Inputs
Sub-modules currently use a sparse definition of inputs required from the root:
Identity Access Management (IAM)
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_iam_autoscaler_policy | n/a | bool | n/a | yes |
| create_iam_defined_tags | Tags | bool | n/a | yes |
| create_iam_kms_policy | n/a | bool | n/a | yes |
| create_iam_operator_policy | n/a | bool | n/a | yes |
| create_iam_resources | n/a | bool | n/a | yes |
| create_iam_tag_namespace | n/a | bool | n/a | yes |
| create_iam_worker_policy | n/a | bool | n/a | yes |
| use_defined_tags | n/a | bool | n/a | yes |
| autoscaler_compartments | Policy | list(string) | n/a | yes |
| worker_compartments | n/a | list(string) | n/a | yes |
| defined_tags | n/a | map(string) | n/a | yes |
| freeform_tags | n/a | map(string) | n/a | yes |
| cluster_id | Common | string | n/a | yes |
| cluster_kms_key_id | KMS | string | n/a | yes |
| compartment_id | n/a | string | n/a | yes |
| operator_volume_kms_key_id | n/a | string | n/a | yes |
| state_id | n/a | string | n/a | yes |
| tag_namespace | n/a | string | n/a | yes |
| tenancy_id | n/a | string | n/a | yes |
| worker_volume_kms_key_id | n/a | string | n/a | yes |
Network
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_rules_internal_lb | n/a | any | n/a | yes |
| allow_rules_public_lb | n/a | any | n/a | yes |
| allow_rules_workers | n/a | any | n/a | yes |
| drg_attachments | n/a | any | n/a | yes |
| allow_bastion_cluster_access | n/a | bool | n/a | yes |
| allow_node_port_access | Network | bool | n/a | yes |
| allow_pod_internet_access | n/a | bool | n/a | yes |
| allow_worker_internet_access | n/a | bool | n/a | yes |
| allow_worker_ssh_access | n/a | bool | n/a | yes |
| assign_dns | n/a | bool | n/a | yes |
| bastion_is_public | n/a | bool | n/a | yes |
| control_plane_is_public | n/a | bool | n/a | yes |
| create_bastion | n/a | bool | n/a | yes |
| create_cluster | n/a | bool | n/a | yes |
| create_operator | n/a | bool | n/a | yes |
| enable_waf | n/a | bool | n/a | yes |
| use_defined_tags | n/a | bool | n/a | yes |
| worker_is_public | n/a | bool | n/a | yes |
| vcn_cidrs | n/a | list(string) | n/a | yes |
| subnets | n/a | map(object({ create = optional(string) id = optional(string) newbits = optional(string) netnum = optional(string) cidr = optional(string) dns_label = optional(string) })) | n/a | yes |
| nsgs | n/a | map(object({ create = optional(string) id = optional(string) })) | n/a | yes |
| defined_tags | Tags | map(string) | n/a | yes |
| freeform_tags | n/a | map(string) | n/a | yes |
| bastion_allowed_cidrs | n/a | set(string) | n/a | yes |
| control_plane_allowed_cidrs | n/a | set(string) | n/a | yes |
| cni_type | n/a | string | n/a | yes |
| compartment_id | Common | string | n/a | yes |
| ig_route_table_id | n/a | string | n/a | yes |
| load_balancers | n/a | string | n/a | yes |
| nat_route_table_id | n/a | string | n/a | yes |
| state_id | n/a | string | n/a | yes |
| tag_namespace | n/a | string | n/a | yes |
| vcn_id | n/a | string | n/a | yes |
Bastion
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| assign_dns | Bastion | bool | n/a | yes |
| is_public | n/a | bool | n/a | yes |
| upgrade | n/a | bool | n/a | yes |
| use_defined_tags | n/a | bool | n/a | yes |
| nsg_ids | n/a | list(string) | n/a | yes |
| shape | n/a | map(any) | n/a | yes |
| defined_tags | Tags | map(string) | n/a | yes |
| freeform_tags | n/a | map(string) | n/a | yes |
| availability_domain | n/a | string | n/a | yes |
| bastion_image_os_version | n/a | string | n/a | yes |
| compartment_id | Common | string | n/a | yes |
| image_id | n/a | string | n/a | yes |
| ssh_private_key | n/a | string | n/a | yes |
| ssh_public_key | n/a | string | n/a | yes |
| state_id | n/a | string | n/a | yes |
| subnet_id | n/a | string | n/a | yes |
| tag_namespace | n/a | string | n/a | yes |
| timezone | n/a | string | n/a | yes |
| user | n/a | string | n/a | yes |
Cluster
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| assign_public_ip_to_control_plane | n/a | bool | n/a | yes |
| control_plane_is_public | n/a | bool | n/a | yes |
| use_signed_images | n/a | bool | n/a | yes |
| cluster_defined_tags | Tagging | map(string) | n/a | yes |
| cluster_freeform_tags | n/a | map(string) | n/a | yes |
| persistent_volume_defined_tags | n/a | map(string) | n/a | yes |
| persistent_volume_freeform_tags | n/a | map(string) | n/a | yes |
| service_lb_defined_tags | n/a | map(string) | n/a | yes |
| service_lb_freeform_tags | n/a | map(string) | n/a | yes |
| control_plane_nsg_ids | n/a | set(string) | n/a | yes |
| image_signing_keys | n/a | set(string) | n/a | yes |
| cluster_kms_key_id | Cluster | string | n/a | yes |
| cluster_name | n/a | string | n/a | yes |
| cluster_type | n/a | string | n/a | yes |
| cni_type | n/a | string | n/a | yes |
| compartment_id | Common | string | n/a | yes |
| control_plane_subnet_id | n/a | string | n/a | yes |
| kubernetes_version | n/a | string | n/a | yes |
| pods_cidr | n/a | string | n/a | yes |
| service_lb_subnet_id | n/a | string | n/a | yes |
| services_cidr | n/a | string | n/a | yes |
| state_id | n/a | string | n/a | yes |
| tag_namespace | n/a | string | n/a | yes |
| use_defined_tags | n/a | string | n/a | yes |
| vcn_id | n/a | string | n/a | yes |
Workers
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| image_ids | Map of images for filtering with image_os and image_os_version. | any | {} | no |
| worker_pools | Tuple of OKE worker pools where each key maps to the OCID of an OCI resource, and value contains its definition. | any | {} | no |
| assign_dns | n/a | bool | n/a | yes |
| assign_public_ip | n/a | bool | n/a | yes |
| disable_default_cloud_init | Whether to disable the default OKE cloud init and only use the cloud init explicitly passed to the worker pool in 'worker_cloud_init'. | bool | false | no |
| pv_transit_encryption | Whether to enable in-transit encryption for the data volume's paravirtualized attachment by default when unspecified on a pool. | bool | false | no |
| use_defined_tags | Whether to apply defined tags to created resources for IAM policy and tracking. | bool | false | no |
| cloud_init | List of maps containing cloud init MIME part configuration for worker nodes. Merged with pool-specific definitions. See https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/cloudinit_config.html#part for expected schema of each element. | list(map(string)) | [] | no |
| ad_numbers | n/a | list(number) | n/a | yes |
| pod_nsg_ids | An additional list of network security group (NSG) IDs for pod security. Combined with 'pod_nsg_ids' specified on each pool. | list(string) | [] | no |
| worker_nsg_ids | An additional list of network security group (NSG) IDs for node security. Combined with 'nsg_ids' specified on each pool. | list(string) | [] | no |
| preemptible_config | Default preemptible Compute configuration when unspecified on a pool. See Preemptible Worker Nodes for more information. | map(any) | { "enable": false, "is_preserve_boot_volume": false } | no |
| shape | Default shape of the created worker instance when unspecified on a pool. | map(any) | { "boot_volume_size": 50, "memory": 16, "ocpus": 2, "shape": "VM.Standard.E4.Flex" } | no |
| ad_numbers_to_names | n/a | map(string) | n/a | yes |
| defined_tags | Defined tags to be applied to created resources. Must already exist in the tenancy. | map(string) | {} | no |
| freeform_tags | Freeform tags to be applied to created resources. | map(string) | {} | no |
| node_labels | Default worker node labels. Merged with labels defined on each pool. | map(string) | {} | no |
| node_metadata | Map of additional worker node instance metadata. Merged with metadata defined on each pool. | map(string) | {} | no |
| max_pods_per_node | The default maximum number of pods to deploy per node when unspecified on a pool. Absolute maximum is 110. Ignored when when cni_type != 'npn'. | number | 31 | no |
| worker_pool_size | Default size for worker pools when unspecified on a pool. | number | 0 | no |
| agent_config | Default agent_config for self-managed worker pools created with mode: 'instance', 'instance-pool', or 'cluster-network'. See <a href=https://docs.oracle.com/en-us/iaas/api/#/en/iaas/20160918/datatypes/InstanceAgentConfig for more information. | object({ are_all_plugins_disabled = bool, is_management_disabled = bool, is_monitoring_disabled = bool, plugins_config = map(string), }) | n/a | yes |
| platform_config | Default platform_config for self-managed worker pools created with mode: 'instance', 'instance-pool', or 'cluster-network'. See PlatformConfig for more information. | object({ type = optional(string), are_virtual_instructions_enabled = optional(bool), is_access_control_service_enabled = optional(bool), is_input_output_memory_management_unit_enabled = optional(bool), is_measured_boot_enabled = optional(bool), is_memory_encryption_enabled = optional(bool), is_secure_boot_enabled = optional(bool), is_symmetric_multi_threading_enabled = optional(bool), is_trusted_platform_module_enabled = optional(bool), numa_nodes_per_socket = optional(number), percentage_of_cores_enabled = optional(bool), }) | null | no |
| apiserver_private_host | n/a | string | n/a | yes |
| block_volume_type | Default block volume attachment type for Instance Configurations when unspecified on a pool. | string | "paravirtualized" | no |
| capacity_reservation_id | The ID of the Compute capacity reservation the worker node will be launched under. See Capacity Reservations for more information. | string | null | no |
| cluster_ca_cert | Base64+PEM-encoded cluster CA certificate for unmanaged instance pools. Determined automatically when 'create_cluster' = true or 'cluster_id' is provided. | string | null | no |
| cluster_dns | Cluster DNS resolver IP address. Determined automatically when not set (recommended). | string | null | no |
| cluster_id | An existing OKE cluster OCID when create_cluster = false. | string | null | no |
| cluster_type | The cluster type. See Working with Enhanced Clusters and Basic Clusters for more information. | string | "basic" | no |
| cni_type | The CNI for the cluster: 'flannel' or 'npn'. See Pod Networking. | string | "flannel" | no |
| compartment_id | The compartment id where resources will be created. | string | null | no |
| image_id | Default image for worker pools when unspecified on a pool. | string | null | no |
| image_os | Default worker image operating system name when worker_image_type = 'oke' or 'platform' and unspecified on a pool. | string | "Oracle Linux" | no |
| image_os_version | Default worker image operating system version when worker_image_type = 'oke' or 'platform' and unspecified on a pool. | string | "8" | no |
| image_type | Whether to use a platform, OKE, or custom image for worker nodes by default when unspecified on a pool. When custom is set, the worker_image_id must be specified. | string | "oke" | no |
| kubeproxy_mode | The mode in which to run kube-proxy when unspecified on a pool. | string | "iptables" | no |
| kubernetes_version | The version of Kubernetes used for worker nodes. | string | "v1.26.2" | no |
| pod_subnet_id | n/a | string | n/a | yes |
| ssh_public_key | The contents of the SSH public key file. Used to allow login for workers/bastion/operator with corresponding private key. | string | null | no |
| state_id | Optional Terraform state_id from an existing deployment of the module to re-use with created resources. | string | null | no |
| tag_namespace | The tag namespace for standard OKE defined tags. | string | "oke" | no |
| tenancy_id | The tenancy id of the OCI Cloud Account in which to create the resources. | string | null | no |
| timezone | n/a | string | n/a | yes |
| volume_kms_key_id | The ID of the OCI KMS key to be used as the master encryption key for Boot Volume and Block Volume encryption by default when unspecified on a pool. | string | null | no |
| worker_pool_mode | Default management mode for workers when unspecified on a pool. Only 'node-pool' is currently supported. | string | "node-pool" | no |
| worker_subnet_id | n/a | string | n/a | yes |
Operator
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| assign_dns | Operator | bool | n/a | yes |
| install_cilium | n/a | bool | n/a | yes |
| install_helm | n/a | bool | n/a | yes |
| install_istioctl | n/a | bool | n/a | yes |
| install_k9s | n/a | bool | n/a | yes |
| install_kubectl_from_repo | n/a | bool | true | no |
| install_kubectx | n/a | bool | n/a | yes |
| pv_transit_encryption | n/a | bool | n/a | yes |
| upgrade | n/a | bool | n/a | yes |
| use_defined_tags | n/a | bool | n/a | yes |
| cloud_init | n/a | list(map(string)) | n/a | yes |
| nsg_ids | n/a | list(string) | n/a | yes |
| shape | n/a | map(any) | n/a | yes |
| defined_tags | Tags | map(string) | n/a | yes |
| freeform_tags | n/a | map(string) | n/a | yes |
| availability_domain | n/a | string | n/a | yes |
| bastion_host | Bastion (to await cloud-init completion) | string | n/a | yes |
| bastion_user | n/a | string | n/a | yes |
| compartment_id | Common | string | n/a | yes |
| image_id | n/a | string | n/a | yes |
| kubeconfig | n/a | string | n/a | yes |
| kubernetes_version | n/a | string | n/a | yes |
| operator_image_os_version | n/a | string | n/a | yes |
| ssh_private_key | n/a | string | n/a | yes |
| ssh_public_key | n/a | string | n/a | yes |
| state_id | n/a | string | n/a | yes |
| subnet_id | n/a | string | n/a | yes |
| tag_namespace | n/a | string | n/a | yes |
| timezone | n/a | string | n/a | yes |
| user | n/a | string | n/a | yes |
| volume_kms_key_id | n/a | string | n/a | yes |