca_cert | Base64+PEM-encoded cluster CA certificate for unmanaged instance pools. Determined automatically when 'create_cluster' = true or 'cluster_id' is provided. | string | null | no |
| cluster_dns | Cluster DNS resolver IP address. Determined automatically when not set (recommended). | string | null | no |
| cluster_id | An existing OKE cluster OCID when create_cluster = false. | string | null | no |
| cluster_kms_key_id | The id of the OCI KMS key to be used as the master encryption key for Kubernetes secrets encryption. | string | "" | no |
| cluster_name | The name of oke cluster. | string | "oke" | no |
| cluster_type | The cluster type. See Working with Enhanced Clusters and Basic Clusters for more information. | string | "basic" | no |
| cni_type | The CNI for the cluster: 'flannel' or 'npn'. See Pod Networking. | string | "flannel" | no |
| compartment_id | The compartment id where resources will be created. | string | null | no |
| compartment_ocid | A compartment OCID automatically populated by Resource Manager. | string | null | no |
| config_file_profile | The profile within the OCI config file to use. | string | "DEFAULT" | no |
| create_iam_autoscaler_policy | Whether to create an IAM dynamic group and policy rules for Cluster Autoscaler management. Depends on configuration of associated component when set to 'auto'. Ignored when 'create_iam_resources' is false. | string | "auto" | no |
| create_iam_kms_policy | Whether to create an IAM dynamic group and policy rules for cluster autoscaler. Depends on configuration of associated components when set to 'auto'. Ignored when 'create_iam_resources' is false. | string | "auto" | no |
| create_iam_operator_policy | Whether to create an IAM dynamic group and policy rules for operator access to the OKE control plane. Depends on configuration of associated components when set to 'auto'. Ignored when 'create_iam_resources' is false. | string | "auto" | no |
| create_iam_worker_policy | Whether to create an IAM dynamic group and policy rules for self-managed worker nodes. Depends on configuration of associated components when set to 'auto'. Ignored when 'create_iam_resources' is false. | string | "auto" | no |
| current_user_ocid | A user OCID automatically populated by Resource Manager. | string | null | no |
| dcgm_exporter_helm_version | Version of the Helm chart to install. List available releases using helm search repo [keyword] --versions. | string | "3.1.5" | no |
| dcgm_exporter_namespace | Kubernetes namespace for deployed resources. | string | "metrics" | no |
| drg_compartment_id | Compartment for the DRG resource. Can be used to override network_compartment_id. | string | null | no |
| drg_display_name | (Updatable) Name of the created Dynamic Routing Gateway. Does not have to be unique. Defaults to 'oke' suffixed with the generated Terraform 'state_id' value. | string | null | no |
| drg_id | ID of an external created Dynamic Routing Gateway to be attached to the VCN. | string | null | no |
| gatekeeper_helm_version | Version of the Helm chart to install. List available releases using helm search repo [keyword] --versions. | string | "3.11.0" | no |
| gatekeeper_namespace | Kubernetes namespace for deployed resources. | string | "kube-system" | no |
| home_region | The tenancy's home region. Required to perform identity operations. | string | null | no |
| ig_route_table_id | Optional ID of existing internet gateway in VCN. | string | null | no |
| kubeproxy_mode | The mode in which to run kube-proxy when unspecified on a pool. | string | "iptables" | no |
| kubernetes_version | The version of kubernetes to use when provisioning OKE or to upgrade an existing OKE cluster to. | string | "v1.26.2" | no |
| load_balancers | The type of subnets to create for load balancers. | string | "both" | no |
| metrics_server_helm_version | Version of the Helm chart to install. List available releases using helm search repo [keyword] --versions. | string | "3.8.3" | no |
| metrics_server_namespace | Kubernetes namespace for deployed resources. | string | "metrics" | no |
| mpi_operator_deployment_url | The URL path to the manifest. Leave unset for tags of kubeflow/mpi-operator using mpi_operator_version. | string | null | no |
| mpi_operator_namespace | Kubernetes namespace for deployed resources. | string | "default" | no |
| mpi_operator_version | Version to install. Ignored when an explicit value for mpi_operator_deployment_url is provided. | string | "0.4.0" | no |
| multus_daemonset_url | The URL path to the Multus manifest. Leave unset for tags of k8snetworkplumbingwg/multus-cni using multus_version. | string | null | no |
| multus_namespace | Kubernetes namespace for deployed resources. | string | "network" | no |
| multus_version | Version of Multus to install. Ignored when an explicit value for multus_daemonset_url is provided. | string | "3.9.3" | no |
| nat_gateway_public_ip_id | OCID of reserved IP address for NAT gateway. The reserved public IP address needs to be manually created. | string | null | no |
| nat_route_table_id | Optional ID of existing NAT gateway in VCN. | string | null | no |
| network_compartment_id | The compartment id where network resources will be created. | string | null | no |
| ocir_email_address | The email address used for the Oracle Container Image Registry (OCIR). | string | null | no |
| ocir_secret_id | The OCI Vault secret ID for the OCIR authentication token. | string | null | no |
| ocir_secret_name | The name of the Kubernetes secret to be created with the OCIR authentication token. | string | "ocirsecret" | no |
| ocir_secret_namespace | The Kubernetes namespace in which to create the OCIR secret. | string | "default" | no |
| ocir_username | A username with access to the OCI Vault secret for OCIR access. Required when 'ocir_secret_id' is provided. | string | null | no |
| operator_availability_domain | The availability domain for FSS placement. Defaults to first available. | string | null | no |
| operator_image_id | Image ID for created operator instance. | string | null | no |
| operator_image_os | Operator image operating system name when operator_image_type = 'platform'. | string | "Oracle Linux" | no |
| operator_image_os_version | Operator image operating system version when operator_image_type = 'platform'. | string | "8" | no |
| operator_image_type | Whether to use a platform or custom image for the created operator instance. When custom is set, the operator_image_id must be specified. | string | "platform" | no |
| operator_private_ip | The IP address of an existing operator host. Ignored when create_operator = true. | string | null | no |
| operator_user | User for SSH access to operator host. | string | "opc" | no |
| operator_volume_kms_key_id | The OCID of the OCI KMS key to assign as the master encryption key for the boot volume. | string | null | no |
| pods_cidr | The CIDR range used for IP addresses by the pods. A /16 CIDR is generally sufficient. This CIDR should not overlap with any subnet range in the VCN (it can also be outside the VCN CIDR range). Ignored when cni_type = 'npn'. | string | "10.244.0.0/16" | no |
| preferred_load_balancer | The preferred load balancer subnets that OKE will automatically choose when creating a load balancer. Valid values are 'public' or 'internal'. If 'public' is chosen, the value for load_balancers must be either 'public' or 'both'. If 'private' is chosen, the value for load_balancers must be either 'internal' or 'both'. NOTE: Service annotations for internal load balancers must still be specified regardless of this setting. See Load Balancer Annotations for more information. | string | "public" | no |
| prometheus_helm_version | Version of the Helm chart to install. List available releases using helm search repo [keyword] --versions. | string | "45.2.0" | no |
| prometheus_namespace | Kubernetes namespace for deployed resources. | string | "metrics" | no |
| rdma_cni_plugin_daemonset_url | The URL path to the manifest. Leave unset for tags of <a href=https://github.com/openshift/sriov-cni using rdma_cni_plugin_version. | string | null | no |
| rdma_cni_plugin_namespace | Kubernetes namespace for deployed resources. | string | "network" | no |
| rdma_cni_plugin_version | Version to install. Ignored when an explicit value for rdma_cni_plugin_daemonset_url is provided. | string | "master" | no |
| region | The OCI region where OKE resources will be created. | string | "us-ashburn-1" | no |
| services_cidr | The CIDR range used within the cluster by Kubernetes services (ClusterIPs). This CIDR should not overlap with the VCN CIDR range. | string | "10.96.0.0/16" | no |
| sriov_cni_plugin_daemonset_url | The URL path to the manifest. Leave unset for tags of <a href=https://github.com/openshift/sriov-cni using sriov_cni_plugin_version. | string | null | no |
| sriov_cni_plugin_namespace | Kubernetes namespace for deployed resources. | string | "network" | no |
| sriov_cni_plugin_version | Version to install. Ignored when an explicit value for sriov_cni_plugin_daemonset_url is provided. | string | "master" | no |
| sriov_device_plugin_daemonset_url | The URL path to the manifest. Leave unset for tags of k8snetworkplumbingwg/sriov-network-device-plugin using sriov_device_plugin_version. | string | null | no |
| sriov_device_plugin_namespace | Kubernetes namespace for deployed resources. | string | "network" | no |
| sriov_device_plugin_version | Version to install. Ignored when an explicit value for sriov_device_plugin_daemonset_url is provided. | string | "master" | no |
| ssh_private_key | The contents of the SSH private key file, optionally base64-encoded. May be provided via SSH agent when unset. | string | null | no |
| ssh_private_key_path | A path on the local filesystem to the SSH private key. May be provided via SSH agent when unset. | string | null | no |
| ssh_public_key | The contents of the SSH public key file, optionally base64-encoded. Used to allow login for workers/bastion/operator with corresponding private key. | string | null | no |
| ssh_public_key_path | A path on the local filesystem to the SSH public key. Used to allow login for workers/bastion/operator with corresponding private key. | string | null | no |
| state_id | Optional Terraform state_id from an existing deployment of the module to re-use with created resources. | string | null | no |
| tag_namespace | The tag namespace for standard OKE defined tags. | string | "oke" | no |
| tenancy_id | The tenancy id of the OCI Cloud Account in which to create the resources. | string | null | no |
| tenancy_ocid | A tenancy OCID automatically populated by Resource Manager. | string | null | no |
| timezone | The preferred timezone for workers, operator, and bastion instances. | string | "Etc/UTC" | no |
| user_id | The id of the user that terraform will use to create the resources. | string | null | no |
| vcn_create_internet_gateway | Whether to create an internet gateway with the VCN. Defaults to automatic creation when public network resources are expected to utilize it. | string | "auto" | no |
| vcn_create_nat_gateway | Whether to create a NAT gateway with the VCN. Defaults to automatic creation when private network resources are expected to utilize it. | string | "auto" | no |
| vcn_create_service_gateway | Whether to create a service gateway with the VCN. Defaults to always created. | string | "always" | no |
| vcn_dns_label | A DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet. Defaults to the generated Terraform 'state_id' value. | string | null | no |
| vcn_id | Optional ID of existing VCN. Takes priority over vcn_name filter. Ignored when create_vcn = true. | string | null | no |
| vcn_name | Display name for the created VCN. Defaults to 'oke' suffixed with the generated Terraform 'state_id' value. | string | null | no |
| whereabouts_daemonset_url | The URL path to the manifest. Leave unset for tags of k8snetworkplumbingwg/whereabouts using whereabouts_version. | string | null | no |
| whereabouts_namespace | Kubernetes namespace for deployed resources. | string | "default" | no |
| whereabouts_version | Version to install. Ignored when an explicit value for whereabouts_daemonset_url is provided. | string | "master" | no |
| worker_block_volume_type | Default block volume attachment type for Instance Configurations when unspecified on a pool. | string | "paravirtualized" | no |
| worker_capacity_reservation_id | The ID of the Compute capacity reservation the worker node will be launched under. See Capacity Reservations for more information. | string | null | no |
| worker_compartment_id | The compartment id where worker group resources will be created. | string | null | no |
| worker_image_id | Default image for worker pools when unspecified on a pool. | string | null | no |
| worker_image_os | Default worker image operating system name when worker_image_type = 'oke' or 'platform' and unspecified on a pool. | string | "Oracle Linux" | no |
| worker_image_os_version | Default worker image operating system version when worker_image_type = 'oke' or 'platform' and unspecified on a pool. | string | "8" | no |
| worker_image_type | Whether to use a platform, OKE, or custom image for worker nodes by default when unspecified on a pool. When custom is set, the worker_image_id must be specified. | string | "oke" | no |
| worker_pool_mode | Default management mode for workers when unspecified on a pool. | string | "node-pool" | no |
| worker_volume_kms_key_id | The ID of the OCI KMS key to be used as the master encryption key for Boot Volume and Block Volume encryption by default when unspecified on a pool. | string | null | no |