diff --git a/terraform-provider-oci/oke-quickstartz/Readme.md b/terraform-provider-oci/oke-quickstartz/Readme.md index 8b13789..ee3c79b 100644 --- a/terraform-provider-oci/oke-quickstartz/Readme.md +++ b/terraform-provider-oci/oke-quickstartz/Readme.md @@ -1 +1,154 @@ + +## Requirements +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.1 | +| [helm](#requirement\_helm) | ~> 2 | +| [kubernetes](#requirement\_kubernetes) | ~> 2 | +| [local](#requirement\_local) | ~> 2 | +| [oci](#requirement\_oci) | ~> 4, < 5 | +| [random](#requirement\_random) | ~> 3 | +| [tls](#requirement\_tls) | ~> 4 | + +## Providers + +| Name | Version | +|------|---------| +| [oci](#provider\_oci) | 4.123.0 | +| [random](#provider\_random) | 3.6.2 | +| [tls](#provider\_tls) | 4.0.5 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [cluster-tools](#module\_cluster-tools) | ./modules/cluster-tools | n/a | +| [gateways](#module\_gateways) | ./modules/oci-networking/gateway | n/a | +| [route\_tables](#module\_route\_tables) | ./modules/oci-networking/route_table | n/a | +| [security\_lists](#module\_security\_lists) | ./modules/oci-networking/security_list | n/a | +| [subnets](#module\_subnets) | ./modules/oci-networking/subnet | n/a | +| [vcn](#module\_vcn) | ./modules/oci-networking/vcn | n/a | +| [cluster-compartment-policies](#module\_cluster-compartment-policies) | ./modules/oci-policies | n/a | +| [cluster-dynamic-group](#module\_cluster-dynamic-group) | ./modules/oci-policies | n/a | +| [vault](#module\_vault) | ./modules/oci-vault-kms | n/a | +| [oke](#module\_oke) | ./modules/oke | n/a | +| [oke\_cluster\_autoscaler](#module\_oke\_cluster\_autoscaler) | ./modules/oke-cluster-autoscaler | n/a | +| [oke\_node\_pools](#module\_oke\_node\_pools) | ./modules/oke-node-pool | n/a | + +## Resources + +| Name | Type | +|------|------| +| [oci_identity_compartment.oke_compartment](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_compartment) | resource | +| [random_string.deploy_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [tls_private_key.oke_worker_node_ssh_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | +| [oci_core_services.all_services_network](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_services) | data source | +| [oci_identity_regions.home_region](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/identity_regions) | data source | +| [oci_identity_tenancy.tenant_details](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/identity_tenancy) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [compartment\_ocid](#input\_compartment\_ocid) | n/a | `any` | n/a | yes | +| [extra\_security\_list\_name\_for\_api\_endpoint](#input\_extra\_security\_list\_name\_for\_api\_endpoint) | Extra security list name previosly created to be used by the K8s API Endpoint Subnet. | `any` | `null` | no | +| [extra\_security\_list\_name\_for\_nodes](#input\_extra\_security\_list\_name\_for\_nodes) | Extra security list name previosly created to be used by the Nodes Subnet. | `any` | `null` | no | +| [extra\_security\_list\_name\_for\_vcn\_native\_pod\_networking](#input\_extra\_security\_list\_name\_for\_vcn\_native\_pod\_networking) | Extra security list name previosly created to be used by the VCN Native Pod Networking Subnet. | `any` | `null` | no | +| [region](#input\_region) | n/a | `any` | n/a | yes | +| [tenancy\_ocid](#input\_tenancy\_ocid) | ############################################################################### OCI Provider Variables ############################################################################### | `any` | n/a | yes | +| [cert\_manager\_enabled](#input\_cert\_manager\_enabled) | Enable x509 Certificate Management | `bool` | `false` | no | +| [create\_compartment\_policies](#input\_create\_compartment\_policies) | Creates policies that will reside on the compartment. e.g.: Policies to support Cluster Autoscaler, OCI Logging datasource on Grafana | `bool` | `true` | no | +| [create\_dynamic\_group\_for\_nodes\_in\_compartment](#input\_create\_dynamic\_group\_for\_nodes\_in\_compartment) | Creates dynamic group of Nodes in the compartment. Note: You need to have proper rights on the Tenancy. If you only have rights in a compartment, uncheck and ask you administrator to create the Dynamic Group for you | `bool` | `true` | no | +| [create\_new\_compartment\_for\_oke](#input\_create\_new\_compartment\_for\_oke) | Creates new compartment for OKE Nodes and OCI Services deployed. NOTE: The creation of the compartment increases the deployment time by at least 3 minutes, and can increase by 15 minutes when destroying | `bool` | `false` | no | +| [create\_new\_encryption\_key](#input\_create\_new\_encryption\_key) | Creates new vault and key on OCI Vault/Key Management/KMS and assign to boot volume of the worker nodes | `bool` | `false` | no | +| [create\_new\_oke\_cluster](#input\_create\_new\_oke\_cluster) | Creates a new OKE cluster, node pool and network resources | `bool` | `true` | no | +| [create\_new\_vcn](#input\_create\_new\_vcn) | Creates a new Virtual Cloud Network (VCN). If false, the VCN must be provided in the variable 'existent\_vcn\_ocid'. | `bool` | `true` | no | +| [create\_pod\_network\_subnet](#input\_create\_pod\_network\_subnet) | Create PODs Network subnet for OKE. To be used with CNI Type OCI\_VCN\_IP\_NATIVE | `bool` | `false` | no | +| [create\_subnets](#input\_create\_subnets) | Create subnets for OKE: Endpoint, Nodes, Load Balancers. If CNI Type OCI\_VCN\_IP\_NATIVE, also creates the PODs VCN. If FSS Mount Targets, also creates the FSS Mount Targets Subnet | `bool` | `true` | no | +| [create\_tenancy\_policies](#input\_create\_tenancy\_policies) | Creates policies that need to reside on the tenancy. e.g.: Policies to support OCI Metrics datasource on Grafana | `bool` | `false` | no | +| [create\_vault\_policies\_for\_group](#input\_create\_vault\_policies\_for\_group) | Creates policies to allow the user applying the stack to manage vault and keys. If you are on the Administrators group or already have the policies for a compartment, this policy is not needed. If you do not have access to allow the policy, ask your administrator to include it for you | `bool` | `false` | no | +| [generate\_public\_ssh\_key](#input\_generate\_public\_ssh\_key) | n/a | `bool` | `true` | no | +| [grafana\_enabled](#input\_grafana\_enabled) | Enable Grafana Dashboards. Includes example dashboards and Prometheus, OCI Logging and OCI Metrics datasources | `bool` | `false` | no | +| [ingress\_hosts\_include\_nip\_io](#input\_ingress\_hosts\_include\_nip\_io) | Include app\_name.HEXXX.nip.io on the ingress hosts. e.g.: mushop.HEXXX.nip.io | `bool` | `true` | no | +| [ingress\_nginx\_enabled](#input\_ingress\_nginx\_enabled) | Enable Ingress Nginx for Kubernetes Services (This option provision a Load Balancer) | `bool` | `false` | no | +| [ingress\_tls](#input\_ingress\_tls) | If enabled, will generate SSL certificates to enable HTTPS for the ingress using the Certificate Issuer | `bool` | `false` | no | +| [is\_ipv6enabled](#input\_is\_ipv6enabled) | Whether IPv6 is enabled for the Virtual Cloud Network (VCN). | `bool` | `false` | no | +| [metrics\_server\_enabled](#input\_metrics\_server\_enabled) | Enable Metrics Server for Metrics, HPA, VPA and Cluster Autoscaler | `bool` | `true` | no | +| [node\_pool\_autoscaler\_enabled\_1](#input\_node\_pool\_autoscaler\_enabled\_1) | Enable Cluster Autoscaler on the node pool (pool1). Node pools will auto scale based on the resources usage and will add or remove nodes (Compute) based on the min and max number of nodes | `bool` | `true` | no | +| [prometheus\_enabled](#input\_prometheus\_enabled) | Enable Prometheus | `bool` | `false` | no | +| [use\_encryption\_from\_oci\_vault](#input\_use\_encryption\_from\_oci\_vault) | By default, Oracle manages the keys that encrypts Kubernetes Secrets at Rest in Etcd, but you can choose a key from a vault that you have access to, if you want greater control over the key's lifecycle and how it's used | `bool` | `false` | no | +| [extra\_initial\_node\_labels\_1](#input\_extra\_initial\_node\_labels\_1) | Extra initial node labels to be added to the node pool 1 | `list` | `[]` | no | +| [extra\_node\_pools](#input\_extra\_node\_pools) | Extra node pools to be added to the cluster | `list` | `[]` | no | +| [extra\_route\_tables](#input\_extra\_route\_tables) | Extra route tables to be created. | `list` | `[]` | no | +| [extra\_security\_lists](#input\_extra\_security\_lists) | Extra security lists to be created. | `list` | `[]` | no | +| [extra\_subnets](#input\_extra\_subnets) | Extra subnets to be created. | `list` | `[]` | no | +| [ipv6private\_cidr\_blocks](#input\_ipv6private\_cidr\_blocks) | The list of one or more ULA or Private IPv6 CIDR blocks for the Virtual Cloud Network (VCN). | `list` | `[]` | no | +| [node\_pool\_cloud\_init\_parts\_1](#input\_node\_pool\_cloud\_init\_parts\_1) | Node Pool nodes Cloud init parts | 
list(object({
    content_type = string
    content      = string
    filename     = string
  }))
| `[]` | no | +| [node\_pool\_instance\_shape\_1](#input\_node\_pool\_instance\_shape\_1) | A shape is a template that determines the number of OCPUs, amount of memory, and other resources allocated to a newly created instance for the Worker Node. Select at least 2 OCPUs and 16GB of memory if using Flex shapes | `map(any)` | 
{
  "instanceShape": "VM.Standard.E4.Flex",
  "memory": 16,
  "ocpus": 2
}
| no | +| [tag\_values](#input\_tag\_values) | Use Tagging to add metadata to resources. All resources created by this stack will be tagged with the selected tag values. | `map(any)` | 
{
  "definedTags": {},
  "freeformTags": {
    "DeploymentType": "generic",
    "Environment": "Development"
  }
}
| no | +| [node\_pool\_initial\_num\_worker\_nodes\_1](#input\_node\_pool\_initial\_num\_worker\_nodes\_1) | The number of worker nodes in the node pool. If enable Cluster Autoscaler, will assume the minimum number of nodes on the node pool to be scheduled by the Kubernetes (pool1) | `number` | `2` | no | +| [node\_pool\_max\_num\_worker\_nodes\_1](#input\_node\_pool\_max\_num\_worker\_nodes\_1) | Maximum number of nodes on the node pool to be scheduled by the Kubernetes (pool1) | `number` | `2` | no | +| [node\_pool\_shape\_specific\_ad\_1](#input\_node\_pool\_shape\_specific\_ad\_1) | The number of the AD to get the shape for the node pool | `number` | `0` | no | +| [app\_name](#input\_app\_name) | Application name. Will be used as prefix to identify resources, such as OKE, VCN, ATP, and others | `string` | `"K8s App"` | no | +| [cluster\_cni\_type](#input\_cluster\_cni\_type) | The CNI type to use for the cluster. Valid values are: FLANNEL\_OVERLAY or OCI\_VCN\_IP\_NATIVE | `string` | `"FLANNEL_OVERLAY"` | no | +| [cluster\_endpoint\_visibility](#input\_cluster\_endpoint\_visibility) | The Kubernetes cluster that is created will be hosted on a public subnet with a public IP address auto-assigned or on a private subnet. If Private, additional configuration will be necessary to run kubectl commands | `string` | `"Public"` | no | +| [cluster\_load\_balancer\_visibility](#input\_cluster\_load\_balancer\_visibility) | The Load Balancer that is created will be hosted on a public subnet with a public IP address auto-assigned or on a private subnet. This affects the Kubernetes services, ingress controller and other load balancers resources | `string` | `"Public"` | no | +| [cluster\_type](#input\_cluster\_type) | The type of OKE cluster to create. Valid values are: BASIC\_CLUSTER or ENHANCED\_CLUSTER | `string` | `"ENHANCED_CLUSTER"` | no | +| [cluster\_workers\_visibility](#input\_cluster\_workers\_visibility) | The Kubernetes worker nodes that are created will be hosted in public or private subnet(s) | `string` | `"Private"` | no | +| [existent\_dynamic\_group\_for\_nodes\_in\_compartment](#input\_existent\_dynamic\_group\_for\_nodes\_in\_compartment) | Enter previous created Dynamic Group for the policies | `string` | `""` | no | +| [existent\_encryption\_key\_id](#input\_existent\_encryption\_key\_id) | Use an existent master encryption key to encrypt boot volume and object storage bucket. NOTE: If the key resides in a different compartment or in a different tenancy, make sure you have the proper policies to access, or the provision of the worker nodes will fail | `string` | `""` | no | +| [existent\_oke\_cluster\_id](#input\_existent\_oke\_cluster\_id) | Using existent OKE Cluster. Only the application and services will be provisioned. If select cluster autoscaler feature, you need to get the node pool id and enter when required | `string` | `""` | no | +| [existent\_oke\_fss\_mount\_targets\_subnet\_ocid](#input\_existent\_oke\_fss\_mount\_targets\_subnet\_ocid) | The OCID of the subnet where the Kubernetes FSS mount targets will be hosted | `string` | `""` | no | +| [existent\_oke\_k8s\_endpoint\_subnet\_ocid](#input\_existent\_oke\_k8s\_endpoint\_subnet\_ocid) | The OCID of the subnet where the Kubernetes cluster endpoint will be hosted | `string` | `""` | no | +| [existent\_oke\_load\_balancer\_subnet\_ocid](#input\_existent\_oke\_load\_balancer\_subnet\_ocid) | The OCID of the subnet where the Kubernetes load balancers will be hosted | `string` | `""` | no | +| [existent\_oke\_nodepool\_id\_for\_autoscaler\_1](#input\_existent\_oke\_nodepool\_id\_for\_autoscaler\_1) | Nodepool Id of the existent OKE to use with Cluster Autoscaler (pool1) | `string` | `""` | no | +| [existent\_oke\_nodes\_subnet\_ocid](#input\_existent\_oke\_nodes\_subnet\_ocid) | The OCID of the subnet where the Kubernetes worker nodes will be hosted | `string` | `""` | no | +| [existent\_oke\_vcn\_native\_pod\_networking\_subnet\_ocid](#input\_existent\_oke\_vcn\_native\_pod\_networking\_subnet\_ocid) | The OCID of the subnet where the Kubernetes VCN Native Pod Networking will be hosted | `string` | `""` | no | +| [existent\_vcn\_compartment\_ocid](#input\_existent\_vcn\_compartment\_ocid) | Compartment OCID for existent Virtual Cloud Network (VCN). | `string` | `""` | no | +| [existent\_vcn\_ocid](#input\_existent\_vcn\_ocid) | Using existent Virtual Cloud Network (VCN) OCID. | `string` | `""` | no | +| [fingerprint](#input\_fingerprint) | n/a | `string` | `""` | no | +| [home\_region](#input\_home\_region) | n/a | `string` | `""` | no | +| [image\_operating\_system\_1](#input\_image\_operating\_system\_1) | The OS/image installed on all nodes in the node pool. | `string` | `"Oracle Linux"` | no | +| [image\_operating\_system\_version\_1](#input\_image\_operating\_system\_version\_1) | The OS/image version installed on all nodes in the node pool. | `string` | `"8"` | no | +| [ingress\_cluster\_issuer](#input\_ingress\_cluster\_issuer) | Certificate issuer type. Currently supports the free Let's Encrypt and Self-Signed. Only *letsencrypt-prod* generates valid certificates | `string` | `"letsencrypt-prod"` | no | +| [ingress\_email\_issuer](#input\_ingress\_email\_issuer) | You must replace this email address with your own. The certificate provider will use this to contact you about expiring certificates, and issues related to your account. | `string` | `"no-reply@example.cloud"` | no | +| [ingress\_hosts](#input\_ingress\_hosts) | Enter a valid full qualified domain name (FQDN). You will need to map the domain name to the EXTERNAL-IP address on your DNS provider (DNS Registry type - A). If you have multiple domain names, include separated by comma. e.g.: mushop.example.com,catshop.com | `string` | `""` | no | +| [ingress\_load\_balancer\_shape](#input\_ingress\_load\_balancer\_shape) | Shape that will be included on the Ingress annotation for the OCI Load Balancer creation | `string` | `"flexible"` | no | +| [ingress\_load\_balancer\_shape\_flex\_max](#input\_ingress\_load\_balancer\_shape\_flex\_max) | Enter the maximum size of the flexible shape (Should be bigger than minimum size). The maximum service limit is set by your tenancy limits. | `string` | `"100"` | no | +| [ingress\_load\_balancer\_shape\_flex\_min](#input\_ingress\_load\_balancer\_shape\_flex\_min) | Enter the minimum size of the flexible shape. | `string` | `"10"` | no | +| [k8s\_version](#input\_k8s\_version) | Kubernetes version installed on your Control Plane and worker nodes. If not version select, will use the latest available. | `string` | `"Latest"` | no | +| [nip\_io\_domain](#input\_nip\_io\_domain) | Dynamic wildcard DNS for the application hostname. Should support hex notation. e.g.: nip.io | `string` | `"nip.io"` | no | +| [node\_pool\_boot\_volume\_size\_in\_gbs\_1](#input\_node\_pool\_boot\_volume\_size\_in\_gbs\_1) | Specify a custom boot volume size (in GB) | `string` | `"60"` | no | +| [node\_pool\_cni\_type\_1](#input\_node\_pool\_cni\_type\_1) | The CNI type to use for the cluster. Valid values are: FLANNEL\_OVERLAY or OCI\_VCN\_IP\_NATIVE | `string` | `"FLANNEL_OVERLAY"` | no | +| [node\_pool\_name\_1](#input\_node\_pool\_name\_1) | Name of the node pool 1 | `string` | `"pool1"` | no | +| [node\_pool\_oke\_init\_params\_1](#input\_node\_pool\_oke\_init\_params\_1) | OKE Init params | `string` | `""` | no | +| [oke\_compartment\_description](#input\_oke\_compartment\_description) | n/a | `string` | `"Compartment for OKE, Nodes and Services"` | no | +| [pods\_network\_visibility](#input\_pods\_network\_visibility) | The PODs that are created will be hosted on a public subnet with a public IP address auto-assigned or on a private subnet. This affects the Kubernetes services and pods | `string` | `"Private"` | no | +| [private\_key\_path](#input\_private\_key\_path) | n/a | `string` | `""` | no | +| [public\_ssh\_key](#input\_public\_ssh\_key) | In order to access your private nodes with a public SSH key you will need to set up a bastion host (a.k.a. jump box). If using public nodes, bastion is not needed. Left blank to not import keys. | `string` | `""` | no | +| [user\_admin\_group\_for\_vault\_policy](#input\_user\_admin\_group\_for\_vault\_policy) | User Identity Group to allow manage vault and keys. The user running the Terraform scripts or Applying the ORM Stack need to be on this group | `string` | `"Administrators"` | no | +| [user\_ocid](#input\_user\_ocid) | n/a | `string` | `""` | no | +| [vcn\_cidr\_blocks](#input\_vcn\_cidr\_blocks) | IPv4 CIDR Blocks for the Virtual Cloud Network (VCN). If use more than one block, separate them with comma. e.g.: 10.20.0.0/16,10.80.0.0/16. If you plan to peer this VCN with another VCN, the VCNs must not have overlapping CIDRs. | `string` | `"10.20.0.0/16"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [app\_url](#output\_app\_url) | Application URL | +| [cluster\_type\_value](#output\_cluster\_type\_value) | n/a | +| [comments](#output\_comments) | OKE Outputs | +| [deploy\_id](#output\_deploy\_id) | n/a | +| [deployed\_oke\_kubernetes\_version](#output\_deployed\_oke\_kubernetes\_version) | n/a | +| [deployed\_to\_region](#output\_deployed\_to\_region) | n/a | +| [dev](#output\_dev) | n/a | +| [generated\_private\_key\_pem](#output\_generated\_private\_key\_pem) | ## Important Security Notice ### The private key generated by this resource will be stored unencrypted in your Terraform state file. Use of this resource for production deployments is not recommended. Instead, generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run. | +| [grafana\_admin\_password](#output\_grafana\_admin\_password) | Cluster Tools Outputs # grafana | +| [grafana\_url](#output\_grafana\_url) | Grafana Dashboards URL | +| [kubeconfig](#output\_kubeconfig) | n/a | +| [kubeconfig\_for\_kubectl](#output\_kubeconfig\_for\_kubectl) | If using Terraform locally, this command set KUBECONFIG environment variable to run kubectl locally | +| [oke\_cluster\_ocid](#output\_oke\_cluster\_ocid) | n/a | +| [oke\_node\_pools](#output\_oke\_node\_pools) | n/a | +| [stack\_version](#output\_stack\_version) | Deployment outputs | +| [subnets](#output\_subnets) | n/a | + \ No newline at end of file