The Terraform OKE Module Installer for Oracle Cloud Infrastructure provides a Terraform module that provisions the necessary resources for Oracle Container Engine.
module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow TCP egress from workers for NFS portmapper to FSS mounts"]
module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow TCP egress from workers for NFS to FSS mounts"]
module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow TCP ingress to workers for NFS from FSS mounts"]
module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow TCP ingress to workers for NFS portmapper from FSS mounts"]
module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow UDP egress from workers for NFS portmapper to FSS mounts"]
module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow UDP egress from workers for NFS to FSS mounts"]
module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow UDP ingress to workers for NFS portmapper from FSS mounts"]
Terraform Configuration Files
locals {
## Networking
subnets = {
bastion = { create = "never" }
operator = { create = "never" }
cp = { create = "never", id = var.cp_subnet_id }
fss = { create = "never" }
int_lb = { create = "never", id = var.int_lb_subnet_id }
pub_lb = { create = "never" }
workers = { create = "never", id = var.workers_subnet_id }
pods = { create = "never", id = var.pods_subnet_id }
}
nsgs = {
bastion = { create = "never" }
operator = { create = "never" }
cp = { create = "always" }
fss = { create = "always" }
int_lb = { create = "always" }
pub_lb = { create = "never" }
workers = { create = "always" }
pods = { create = var.enable_npn ? "always" : "never" }
}
## Workers
worker_pools = {
"oke-nodepool-${var.instance}-workers" = {
size = 3
}
}
}
module "oke" {
source = "git::https://github.com/oracle-terraform-modules/terraform-oci-oke.git?ref=v5.1.4"
providers = { oci.home = oci }
# Identity
state_id = var.instance
cluster_name = "oke-${var.instance}"
# Placement
tenancy_id = var.tenancy_ocid
compartment_id = var.compartment_id
network_compartment_id = var.network_compartment_id
# Actions
create_vcn = false
create_drg = false
create_bastion = false
create_cluster = true
create_operator = false
# Networking
vcn_id = var.vcn_id
subnets = local.subnets
nsgs = local.nsgs
allow_worker_internet_access = false
allow_pod_internet_access = false
# Cluster
kubernetes_version = var.kubernetes_version
cluster_type = "enhanced"
control_plane_is_public = false
preferred_load_balancer = "internal"
cni_type = var.enable_npn ? "npn" : "flannel"
control_plane_nsg_ids = var.control_plane_nsg_ids
# Workers
worker_pools = local.worker_pools
ssh_public_key = join("\n", var.ssh_public_keys)
worker_nsg_ids = var.worker_nsg_ids
}```
### Debug Output
### Panic Output
### Expected Behavior
Security rules created in FSS NSG and Workers NSG should match the documentation: https://docs.oracle.com/en-us/iaas/Content/File/Tasks/securitylistsfilestorage.htm
### Actual Behavior
Generated rules are different from documentation in two ways:
### Steps to Reproduce
<!--- Please list the steps required to reproduce the issue. --->
1. `terraform apply`
### Important Factoids
<!--- Is there anything atypical about your environment that we should know? For example: Is the issue specific to a region? --->
### References
<!---
Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests
Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor documentation? For example:
--->
Community Note
Terraform Version and Provider Version
Terraform v1.5.7 on linux_amd64
Affected Resource(s)
module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow TCP egress from workers for NFS portmapper to FSS mounts"] module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow TCP egress from workers for NFS to FSS mounts"] module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow TCP ingress to workers for NFS from FSS mounts"] module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow TCP ingress to workers for NFS portmapper from FSS mounts"] module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow UDP egress from workers for NFS portmapper to FSS mounts"] module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow UDP egress from workers for NFS to FSS mounts"] module.oke.module.network.oci_core_network_security_group_security_rule.oke["Allow UDP ingress to workers for NFS portmapper from FSS mounts"]
Terraform Configuration Files