Variables in Terraform Scripts
The variables you need input to the terraform scripts in Oracle WebLogic Server for OKE.
Note:
If you are using a Oracle WebLogic Server for OKE (Release 21.3.2 or earlier), see Terraform Scripts in Oracle WebLogic Server for OKE (Release 21.3.2 or earlier).The following table lists all the variables in terraform scripts:
Table 1-1 Variables in terraform scripts
Variables | Type | Default Value | Optional | Can be updated? | Description |
---|---|---|---|---|---|
Authentication Information Note: Use |
______ | ______ | ______ | ______ | ______ |
|
String | - | - | Yes | Fingerprint of the OCI API private key. |
|
String | - | - | - | Path to the private key that matches the fingerprint. |
|
String | - | - | - | OCID of the tenancy in which you want to perform changes. |
|
String | - | - | - | OCID of the signed in user. That is, your OCID. |
WebLogic Server Variables |
______ | ______ | ______ | ______ | ______ |
|
String | - | - | - | OCID of the compartment for WebLogic instances. |
|
String | - | - | - | Region for provisioning. |
|
String | - | - | - | Prefix for stack resources. The names of all the related compute and network resources begins with the prefix you assign here. |
|
String | - | - | - | Content of public key for access. |
|
String | - | - | - | Prefix for stack resources. The names of all the related compute and network resources begins with the prefix you assign here. |
General |
______ | ______ | ______ | ______ | ______ |
|
Boolean | true |
Yes | - | Create policies to read Secrets from Vault and manage ATP database (if applicable). |
Container Cluster (OKE) Configuration |
______ | ______ | ______ | ______ | ______ |
|
String | - | - | - | Existing cluster ID value. |
|
String | Latest Kubernetes version is displayed by default. | Yes | - | Kubernetes version. |
|
String | 1 |
- | Yes |
Count of the non-WebLogic node pool. Note: If you update the node pool count, then the node pool is recreated. If you scale the compute instance and the WebLogic server Operator does not connect to the WebLogic server Persistence store, see Scaling Compute Instances. |
|
String | VM.Standard2.1 |
- | Yes | Shape of the non-WLS node pool. |
|
String | - | Yes | - | CIDR value of the OKE pod. |
|
String | - | Yes | - | CIDR value of the services. |
|
String | - | - | - | Name of the OKE cluster. |
|
String | VM.Standard2.1 |
- | Yes | Shape of the worker nodes. |
|
Number | 1 |
- | Yes | Number of nodes in the WebLogic node pool.
Note: If you update the node pool count, then the node pool is recreated. If you scale the compute instance and the WebLogic server Operator does not connect to the WebLogic server Persistence store, see Scaling Compute Instances. |
|
Boolean | false |
- | - | Indicates if you have enabled encryption by using the
master encryption key in Vault. If you do not enable this option, the
standard block storage encryption is used for etcd read
and write and Kubernetes secrets at rest in etcd are
not encrypted.
|
|
String | - | - | - | Key OCID for Kubernetes secret encryption. |
|
Boolean | false |
- | - | Indicates if you are using an existing cluster. |
|
Boolean | false |
- | - | Indicates if you are using a public or private endpoint for the cluster. |
Container Cluster (OKE) Administration Instances |
______ | ______ | ______ | ______ | ______ |
|
String | - | - | - | Name of the availability domain for the administrator instance. |
|
String | VM.Standard.E2.1 |
- | - | Shape for administrator instance. |
|
String | VM.Standard.E2.1 |
- | - | Shape for bastion instance. |
|
Boolean | false |
- | - | Indicates the admin host have a public IP. |
Network Variables |
______ | ______ | ______ | ______ | ______ |
|
String | - | - | - | The network compartment ID. |
|
String | - | - | - | OCID of an existing VCN where you want to create the compute instances, network resources, and load balancers. |
|
String | - | - | - | OCID of an existing load balancer subnets. |
|
String | - | - | - | OCID for an existing bastion subnet. |
|
String | - | - | - | OCID for an OKE worker node subnet. |
|
String | - | - | - | OCID for an existing cluster private API endpoint subnet. |
|
String | - | - | - | OCID for an existing administrator subnet. |
|
String | - | - | - | OCID for an existing FSS subnet. |
|
String | - | Yes | - |
OCID for an existing NAT gateway. Note: You need to specify either the NAT gateway
( |
|
String | - | Yes | - |
OCID for an existing service gateway. Note: You need to specify either the NAT gateway
( |
|
Boolean | true |
Yes | - | Creates bastion for the stack.
If
|
|
String | 10.0.0.0/16 |
- | - | CIDR block of the VCN. |
|
CIDR of the load balancer subnet. | ||||
|
CIDR for an OKE worker node subnet. | ||||
|
CIDR for an existing cluster private API endpoint subnet. | ||||
|
CIDR for an existing bastion subnet. | ||||
|
CIDR for an existing administrator subnet. | ||||
|
CIDR for an existing FSS subnet. | ||||
Load Balancer Variables |
______ | ______ | ______ | ______ | ______ |
|
String | flexible |
- | - | Shape of the ingress load balancer. |
ingress_lb_shape_min |
String | 10 Mbps |
- | Yes | Minimum size of the flexible load balancer shape. |
ingress_lb_shape_max |
String | 100 Mbps |
- | Yes | MAximum size of the flexible load balancer shape. |
Shared File System Variables |
______ | ______ | ______ | ______ | ______ |
|
String | - | - | - | OCID of the availability domain for Shared File System. |
|
String | - | Yes | - | OCID for the mount target. |
|
String | - | Yes | - | OCID of the compartment for the mount target.
This variable is required if
|
OCIR Variables |
______ | ______ | ______ | ______ | ______ |
|
String | - | - | - | OCIR user name. |
|
String | - | - | - | OCID token for the OCIR user name. |
|
String | - | - | - | The URL to the OCIR. |
|
String | - | - | - | The OCIR repository to download the existing custom WLS image to create a domain. |
Gateway Variables |
______ | ______ | ______ | ______ | ______ |
|
Boolean | true
|
- | - | Indicates if you want to create a NAT gateway. |
|
Boolean | true
|
Indicates if you want to create a service gateway. | ||
Security Variables |
______ | ______ | ______ | ______ | ______ |
|
Boolean | false
|
- | - | Indicates if you want to allow access to NodePorts, when worker nodes are outside the access zone (only applicable for public worker nodes). |
|
Boolean | true
|
- | - | Indicates if you want to allow SSH access to worker nodes, for worker nodes in instances in the same VCN. |
Verrazzano Variables |
______ | ______ | ______ | ______ | ______ |
|
Boolean | false |
Yes | - | Indicates if you have enabled Verrazzano integration. |
vz_profile |
String | prod |
- | - | The deployment profile for Verrazzano. |
vz_env_name |
String | - | - | Name of the Verrazzano installation. This name is part of the generated endpoint access URLs. | |
vz_customize_dns |
Boolean | false |
- | - | Indicates if you have enabled to customize DNS configurations for Verrazzano system and application endpoints. |
vz_customize_certificates |
Boolean | false |
- | - | Indicates if you have enabled to customize SSL certificate generation for Verrazzano system endpoints. |
vz_customize_elastic_search |
Boolean | false |
- | - | Indicates if you have enabled to customize Elastic Search. |
vz_customize_persistent_storage |
Boolean | false |
- | - | Indicates if you have enabled to customize Persistent Volumes. |
vz_dns_type |
String | Wildcard |
- | - | The DNS type. |
vz_wild_card_dns_type |
String | nip.io |
- | - | The DNS Wildcard type. |
vz_dns_zone_compartment_ocid |
String | - | - | - | The OCI DNS Zone compartment ID. |
vz_dns_zone_ocid |
String | - | - | - | The OCI DNS Zone OCID. |
vz_certificate_type |
String | Verrazzano self-signed CA |
- | - | The certificate type. |
vz_custom_ca_signing_key_secret_ocid |
String | - | - | - | The custom CA signing key secret OCID. |
vz_custom_ca_cert_secret_ocid |
String | - | - | - | The custom CA Cert secret OCID |
vz_letsencrypt_email |
String | - | - | - | The email ID for LetsEncrypt. |
vz_letsencrypt_env |
String | production |
- | - | The LetsEncrypt environment type. |
vz_is_system_lb_private |
Boolean | true |
- | - | The system load balancer visibility type. |
vz_system_lb_shape |
String | flexible |
- | - | The shape of the system load balancer. |
vz_system_lb_min_bandwidth |
Number | 10 |
The minimum bandwidth of the system load balancer. | ||
vz_system_lb_max_bandwidth |
Number | 10 |
- | - | The maximum bandwidth of the system load balancer. |
vz_is_app_lb_private |
Boolean | false |
- | - | The application load balancer visibility type |
vz_app_lb_shape |
String | flexible |
- | - | The shape of the application load balancer. |
vz_app_lb_min_bandwidth |
Number | 10 |
- | - | The minimum bandwidth of the application load balancer. |
vz_app_lb_max_bandwidth |
Number | 100 |
- | - | The maximum bandwidth of the application load balancer. |
vz_es_master_node_replica_count |
Number | 3 |
- | - | The number of master node replicas. |
vz_es_master_node_memory |
Number | 1.4 |
- | - | The master node memory in GB. |
vz_es_ingest_node_replica_count |
Number | 1 |
- | - | The number of ingest node replicas. |
vz_es_ingest_node_memory |
Number | 2.5 |
- | - | The Ingest node memory in GB. |
vz_es_data_replica_count |
Number | 2 |
- | - | The number of data replicas. |
vz_es_data_replica_memory |
Number | 4.8 |
- | - | The data replicate memory in GB. |
vz_es_storage_size |
Number | 50 |
- | - | The storage capacity in GB. |
vz_ephemeral_storage |
Boolean | false |
- | - | Use Ephemeral Storage for Dev profiles only. |
vz_ps_capacity_global |
Number | 50 |
- | - | The persistent volume storage capacity for all components in GB. |
vz_ps_capacity_keycloak |
Number | 50 |
- | - | The persistent volume storage capacity for Keycloak in GB. |
vz_node_pool_shape |
String | VM.Standard2.4 |
- | - | The shape of worker nodes. |
vz_node_pool_count |
Number | 3 |
- | - | The number of nodes in the Verrazzano node pool. |
Note:
Support for existing bastion host to be used in provisioning WebLogic server with private subnet is enabled in terraform CLI only. This can be achieved by using the variables:is_bastion_instance_required
,
existing_bastion_instance_id
, and
bastion_ssh_private_key
. For existing WebLogic server subnet,
you will need to open port 22
for bastion IP/subnet CIDR. For a new
WebLogic server subnet we create security list with bastion private IP.