Inputs
Sub-modules currently use a sparse definition of inputs required from the root:
Identity Access Management (IAM)
Name | Description | Type | Default | Required |
---|---|---|---|---|
create_iam_autoscaler_policy | n/a | bool | n/a | yes |
create_iam_defined_tags | Tags | bool | n/a | yes |
create_iam_kms_policy | n/a | bool | n/a | yes |
create_iam_operator_policy | n/a | bool | n/a | yes |
create_iam_resources | n/a | bool | n/a | yes |
create_iam_tag_namespace | n/a | bool | n/a | yes |
create_iam_worker_policy | n/a | bool | n/a | yes |
use_defined_tags | n/a | bool | n/a | yes |
autoscaler_compartments | Policy | list(string) | n/a | yes |
worker_compartments | n/a | list(string) | n/a | yes |
defined_tags | n/a | map(string) | n/a | yes |
freeform_tags | n/a | map(string) | n/a | yes |
cluster_id | Common | string | n/a | yes |
cluster_kms_key_id | KMS | string | n/a | yes |
compartment_id | n/a | string | n/a | yes |
operator_volume_kms_key_id | n/a | string | n/a | yes |
policy_name | n/a | string | n/a | yes |
state_id | n/a | string | n/a | yes |
tag_namespace | n/a | string | n/a | yes |
tenancy_id | n/a | string | n/a | yes |
worker_volume_kms_key_id | n/a | string | n/a | yes |
Network
Name | Description | Type | Default | Required |
---|---|---|---|---|
allow_rules_internal_lb | n/a | any | n/a | yes |
allow_rules_public_lb | n/a | any | n/a | yes |
allow_rules_workers | n/a | any | n/a | yes |
drg_attachments | n/a | any | n/a | yes |
allow_bastion_cluster_access | n/a | bool | n/a | yes |
allow_node_port_access | Network | bool | n/a | yes |
allow_pod_internet_access | n/a | bool | n/a | yes |
allow_worker_internet_access | n/a | bool | n/a | yes |
allow_worker_ssh_access | n/a | bool | n/a | yes |
assign_dns | n/a | bool | n/a | yes |
bastion_is_public | n/a | bool | n/a | yes |
control_plane_is_public | n/a | bool | n/a | yes |
create_bastion | n/a | bool | n/a | yes |
create_cluster | n/a | bool | n/a | yes |
create_operator | n/a | bool | n/a | yes |
enable_waf | n/a | bool | n/a | yes |
use_defined_tags | n/a | bool | n/a | yes |
worker_is_public | n/a | bool | n/a | yes |
vcn_cidrs | n/a | list(string) | n/a | yes |
subnets | n/a | map(object({ create = optional(string) id = optional(string) newbits = optional(string) netnum = optional(string) cidr = optional(string) dns_label = optional(string) })) | n/a | yes |
nsgs | n/a | map(object({ create = optional(string) id = optional(string) })) | n/a | yes |
defined_tags | Tags | map(string) | n/a | yes |
freeform_tags | n/a | map(string) | n/a | yes |
bastion_allowed_cidrs | n/a | set(string) | n/a | yes |
control_plane_allowed_cidrs | n/a | set(string) | n/a | yes |
cni_type | n/a | string | n/a | yes |
compartment_id | Common | string | n/a | yes |
ig_route_table_id | n/a | string | n/a | yes |
load_balancers | n/a | string | n/a | yes |
nat_route_table_id | n/a | string | n/a | yes |
state_id | n/a | string | n/a | yes |
tag_namespace | n/a | string | n/a | yes |
vcn_id | n/a | string | n/a | yes |
Bastion
Name | Description | Type | Default | Required |
---|---|---|---|---|
assign_dns | Bastion | bool | n/a | yes |
is_public | n/a | bool | n/a | yes |
upgrade | n/a | bool | n/a | yes |
use_defined_tags | n/a | bool | n/a | yes |
nsg_ids | n/a | list(string) | n/a | yes |
shape | n/a | map(any) | n/a | yes |
defined_tags | Tags | map(string) | n/a | yes |
freeform_tags | n/a | map(string) | n/a | yes |
availability_domain | n/a | string | n/a | yes |
bastion_image_os_version | n/a | string | n/a | yes |
compartment_id | Common | string | n/a | yes |
image_id | n/a | string | n/a | yes |
ssh_private_key | n/a | string | n/a | yes |
ssh_public_key | n/a | string | n/a | yes |
state_id | n/a | string | n/a | yes |
subnet_id | n/a | string | n/a | yes |
tag_namespace | n/a | string | n/a | yes |
timezone | n/a | string | n/a | yes |
user | n/a | string | n/a | yes |
Cluster
Name | Description | Type | Default | Required |
---|---|---|---|---|
assign_public_ip_to_control_plane | n/a | bool | n/a | yes |
control_plane_is_public | n/a | bool | n/a | yes |
use_signed_images | n/a | bool | n/a | yes |
cluster_defined_tags | Tagging | map(string) | n/a | yes |
cluster_freeform_tags | n/a | map(string) | n/a | yes |
persistent_volume_defined_tags | n/a | map(string) | n/a | yes |
persistent_volume_freeform_tags | n/a | map(string) | n/a | yes |
service_lb_defined_tags | n/a | map(string) | n/a | yes |
service_lb_freeform_tags | n/a | map(string) | n/a | yes |
control_plane_nsg_ids | n/a | set(string) | n/a | yes |
image_signing_keys | n/a | set(string) | n/a | yes |
cluster_kms_key_id | Cluster | string | n/a | yes |
cluster_name | n/a | string | n/a | yes |
cluster_type | n/a | string | n/a | yes |
cni_type | n/a | string | n/a | yes |
compartment_id | Common | string | n/a | yes |
control_plane_subnet_id | n/a | string | n/a | yes |
kubernetes_version | n/a | string | n/a | yes |
pods_cidr | n/a | string | n/a | yes |
service_lb_subnet_id | n/a | string | n/a | yes |
services_cidr | n/a | string | n/a | yes |
state_id | n/a | string | n/a | yes |
tag_namespace | n/a | string | n/a | yes |
use_defined_tags | n/a | string | n/a | yes |
vcn_id | n/a | string | n/a | yes |
Workers
Name | Description | Type | Default | Required |
---|---|---|---|---|
image_ids | Map of images for filtering with image_os and image_os_version. | any | {} | no |
worker_pools | Tuple of OKE worker pools where each key maps to the OCID of an OCI resource, and value contains its definition. | any | {} | no |
assign_dns | n/a | bool | n/a | yes |
assign_public_ip | n/a | bool | n/a | yes |
disable_default_cloud_init | Whether to disable the default OKE cloud init and only use the cloud init explicitly passed to the worker pool in 'worker_cloud_init'. | bool | false | no |
pv_transit_encryption | Whether to enable in-transit encryption for the data volume's paravirtualized attachment by default when unspecified on a pool. | bool | false | no |
use_defined_tags | Whether to apply defined tags to created resources for IAM policy and tracking. | bool | false | no |
cloud_init | List of maps containing cloud init MIME part configuration for worker nodes. Merged with pool-specific definitions. See https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/cloudinit_config.html#part for expected schema of each element. | list(map(string)) | [] | no |
ad_numbers | n/a | list(number) | n/a | yes |
pod_nsg_ids | An additional list of network security group (NSG) IDs for pod security. Combined with 'pod_nsg_ids' specified on each pool. | list(string) | [] | no |
worker_nsg_ids | An additional list of network security group (NSG) IDs for node security. Combined with 'nsg_ids' specified on each pool. | list(string) | [] | no |
preemptible_config | Default preemptible Compute configuration when unspecified on a pool. See Preemptible Worker Nodes for more information. | map(any) | { "enable": false, "is_preserve_boot_volume": false } | no |
shape | Default shape of the created worker instance when unspecified on a pool. | map(any) | { "boot_volume_size": 50, "memory": 16, "ocpus": 2, "shape": "VM.Standard.E4.Flex" } | no |
ad_numbers_to_names | n/a | map(string) | n/a | yes |
defined_tags | Defined tags to be applied to created resources. Must already exist in the tenancy. | map(string) | {} | no |
freeform_tags | Freeform tags to be applied to created resources. | map(string) | {} | no |
node_labels | Default worker node labels. Merged with labels defined on each pool. | map(string) | {} | no |
node_metadata | Map of additional worker node instance metadata. Merged with metadata defined on each pool. | map(string) | {} | no |
max_pods_per_node | The default maximum number of pods to deploy per node when unspecified on a pool. Absolute maximum is 110. Ignored when when cni_type != 'npn'. | number | 31 | no |
worker_pool_size | Default size for worker pools when unspecified on a pool. | number | 0 | no |
agent_config | Default agent_config for self-managed worker pools created with mode: 'instance', 'instance-pool', or 'cluster-network'. See <a href=https://docs.oracle.com/en-us/iaas/api/#/en/iaas/20160918/datatypes/InstanceAgentConfig for more information. | object({ are_all_plugins_disabled = bool, is_management_disabled = bool, is_monitoring_disabled = bool, plugins_config = map(string), }) | n/a | yes |
platform_config | Default platform_config for self-managed worker pools created with mode: 'instance', 'instance-pool', or 'cluster-network'. See PlatformConfig for more information. | object({ type = optional(string), are_virtual_instructions_enabled = optional(bool), is_access_control_service_enabled = optional(bool), is_input_output_memory_management_unit_enabled = optional(bool), is_measured_boot_enabled = optional(bool), is_memory_encryption_enabled = optional(bool), is_secure_boot_enabled = optional(bool), is_symmetric_multi_threading_enabled = optional(bool), is_trusted_platform_module_enabled = optional(bool), numa_nodes_per_socket = optional(number), percentage_of_cores_enabled = optional(bool), }) | null | no |
apiserver_private_host | n/a | string | n/a | yes |
block_volume_type | Default block volume attachment type for Instance Configurations when unspecified on a pool. | string | "paravirtualized" | no |
capacity_reservation_id | The ID of the Compute capacity reservation the worker node will be launched under. See Capacity Reservations for more information. | string | null | no |
cluster_ca_cert | Base64+PEM-encoded cluster CA certificate for unmanaged instance pools. Determined automatically when 'create_cluster' = true or 'cluster_id' is provided. | string | null | no |
cluster_dns | Cluster DNS resolver IP address. Determined automatically when not set (recommended). | string | null | no |
cluster_id | An existing OKE cluster OCID when create_cluster = false . | string | null | no |
cluster_type | The cluster type. See Working with Enhanced Clusters and Basic Clusters for more information. | string | "basic" | no |
cni_type | The CNI for the cluster: 'flannel' or 'npn'. See Pod Networking. | string | "flannel" | no |
compartment_id | The compartment id where resources will be created. | string | null | no |
image_id | Default image for worker pools when unspecified on a pool. | string | null | no |
image_os | Default worker image operating system name when worker_image_type = 'oke' or 'platform' and unspecified on a pool. | string | "Oracle Linux" | no |
image_os_version | Default worker image operating system version when worker_image_type = 'oke' or 'platform' and unspecified on a pool. | string | "8" | no |
image_type | Whether to use a platform, OKE, or custom image for worker nodes by default when unspecified on a pool. When custom is set, the worker_image_id must be specified. | string | "oke" | no |
kubeproxy_mode | The mode in which to run kube-proxy when unspecified on a pool. | string | "iptables" | no |
kubernetes_version | The version of Kubernetes used for worker nodes. | string | "v1.26.2" | no |
pod_subnet_id | n/a | string | n/a | yes |
ssh_public_key | The contents of the SSH public key file. Used to allow login for workers/bastion/operator with corresponding private key. | string | null | no |
state_id | Optional Terraform state_id from an existing deployment of the module to re-use with created resources. | string | null | no |
tag_namespace | The tag namespace for standard OKE defined tags. | string | "oke" | no |
tenancy_id | The tenancy id of the OCI Cloud Account in which to create the resources. | string | null | no |
timezone | n/a | string | n/a | yes |
volume_kms_key_id | The ID of the OCI KMS key to be used as the master encryption key for Boot Volume and Block Volume encryption by default when unspecified on a pool. | string | null | no |
worker_pool_mode | Default management mode for workers when unspecified on a pool. Only 'node-pool' is currently supported. | string | "node-pool" | no |
worker_subnet_id | n/a | string | n/a | yes |
Operator
Name | Description | Type | Default | Required |
---|---|---|---|---|
assign_dns | Operator | bool | n/a | yes |
install_cilium | n/a | bool | n/a | yes |
install_helm | n/a | bool | n/a | yes |
install_istioctl | n/a | bool | n/a | yes |
install_k9s | n/a | bool | n/a | yes |
install_kubectl_from_repo | n/a | bool | true | no |
install_kubectx | n/a | bool | n/a | yes |
install_stern | n/a | bool | n/a | yes |
pv_transit_encryption | n/a | bool | n/a | yes |
upgrade | n/a | bool | n/a | yes |
use_defined_tags | n/a | bool | n/a | yes |
cloud_init | n/a | list(map(string)) | n/a | yes |
nsg_ids | n/a | list(string) | n/a | yes |
shape | n/a | map(any) | n/a | yes |
defined_tags | Tags | map(string) | n/a | yes |
freeform_tags | n/a | map(string) | n/a | yes |
availability_domain | n/a | string | n/a | yes |
bastion_host | Bastion (to await cloud-init completion) | string | n/a | yes |
bastion_user | n/a | string | n/a | yes |
compartment_id | Common | string | n/a | yes |
image_id | n/a | string | n/a | yes |
kubeconfig | n/a | string | n/a | yes |
kubernetes_version | n/a | string | n/a | yes |
operator_image_os_version | n/a | string | n/a | yes |
ssh_private_key | n/a | string | n/a | yes |
ssh_public_key | n/a | string | n/a | yes |
state_id | n/a | string | n/a | yes |
subnet_id | n/a | string | n/a | yes |
tag_namespace | n/a | string | n/a | yes |
timezone | n/a | string | n/a | yes |
user | n/a | string | n/a | yes |
volume_kms_key_id | n/a | string | n/a | yes |