OCI Cloud Bricks: Oracle Container (Kubernetes) Engine (OKE) - Cluster
Introduction
The following cloud brick enables you to create a decoupled Oracle Kubernetes Engine Cluster associated to a particular compartment and subnets
Reference Architecture
The following is the reference architecture associated to this brick
In this case, you can take advantage of the decoupled nature of the network compartment and the artifact compartment for cost tracking purposes.
Prerequisites
- Pre existent Compartment structure
- Pre existent VCN and Subnets
Sample tfvar file
########## SAMPLE TFVAR FILE ##########
########## PROVIDER SPECIFIC VARIABLES ##########
region = "foo-region-1"
tenancy_ocid = "ocid1.tenancy.oc1..abcdefg"
user_ocid = "ocid1.user.oc1..aaaaaaabcdefg"
fingerprint = "fo:oo:ba:ar:ba:ar"
private_key_path = "/absolute/path/to/api/key/your_api_key.pem"
########## PROVIDER SPECIFIC VARIABLES ##########
########## ARTIFACT SPECIFIC VARIABLES ##########
oke_instance_compartment_name = "MY_ARTIFACT_COMPARTMENT"
oke_network_compartment_name = "MY_NETWORK_COMPARTMENT"
oke_vcn_display_name = "MY_VCN"
oke_lbaas_network_subnet_name = "My_Public_Subnet"
oke_endpoint_subnet_name = "My_Public_Subnet"
oke_endpoint_is_public_ip_enabled = true
oke_availability_domain_map = { "ad1" : "aBCD:foo-REGION-1-AD-1", "ad2" : "aBCD:foo-REGION-1-AD-2" , "ad2" : "aBCD:foo-REGION-1-AD-3" }
cluster_name = "my_k8_cluster"
k8s_version = "vX.Y.Z"
k8s_dashboard_enabled = true
k8s_tiller_enabled = true
########## ARTIFACT SPECIFIC VARIABLES ##########
########## SAMPLE TFVAR FILE ##########Variable specific considerations
- Different compartments for both Network and Artifact can be used. These can be the same as well. Provide it's corresponding Display Name in the corresponding variables
oke_instance_compartment_nameandoke_network_compartment_name - The OKE Cluster Control Plane, can be either public or private. In order to make it public, ise the variable
oke_endpoint_is_public_ip_enabledtotrueand use a public subnet under variableoke_endpoint_subnet_name - Is possible to use as many AD as are available on the region currently in use. These can be passed on separated by commas and enclosed by double quotes as above example
- The cluster version can be determined by the following link
- If Dashboard is required upon creation set the variable
k8s_dashboard_enabledtotrue - If Tiller is required upon creation set the variable
k8s_tiller_enabledtotrue
Sample provider
The following is the base provider definition to be used with this module
terraform {
required_version = ">= 0.13.5"
}
provider "oci" {
region = var.region
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = var.private_key_path
disable_auto_retries = "true"
}
provider "oci" {
alias = "home"
region = data.oci_identity_region_subscriptions.home_region_subscriptions.region_subscriptions[0].region_name
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = var.private_key_path
disable_auto_retries = "true"
}Variable documentation
Requirements
| Name | Version |
|---|---|
| terraform | >= 0.13.5 |
Providers
| Name | Version |
|---|---|
| oci | 4.35.0 |
| oci.home | 4.35.0 |
| random | 3.1.0 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| oci_containerengine_cluster.oke_cluster | resource |
| oci_identity_tag.release | resource |
| oci_identity_tag_namespace.devrel | resource |
| random_id.tag | resource |
| oci_core_subnets.ENDPOINTSUBNET | data source |
| oci_core_subnets.LBAASSUBNET | data source |
| oci_core_vcns.VCN | data source |
| oci_identity_compartments.COMPARTMENTS | data source |
| oci_identity_compartments.NWCOMPARTMENTS | data source |
| oci_identity_region_subscriptions.home_region_subscriptions | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_name | Defines the K8 Cluster Name | any |
n/a | yes |
| fingerprint | API Key Fingerprint for user_ocid derived from public API Key imported in OCI User config | any |
n/a | yes |
| k8s_dashboard_enabled | Defines if Kubernetes Dashboard is enabled for cluster | bool |
false |
no |
| k8s_tiller_enabled | Defines if Helm (Tiller) is enabled in cluster | bool |
false |
no |
| k8s_version | Declares K8 Version | any |
n/a | yes |
| oke_availability_domain_map | The name of the availability domain in which this node is placed | map(any) |
n/a | yes |
| oke_endpoint_is_public_ip_enabled | Determines if OKE Control Plane is located on public or private subnet | any |
n/a | yes |
| oke_endpoint_subnet_name | Determines the subnet where the control plane API will be located at | string |
"" |
no |
| oke_instance_compartment_id | Defines the compartment OCID where the infrastructure will be created | string |
"" |
no |
| oke_instance_compartment_name | Defines the compartment name where the infrastructure will be created | string |
"" |
no |
| oke_lbaas_network_subnet_name | Describes the display name of the subnet where LBaaS Components will be alocated by resource orchestrator | any |
n/a | yes |
| oke_network_compartment_name | Defines the compartment where the Network is currently located | any |
n/a | yes |
| oke_vcn_display_name | Defines the display name of the VCN where cluster will allocate LBaaS Ingress Controller components | any |
n/a | yes |
| private_key_path | Private Key Absolute path location where terraform is executed | any |
n/a | yes |
| region | Target region where artifacts are going to be created | any |
n/a | yes |
| tenancy_ocid | OCID of tenancy | any |
n/a | yes |
| user_ocid | User OCID in tenancy | any |
n/a | yes |
Outputs
| Name | Description |
|---|---|
| cluster | OKE Cluster details |
| oke_instance | OKE Cluster Object for integration purposes |
Contributing
This project is open source. Please submit your contributions by forking this repository and submitting a pull request! Oracle appreciates any contributions that are made by the open source community.
License
Copyright (c) 2021 Oracle and/or its affiliates.
Licensed under the Universal Permissive License (UPL), Version 1.0.
See LICENSE for more details.