Inputs

The module supports the following configuration for created resources:

NameDescriptionTypeDefaultRequired
allow_rules_internal_lbA map of additional rules to allow incoming traffic for internal load balancers.any{}no
allow_rules_public_lbA map of additional rules to allow incoming traffic for public load balancers.any{}no
allow_rules_workersA map of additional rules to allow traffic for the workers.any{}no
cilium_helm_valuesMap of individual Helm chart values. See https://registry.terraform.io/providers/hashicorp/helm/latest/docs/data-sources/template.any{}no
cluster_addonsMap with cluster addons not created by Terraform that should be removed. This operation is performed using oci-cli and requires the operator host to be deployed.any{}no
cluster_addons_to_removeMap with cluster addons that should be enabled. See ClusterAddon documentation for the supported configuration of each addon.any{}no
defined_tagsDefined tags to be applied to created resources. Must already exist in the tenancy.any{
"bastion": {},
"cluster": {},
"iam": {},
"network": {},
"operator": {},
"persistent_volume": {},
"service_lb": {},
"workers": {}
}
no
drg_attachmentsDRG attachment configurations.any{}no
freeform_tagsFreeform tags to be applied to created resources.any{
"bastion": {},
"cluster": {},
"iam": {},
"network": {},
"operator": {},
"persistent_volume": {},
"service_lb": {},
"workers": {}
}
no
worker_poolsTuple of OKE worker pools where each key maps to the OCID of an OCI resource, and value contains its definition.any{}no
allow_bastion_cluster_accessWhether to allow access to the Kubernetes cluster endpoint from the bastion host.boolfalseno
allow_node_port_accessWhether to allow access from worker NodePort range to load balancers.boolfalseno
allow_pod_internet_accessAllow pods to egress to internet. Ignored when cni_type != 'npn'.booltrueno
allow_worker_internet_accessAllow worker nodes to egress to internet. Required if container images are in a registry other than OCIR.booltrueno
allow_worker_ssh_accessWhether to allow SSH access to worker nodes.boolfalseno
assign_dnsWhether to assign DNS records to created instances or disable DNS resolution of hostnames in the VCN.booltrueno
assign_public_ip_to_control_planeWhether to assign a public IP address to the API endpoint for public access. Requires the control plane subnet to be public to assign a public IP address.boolfalseno
bastion_is_publicWhether to create allocate a public IP and subnet for the created bastion host.booltrueno
bastion_upgradeWhether to upgrade bastion packages after provisioning.boolfalseno
cilium_installWhether to deploy the Cilium Helm chart. May only be enabled when cni_type = 'flannel'. See https://docs.cilium.io. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
cilium_reapplyWhether to force reapply of the chart when no changes are detected, e.g. with state modified externally.boolfalseno
cluster_autoscaler_installWhether to deploy the Kubernetes Cluster Autoscaler Helm chart. See kubernetes/autoscaler. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
control_plane_is_publicWhether the Kubernetes control plane endpoint should be allocated a public IP address to enable access over public internet.boolfalseno
create_bastionWhether to create a bastion host.booltrueno
create_clusterWhether to create the OKE cluster and dependent resources.booltrueno
create_drgWhether to create a Dynamic Routing Gateway and attach it to the VCN.boolfalseno
create_iam_defined_tagsWhether to create defined tags used for IAM policy and tracking. Ignored when 'create_iam_resources' is false.boolfalseno
create_iam_resourcesWhether to create IAM dynamic groups, policies, and tags. Resources for components may be controlled individually with 'create_iam_*' variables when enabled. Ignored when 'create_iam_resources' is false.boolfalseno
create_iam_tag_namespaceWhether to create a namespace for defined tags used for IAM policy and tracking. Ignored when 'create_iam_resources' is false.boolfalseno
create_operatorWhether to create an operator server in a private subnet.booltrueno
create_service_accountWether to create a service account or not.boolfalseno
create_vcnWhether to create a Virtual Cloud Network.booltrueno
dcgm_exporter_installWhether to deploy the DCGM exporter Helm chart. See DCGM-Exporter. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
dcgm_exporter_reapplyWhether to force reapply of the Helm chart when no changes are detected, e.g. with state modified externally.boolfalseno
enable_wafWhether to enable WAF monitoring of load balancers.boolfalseno
gatekeeper_installWhether to deploy the Gatekeeper Helm chart. See https://github.com/open-policy-agent/gatekeeper. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
lockdown_default_seclistWhether to remove all default security rules from the VCN Default Security List.booltrueno
metrics_server_installWhether to deploy the Kubernetes Metrics Server Helm chart. See kubernetes-sigs/metrics-server. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
mpi_operator_installWhether to deploy the MPI Operator. See kubeflow/mpi-operator. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
multus_installWhether to deploy Multus. See k8snetworkplumbingwg/multus-cni. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
operator_install_helmWhether to install Helm on the created operator host.booltrueno
operator_install_istioctlWhether to install istioctl on the created operator host.boolfalseno
operator_install_k9sWhether to install k9s on the created operator host. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
operator_install_kubectl_from_repoWhether to install kubectl on the created operator host from olcne repo.booltrueno
operator_install_kubectxWhether to install kubectx/kubens on the created operator host. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.booltrueno
operator_install_sternWhether to install stern on the created operator host. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
operator_pv_transit_encryptionWhether to enable in-transit encryption for the data volume's paravirtualized attachment.boolfalseno
operator_upgradeWhether to upgrade operator packages after provisioning.boolfalseno
output_detailWhether to include detailed output in state.boolfalseno
prometheus_installWhether to deploy the Prometheus Helm chart. See https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
prometheus_reapplyWhether to force reapply of the Prometheus Helm chart when no changes are detected, e.g. with state modified externally.boolfalseno
rdma_cni_plugin_installWhether to deploy the SR-IOV CNI Plugin. See <a href=https://github.com/openshift/sriov-cni. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
sriov_cni_plugin_installWhether to deploy the SR-IOV CNI Plugin. See <a href=https://github.com/openshift/sriov-cni. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
sriov_device_plugin_installWhether to deploy the SR-IOV Network Device Plugin. See k8snetworkplumbingwg/sriov-network-device-plugin. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
use_defined_tagsWhether to apply defined tags to created resources for IAM policy and tracking.boolfalseno
use_signed_imagesWhether to enforce the use of signed images. If set to true, at least 1 RSA key must be provided through image_signing_keys.boolfalseno
whereabouts_installWhether to deploy the MPI Operator. See k8snetworkplumbingwg/whereabouts. NOTE: Provided only as a convenience and not supported by or sourced from Oracle - use at your own risk.boolfalseno
worker_disable_default_cloud_initWhether to disable the default OKE cloud init and only use the cloud init explicitly passed to the worker pool in 'worker_cloud_init'.boolfalseno
worker_drain_delete_local_dataWhether to accept removal of data stored locally on draining worker pools. See kubectl drain for more information.booltrueno
worker_drain_ignore_daemonsetsWhether to ignore DaemonSet-managed Pods when draining worker pools. See kubectl drain for more information.booltrueno
worker_is_publicWhether to provision workers with public IPs allocated by default when unspecified on a pool.boolfalseno
worker_pv_transit_encryptionWhether to enable in-transit encryption for the data volume's paravirtualized attachment by default when unspecified on a pool.boolfalseno
internet_gateway_route_rules(Updatable) List of routing rules to add to Internet Gateway Route Table.list(map(string))nullno
nat_gateway_route_rules(Updatable) List of routing rules to add to NAT Gateway Route Table.list(map(string))nullno
operator_cloud_initList of maps containing cloud init MIME part configuration for operator host. See https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/cloudinit_config.html#part for expected schema of each element.list(map(string))[]no
worker_cloud_initList of maps containing cloud init MIME part configuration for worker nodes. Merged with pool-specific definitions. See https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/cloudinit_config.html#part for expected schema of each element.list(map(string))[]no
bastion_allowed_cidrsA list of CIDR blocks to allow SSH access to the bastion host. NOTE: Default is empty i.e. no access permitted. Allow access from anywhere with '0.0.0.0/0'.list(string)[]no
bastion_nsg_idsAn additional list of network security group (NSG) IDs for bastion security.list(string)[]no
cilium_helm_values_filesPaths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags].list(string)[]no
cluster_autoscaler_helm_values_filesPaths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags].list(string)[]no
control_plane_allowed_cidrsThe list of CIDR blocks from which the control plane can be accessed.list(string)[]no
dcgm_exporter_helm_values_filesPaths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags].list(string)[]no
gatekeeper_helm_values_filesPaths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags].list(string)[]no
metrics_server_helm_values_filesPaths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags].list(string)[]no
operator_nsg_idsAn optional and updatable list of network security groups that the operator will be part of.list(string)[]no
pod_nsg_idsAn additional list of network security group (NSG) IDs for pod security. Combined with 'pod_nsg_ids' specified on each pool.list(string)[]no
prometheus_helm_values_filesPaths to a local YAML files with Helm chart values (as with helm install -f which supports multiple). Generate with defaults using helm show values [CHART] [flags].list(string)[]no
vcn_cidrsThe list of IPv4 CIDR blocks the VCN will use.list(string)[
"10.0.0.0/16"
]
no
worker_nsg_idsAn additional list of network security group (NSG) IDs for node security. Combined with 'nsg_ids' specified on each pool.list(string)[]no
bastion_shapeThe shape of bastion instance.map(any){
"boot_volume_size": 50,
"memory": 4,
"ocpus": 1,
"shape": "VM.Standard.E4.Flex"
}
no
local_peering_gatewaysMap of Local Peering Gateways to attach to the VCN.map(any)nullno
operator_shapeShape of the created operator instance.map(any){
"boot_volume_size": 50,
"memory": 4,
"ocpus": 1,
"shape": "VM.Standard.E4.Flex"
}
no
remote_peering_connectionsMap of parameters to add and optionally to peer to remote peering connections. Key-only items represent local acceptors and no peering attempted; items containing key and values represent local requestor and must have the OCID and region of the remote acceptor to peer tomap(any){}no
service_accountsMap of service accounts and associated parameters.map(any){
"kubeconfigsa": {
"sa_cluster_role": "cluster-admin",
"sa_cluster_role_binding": "kubeconfigsa-crb",
"sa_name": "kubeconfigsa",
"sa_namespace": "kube-system"
}
}
no
worker_preemptible_configDefault preemptible Compute configuration when unspecified on a pool. See Preemptible Worker Nodes for more information.map(any){
"enable": false,
"is_preserve_boot_volume": false
}
no
worker_shapeDefault shape of the created worker instance when unspecified on a pool.map(any){
"boot_volume_size": 50,
"boot_volume_vpus_per_gb": 10,
"memory": 16,
"ocpus": 2,
"shape": "VM.Standard.E4.Flex"
}
no
subnetsConfiguration for standard subnets. The 'create' parameter of each entry defaults to 'auto', creating subnets when other enabled components are expected to utilize them, and may be configured with 'never' or 'always' to force disabled/enabled.map(object({
create = optional(string)
id = optional(string)
newbits = optional(string)
netnum = optional(string)
cidr = optional(string)
dns_label = optional(string)
}))
{
"bastion": {
"newbits": 13
},
"cp": {
"newbits": 13
},
"int_lb": {
"newbits": 11
},
"operator": {
"newbits": 13
},
"pods": {
"newbits": 2
},
"pub_lb": {
"newbits": 11
},
"workers": {
"newbits": 4
}
}
no
nsgsConfiguration for standard network security groups (NSGs). The 'create' parameter of each entry defaults to 'auto', creating NSGs when other enabled components are expected to utilize them, and may be configured with 'never' or 'always' to force disabled/enabled.map(object({
create = optional(string)
id = optional(string)
}))
{
"bastion": {},
"cp": {},
"int_lb": {},
"operator": {},
"pods": {},
"pub_lb": {},
"workers": {}
}
no
bastion_defined_tagsDefined tags applied to created resources.map(string){}no
bastion_freeform_tagsFreeform tags applied to created resources.map(string){}no
cluster_autoscaler_helm_valuesMap of individual Helm chart values. See data.helm_template.map(string){}no
cluster_defined_tagsDefined tags applied to created resources.map(string){}no
cluster_freeform_tagsFreeform tags applied to created resources.map(string){}no
dcgm_exporter_helm_valuesMap of individual Helm chart values. See data.helm_template.map(string){}no
gatekeeper_helm_valuesMap of individual Helm chart values. See data.helm_template.map(string){}no
iam_defined_tagsDefined tags applied to created resources.map(string){}no
iam_freeform_tagsFreeform tags applied to created resources.map(string){}no
metrics_server_helm_valuesMap of individual Helm chart values. See data.helm_template.map(string){}no
network_defined_tagsDefined tags applied to created resources.map(string){}no
network_freeform_tagsFreeform tags applied to created resources.map(string){}no
operator_defined_tagsDefined tags applied to created resources.map(string){}no
operator_freeform_tagsFreeform tags applied to created resources.map(string){}no
persistent_volume_defined_tagsDefined tags applied to created resources.map(string){}no
persistent_volume_freeform_tagsFreeform tags applied to created resources.map(string){}no
prometheus_helm_valuesMap of individual Helm chart values. See data.helm_template.map(string){}no
service_lb_defined_tagsDefined tags applied to created resources.map(string){}no
service_lb_freeform_tagsFreeform tags applied to created resources.map(string){}no
worker_node_labelsDefault worker node labels. Merged with labels defined on each pool.map(string){}no
worker_node_metadataMap of additional worker node instance metadata. Merged with metadata defined on each pool.map(string){}no
workers_defined_tagsDefined tags applied to created resources.map(string){}no
workers_freeform_tagsFreeform tags applied to created resources.map(string){}no
max_pods_per_nodeThe default maximum number of pods to deploy per node when unspecified on a pool. Absolute maximum is 110. Ignored when when cni_type != 'npn'.number31no
worker_drain_timeout_secondsThe length of time to wait before giving up on draining nodes in a pool. See kubectl drain for more information.number900no
worker_pool_sizeDefault size for worker pools when unspecified on a pool.number0no
agent_configDefault agent_config for self-managed worker pools created with mode: 'instance', 'instance-pool', or 'cluster-network'. See <a href=https://docs.oracle.com/en-us/iaas/api/#/en/iaas/20160918/datatypes/InstanceAgentConfig for more information.object({
are_all_plugins_disabled = bool,
is_management_disabled = bool,
is_monitoring_disabled = bool,
plugins_config = map(string),
})
nullno
platform_configDefault platform_config for self-managed worker pools created with mode: 'instance', 'instance-pool', or 'cluster-network'. See PlatformConfig for more information.object({
type = optional(string),
are_virtual_instructions_enabled = optional(bool),
is_access_control_service_enabled = optional(bool),
is_input_output_memory_management_unit_enabled = optional(bool),
is_measured_boot_enabled = optional(bool),
is_memory_encryption_enabled = optional(bool),
is_secure_boot_enabled = optional(bool),
is_symmetric_multi_threading_enabled = optional(bool),
is_trusted_platform_module_enabled = optional(bool),
numa_nodes_per_socket = optional(number),
percentage_of_cores_enabled = optional(bool),
})
nullno
control_plane_nsg_idsAn additional list of network security groups (NSG) ids for the cluster endpoint.set(string)[]no
image_signing_keysA list of KMS key ids used by the worker nodes to verify signed images. The keys must use RSA algorithm.set(string)[]no
api_fingerprintFingerprint of the API private key to use with OCI API.stringnullno
api_private_keyThe contents of the private key file to use with OCI API, optionally base64-encoded. This takes precedence over private_key_path if both are specified in the provider.stringnullno
api_private_key_passwordThe corresponding private key password to use with the api private key if it is encrypted.stringnullno
api_private_key_pathThe path to the OCI API private key.stringnullno
await_node_readinessOptionally block completion of Terraform apply until one/all worker nodes become ready.string"none"no
bastion_availability_domainThe availability domain for bastion placement. Defaults to first available.stringnullno
bastion_image_idImage ID for created bastion instance.stringnullno
bastion_image_osBastion image operating system name when bastion_image_type = 'platform'.string"Oracle Autonomous Linux"no
bastion_image_os_versionBastion image operating system version when bastion_image_type = 'platform'.string"8"no
bastion_image_typeWhether to use a platform or custom image for the created bastion instance. When custom is set, the bastion_image_id must be specified.string"platform"no
bastion_public_ipThe IP address of an existing bastion host, if create_bastion = false.stringnullno
bastion_userUser for SSH access through bastion host.string"opc"no
cilium_helm_versionVersion of the Helm chart to install. List available releases using helm search repo [keyword] --versions.string"1.16.3"no
cilium_namespaceKubernetes namespace for deployed resources.string"kube-system"no
cluster_autoscaler_helm_versionVersion of the Helm chart to install. List available releases using helm search repo [keyword] --versions.string"9.24.0"no
cluster_autoscaler_namespaceKubernetes namespace for deployed resources.string"kube-system"no
cluster_ca_certBase64+PEM-encoded cluster CA certificate for unmanaged instance pools. Determined automatically when 'create_cluster' = true or 'cluster_id' is provided.stringnullno
cluster_dnsCluster DNS resolver IP address. Determined automatically when not set (recommended).stringnullno
cluster_idAn existing OKE cluster OCID when create_cluster = false.stringnullno
cluster_kms_key_idThe id of the OCI KMS key to be used as the master encryption key for Kubernetes secrets encryption.string""no
cluster_nameThe name of oke cluster.string"oke"no
cluster_typeThe cluster type. See Working with Enhanced Clusters and Basic Clusters for more information.string"basic"no
cni_typeThe CNI for the cluster: 'flannel' or 'npn'. See Pod Networking.string"flannel"no
compartment_idThe compartment id where resources will be created.stringnullno
compartment_ocidA compartment OCID automatically populated by Resource Manager.stringnullno
config_file_profileThe profile within the OCI config file to use.string"DEFAULT"no
create_iam_autoscaler_policyWhether to create an IAM dynamic group and policy rules for Cluster Autoscaler management. Depends on configuration of associated component when set to 'auto'. Ignored when 'create_iam_resources' is false.string"auto"no
create_iam_kms_policyWhether to create an IAM dynamic group and policy rules for cluster autoscaler. Depends on configuration of associated components when set to 'auto'. Ignored when 'create_iam_resources' is false.string"auto"no
create_iam_operator_policyWhether to create an IAM dynamic group and policy rules for operator access to the OKE control plane. Depends on configuration of associated components when set to 'auto'. Ignored when 'create_iam_resources' is false.string"auto"no
create_iam_worker_policyWhether to create an IAM dynamic group and policy rules for self-managed worker nodes. Depends on configuration of associated components when set to 'auto'. Ignored when 'create_iam_resources' is false.string"auto"no
current_user_ocidA user OCID automatically populated by Resource Manager.stringnullno
dcgm_exporter_helm_versionVersion of the Helm chart to install. List available releases using helm search repo [keyword] --versions.string"3.1.5"no
dcgm_exporter_namespaceKubernetes namespace for deployed resources.string"metrics"no
drg_compartment_idCompartment for the DRG resource. Can be used to override network_compartment_id.stringnullno
drg_display_name(Updatable) Name of the created Dynamic Routing Gateway. Does not have to be unique. Defaults to 'oke' suffixed with the generated Terraform 'state_id' value.stringnullno
drg_idID of an external created Dynamic Routing Gateway to be attached to the VCN.stringnullno
gatekeeper_helm_versionVersion of the Helm chart to install. List available releases using helm search repo [keyword] --versions.string"3.11.0"no
gatekeeper_namespaceKubernetes namespace for deployed resources.string"kube-system"no
home_regionThe tenancy's home region. Required to perform identity operations.stringnullno
ig_route_table_idOptional ID of existing internet gateway in VCN.stringnullno
kubeproxy_modeThe mode in which to run kube-proxy when unspecified on a pool.string"iptables"no
kubernetes_versionThe version of kubernetes to use when provisioning OKE or to upgrade an existing OKE cluster to.string"v1.26.2"no
load_balancersThe type of subnets to create for load balancers.string"both"no
metrics_server_helm_versionVersion of the Helm chart to install. List available releases using helm search repo [keyword] --versions.string"3.8.3"no
metrics_server_namespaceKubernetes namespace for deployed resources.string"metrics"no
mpi_operator_deployment_urlThe URL path to the manifest. Leave unset for tags of kubeflow/mpi-operator using mpi_operator_version.stringnullno
mpi_operator_namespaceKubernetes namespace for deployed resources.string"default"no
mpi_operator_versionVersion to install. Ignored when an explicit value for mpi_operator_deployment_url is provided.string"0.4.0"no
multus_daemonset_urlThe URL path to the Multus manifest. Leave unset for tags of k8snetworkplumbingwg/multus-cni using multus_version.stringnullno
multus_namespaceKubernetes namespace for deployed resources.string"network"no
multus_versionVersion of Multus to install. Ignored when an explicit value for multus_daemonset_url is provided.string"3.9.3"no
nat_gateway_public_ip_idOCID of reserved IP address for NAT gateway. The reserved public IP address needs to be manually created.stringnullno
nat_route_table_idOptional ID of existing NAT gateway in VCN.stringnullno
network_compartment_idThe compartment id where network resources will be created.stringnullno
ocir_email_addressThe email address used for the Oracle Container Image Registry (OCIR).stringnullno
ocir_secret_idThe OCI Vault secret ID for the OCIR authentication token.stringnullno
ocir_secret_nameThe name of the Kubernetes secret to be created with the OCIR authentication token.string"ocirsecret"no
ocir_secret_namespaceThe Kubernetes namespace in which to create the OCIR secret.string"default"no
ocir_usernameA username with access to the OCI Vault secret for OCIR access. Required when 'ocir_secret_id' is provided.stringnullno
operator_availability_domainThe availability domain for FSS placement. Defaults to first available.stringnullno
operator_image_idImage ID for created operator instance.stringnullno
operator_image_osOperator image operating system name when operator_image_type = 'platform'.string"Oracle Linux"no
operator_image_os_versionOperator image operating system version when operator_image_type = 'platform'.string"8"no
operator_image_typeWhether to use a platform or custom image for the created operator instance. When custom is set, the operator_image_id must be specified.string"platform"no
operator_private_ipThe IP address of an existing operator host. Ignored when create_operator = true.stringnullno
operator_userUser for SSH access to operator host.string"opc"no
operator_volume_kms_key_idThe OCID of the OCI KMS key to assign as the master encryption key for the boot volume.stringnullno
pods_cidrThe CIDR range used for IP addresses by the pods. A /16 CIDR is generally sufficient. This CIDR should not overlap with any subnet range in the VCN (it can also be outside the VCN CIDR range). Ignored when cni_type = 'npn'.string"10.244.0.0/16"no
preferred_load_balancerThe preferred load balancer subnets that OKE will automatically choose when creating a load balancer. Valid values are 'public' or 'internal'. If 'public' is chosen, the value for load_balancers must be either 'public' or 'both'. If 'private' is chosen, the value for load_balancers must be either 'internal' or 'both'. NOTE: Service annotations for internal load balancers must still be specified regardless of this setting. See Load Balancer Annotations for more information.string"public"no
prometheus_helm_versionVersion of the Helm chart to install. List available releases using helm search repo [keyword] --versions.string"45.2.0"no
prometheus_namespaceKubernetes namespace for deployed resources.string"metrics"no
rdma_cni_plugin_daemonset_urlThe URL path to the manifest. Leave unset for tags of <a href=https://github.com/openshift/sriov-cni using rdma_cni_plugin_version.stringnullno
rdma_cni_plugin_namespaceKubernetes namespace for deployed resources.string"network"no
rdma_cni_plugin_versionVersion to install. Ignored when an explicit value for rdma_cni_plugin_daemonset_url is provided.string"master"no
regionThe OCI region where OKE resources will be created.string"us-ashburn-1"no
services_cidrThe CIDR range used within the cluster by Kubernetes services (ClusterIPs). This CIDR should not overlap with the VCN CIDR range.string"10.96.0.0/16"no
sriov_cni_plugin_daemonset_urlThe URL path to the manifest. Leave unset for tags of <a href=https://github.com/openshift/sriov-cni using sriov_cni_plugin_version.stringnullno
sriov_cni_plugin_namespaceKubernetes namespace for deployed resources.string"network"no
sriov_cni_plugin_versionVersion to install. Ignored when an explicit value for sriov_cni_plugin_daemonset_url is provided.string"master"no
sriov_device_plugin_daemonset_urlThe URL path to the manifest. Leave unset for tags of k8snetworkplumbingwg/sriov-network-device-plugin using sriov_device_plugin_version.stringnullno
sriov_device_plugin_namespaceKubernetes namespace for deployed resources.string"network"no
sriov_device_plugin_versionVersion to install. Ignored when an explicit value for sriov_device_plugin_daemonset_url is provided.string"master"no
ssh_private_keyThe contents of the SSH private key file, optionally base64-encoded. May be provided via SSH agent when unset.stringnullno
ssh_private_key_pathA path on the local filesystem to the SSH private key. May be provided via SSH agent when unset.stringnullno
ssh_public_keyThe contents of the SSH public key file, optionally base64-encoded. Used to allow login for workers/bastion/operator with corresponding private key.stringnullno
ssh_public_key_pathA path on the local filesystem to the SSH public key. Used to allow login for workers/bastion/operator with corresponding private key.stringnullno
state_idOptional Terraform state_id from an existing deployment of the module to re-use with created resources.stringnullno
tag_namespaceThe tag namespace for standard OKE defined tags.string"oke"no
tenancy_idThe tenancy id of the OCI Cloud Account in which to create the resources.stringnullno
tenancy_ocidA tenancy OCID automatically populated by Resource Manager.stringnullno
timezoneThe preferred timezone for workers, operator, and bastion instances.string"Etc/UTC"no
user_idThe id of the user that terraform will use to create the resources.stringnullno
vcn_create_internet_gatewayWhether to create an internet gateway with the VCN. Defaults to automatic creation when public network resources are expected to utilize it.string"auto"no
vcn_create_nat_gatewayWhether to create a NAT gateway with the VCN. Defaults to automatic creation when private network resources are expected to utilize it.string"auto"no
vcn_create_service_gatewayWhether to create a service gateway with the VCN. Defaults to always created.string"always"no
vcn_dns_labelA DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet. Defaults to the generated Terraform 'state_id' value.stringnullno
vcn_idOptional ID of existing VCN. Takes priority over vcn_name filter. Ignored when create_vcn = true.stringnullno
vcn_nameDisplay name for the created VCN. Defaults to 'oke' suffixed with the generated Terraform 'state_id' value.stringnullno
whereabouts_daemonset_urlThe URL path to the manifest. Leave unset for tags of k8snetworkplumbingwg/whereabouts using whereabouts_version.stringnullno
whereabouts_namespaceKubernetes namespace for deployed resources.string"default"no
whereabouts_versionVersion to install. Ignored when an explicit value for whereabouts_daemonset_url is provided.string"master"no
worker_block_volume_typeDefault block volume attachment type for Instance Configurations when unspecified on a pool.string"paravirtualized"no
worker_capacity_reservation_idThe ID of the Compute capacity reservation the worker node will be launched under. See Capacity Reservations for more information.stringnullno
worker_compartment_idThe compartment id where worker group resources will be created.stringnullno
worker_image_idDefault image for worker pools when unspecified on a pool.stringnullno
worker_image_osDefault worker image operating system name when worker_image_type = 'oke' or 'platform' and unspecified on a pool.string"Oracle Linux"no
worker_image_os_versionDefault worker image operating system version when worker_image_type = 'oke' or 'platform' and unspecified on a pool.string"8"no
worker_image_typeWhether to use a platform, OKE, or custom image for worker nodes by default when unspecified on a pool. When custom is set, the worker_image_id must be specified.string"oke"no
worker_pool_modeDefault management mode for workers when unspecified on a pool.string"node-pool"no
worker_volume_kms_key_idThe ID of the OCI KMS key to be used as the master encryption key for Boot Volume and Block Volume encryption by default when unspecified on a pool.stringnullno