search

oracle-terraform-modules / terraform-oci-oke

The Terraform OKE Module Installer for Oracle Cloud Infrastructure provides a Terraform module that provisions the necessary resources for Oracle Container Engine.
https://oracle-terraform-modules.github.io/terraform-oci-oke/
Universal Permissive License v1.0
153 stars 206 forks source link

oci-oke-lb subnet pick-up change #945

Open Charbel-Metrot opened 1 month ago

Charbel-Metrot commented 1 month ago

Hello,

We are trying to change the default selected subnet for the load balancer in order to use a different existing public subnet instead of the pub_lb subnet. and which parameter is the right one to do this change.

Alternatively, we would like to adjust the current NSG rules of the pub_lb subnet. Is it done using the below variables?

` public_lb_allowed_ports = [80, 443, 15021]

allow_rules_public_lb = { for p in local.public_lb_allowed_ports :

format("Allow ingress to port %v", p) => {
  protocol = local.tcp_protocol, port = p, source = "0.0.0.0/0", source_type = local.rule_type_cidr,
}

} `

Thank you in advance for your help.

robo-cap commented 1 week ago

You can set the default subnet to be used for the OKE services using the subnet variable.

Once the cluster is created is not possible to change the default subnet used for the LoadBalancer type services.

If you intend to customize the subnet used for a service you can achieve this through annotation service.beta.kubernetes.io/oci-load-balancer-subnet1 as instructed here.

To whitelist ports on the LB NSG you can use the allow_rules_public_lb variable as in this example.