Variables in Terraform Scripts

The variables you need input to the terraform scripts in Oracle WebLogic Server for OKE.

Note:

If you are using a Oracle WebLogic Server for OKE (Release 21.3.2 or earlier), see Terraform Scripts in Oracle WebLogic Server for OKE (Release 21.3.2 or earlier).

The following table lists all the variables in terraform scripts:

Table 1-1 Variables in terraform scripts

Variables	Type	Default Value	Optional	Can be updated?	Description
Authentication Information Note: Use `env_vars_template` to create `env_vars` and source it as: source `./env_vars` before running terraform init.	______	______	______	______	______
`FingerPrint`	String	-	-	Yes	Fingerprint of the OCI API private key.
`Path to private key`	String	-	-	-	Path to the private key that matches the fingerprint.
`Tenancy OCID`	String	-	-	-	OCID of the tenancy in which you want to perform changes.
`User OCID`	String	-	-	-	OCID of the signed in user. That is, your OCID.
WebLogic Server Variables	______	______	______	______	______
`compartment_ocid`	String	-	-	-	OCID of the compartment for WebLogic instances.
`region`	String	-	-	-	Region for provisioning.
`service_name`	String	-	-	-	Prefix for stack resources. The names of all the related compute and network resources begins with the prefix you assign here.
`ssh_public_key`	String	-	-	-	Content of public key for access.
`resource_prefix`	String	-	-	-	Prefix for stack resources. The names of all the related compute and network resources begins with the prefix you assign here.
General	______	______	______	______	______
`create_policies`	Boolean	`true`	Yes	-	Create policies to read Secrets from Vault and manage ATP database (if applicable).
Container Cluster (OKE) Configuration	______	______	______	______	______
`existing_cluster_id`	String	-	-	-	Existing cluster ID value.
`kubernetes_version`	String	Latest Kubernetes version is displayed by default.	Yes	-	Kubernetes version.
`non_wls_node_pool_count`	String	`1`	-	Yes	Count of the non-WebLogic node pool. Note: If you update the node pool count, then the node pool is recreated. If you scale the compute instance and the WebLogic server Operator does not connect to the WebLogic server Persistence store, see Scaling Compute Instances.
`non_wls_node_pool_shape`	String	`VM.Standard2.1`	-	Yes	Shape of the non-WLS node pool.
`pods_cidr`	String	-	Yes	-	CIDR value of the OKE pod.
`services_cidr`	String	-	Yes	-	CIDR value of the services.
`cluster_name`	String	-	-	-	Name of the OKE cluster.
`wls_node_pool_shape`	String	`VM.Standard2.1`	-	Yes	Shape of the worker nodes.
`wls_node_pool_count`	Number	`1`	-	Yes	Number of nodes in the WebLogic node pool. Note: If you update the node pool count, then the node pool is recreated. If you scale the compute instance and the WebLogic server Operator does not connect to the WebLogic server Persistence store, see Scaling Compute Instances.
`use_encryption`	Boolean	`false`	-	-	Indicates if you have enabled encryption by using the master encryption key in Vault. If you do not enable this option, the standard block storage encryption is used for `etcd` read and write and Kubernetes secrets at rest in `etcd` are not encrypted.
`vault_key_ocid`	String	-	-	-	Key OCID for Kubernetes secret encryption.
`use_existing_cluster`	Boolean	`false`	-	-	Indicates if you are using an existing cluster.
`enable_public_cluster_endpoint_config`	Boolean	`false`	-	-	Indicates if you are using a public or private endpoint for the cluster.
Container Cluster (OKE) Administration Instances	______	______	______	______	______
`admin_availability_domain`	String	-	-	-	Name of the availability domain for the administrator instance.
`admin_shape`	String	`VM.Standard.E2.1`	-	-	Shape for administrator instance.
`bastion_shape`	String	`VM.Standard.E2.1`	-	-	Shape for bastion instance.
`assign_admin_public_ip`	Boolean	`false`	-	-	Indicates the admin host have a public IP.
Network Variables	______	______	______	______	______
`network_compartment_id`	String	-	-	-	The network compartment ID.
`existing_vcn_id`	String	-	-	-	OCID of an existing VCN where you want to create the compute instances, network resources, and load balancers.
`existing_lb_subnet_id`	String	-	-	-	OCID of an existing load balancer subnets.
`existing_bastion_subnet_id`	String	-	-	-	OCID for an existing bastion subnet.
`existing_oke_workers_subnet_id`	String	-	-	-	OCID for an OKE worker node subnet.
`existing_oke_endpoint_subnet_id`	String	-	-	-	OCID for an existing cluster private API endpoint subnet.
`existing_admin_subnet_id`	String	-	-	-	OCID for an existing administrator subnet.
`existing_fss_subnet_id`	String	-	-	-	OCID for an existing FSS subnet.
`existing_nat_gw_id`	String	-	Yes	-	OCID for an existing NAT gateway. Note: You need to specify either the NAT gateway (`existing_nat_gw_id`) or service gateway (`existing_service_gw_id`).
`existing_service_gw_id`	String	-	Yes	-	OCID for an existing service gateway. Note: You need to specify either the NAT gateway (`existing_nat_gw_id`) or service gateway (`existing_service_gw_id`).
`is_bastion_instance_required`	Boolean	`true`	Yes	-	Creates bastion for the stack. If `true`, it provisions a bastion compute instance on a public subnet to provide access to the WebLogic server compute instances on a private subnet.
`vcn_cidr`	String	`10.0.0.0/16`	-	-	CIDR block of the VCN.
`lb_subnet_cidr`					CIDR of the load balancer subnet.
`oke_workers_subnet_cidr`					CIDR for an OKE worker node subnet.
`oke_endpoint_subnet_cidr`					CIDR for an existing cluster private API endpoint subnet.
`bastion_subnet_cidr`					CIDR for an existing bastion subnet.
`admin_subnet_cidr`					CIDR for an existing administrator subnet.
`fss_subnet_cidr`					CIDR for an existing FSS subnet.
Load Balancer Variables	______	______	______	______	______
`ingress_lb_shape`	String	`flexible`	-	-	Shape of the ingress load balancer.
`ingress_lb_shape_min`	String	`10 Mbps`	-	Yes	Minimum size of the flexible load balancer shape.
`ingress_lb_shape_max`	String	`100 Mbps`	-	Yes	MAximum size of the flexible load balancer shape.
Shared File System Variables	______	______	______	______	______
`fss_availability_domain`	String	-	-	-	OCID of the availability domain for Shared File System.
`mountTarget_id`	String	-	Yes	-	OCID for the mount target.
`mountTarget_compartment_id`	String	-	Yes	-	OCID of the compartment for the mount target. This variable is required if `mountTarget_id` is updated.
OCIR Variables	______	______	______	______	______
`ocir_user`	String	-	-	-	OCIR user name.
`ocir_auth_token_ocid`	String	-	-	-	OCID token for the OCIR user name.
`ocir_region`	String	-	-	-	The URL to the OCIR.
`ocir_custom_image_repo_name`	String	-	-	-	The OCIR repository to download the existing custom WLS image to create a domain.
Gateway Variables	______	______	______	______	______
`create_nat_gateway`	Boolean	`true`	-	-	Indicates if you want to create a NAT gateway.
`create_service_gateway`	Boolean	`true`			Indicates if you want to create a service gateway.
Security Variables	______	______	______	______	______
`allow_node_port_access`	Boolean	`false`	-	-	Indicates if you want to allow access to NodePorts, when worker nodes are outside the access zone (only applicable for public worker nodes).
`allow_worker_ssh_access`	Boolean	`true`	-	-	Indicates if you want to allow SSH access to worker nodes, for worker nodes in instances in the same VCN.
Verrazzano Variables	______	______	______	______	______
`vz_enabled`	Boolean	`false`	Yes	-	Indicates if you have enabled Verrazzano integration.
`vz_profile`	String	`prod`	-	-	The deployment profile for Verrazzano.
`vz_env_name`	String		-	-	Name of the Verrazzano installation. This name is part of the generated endpoint access URLs.
`vz_customize_dns`	Boolean	`false`	-	-	Indicates if you have enabled to customize DNS configurations for Verrazzano system and application endpoints.
`vz_customize_certificates`	Boolean	`false`	-	-	Indicates if you have enabled to customize SSL certificate generation for Verrazzano system endpoints.
`vz_customize_elastic_search`	Boolean	`false`	-	-	Indicates if you have enabled to customize Elastic Search.
`vz_customize_persistent_storage`	Boolean	`false`	-	-	Indicates if you have enabled to customize Persistent Volumes.
`vz_dns_type`	String	`Wildcard`	-	-	The DNS type.
`vz_wild_card_dns_type`	String	`nip.io`	-	-	The DNS Wildcard type.
`vz_dns_zone_compartment_ocid`	String	-	-	-	The OCI DNS Zone compartment ID.
`vz_dns_zone_ocid`	String	-	-	-	The OCI DNS Zone OCID.
`vz_certificate_type`	String	`Verrazzano self-signed CA`	-	-	The certificate type.
`vz_custom_ca_signing_key_secret_ocid`	String	-	-	-	The custom CA signing key secret OCID.
`vz_custom_ca_cert_secret_ocid`	String	-	-	-	The custom CA Cert secret OCID
`vz_letsencrypt_email`	String	-	-	-	The email ID for LetsEncrypt.
`vz_letsencrypt_env`	String	`production`	-	-	The LetsEncrypt environment type.
`vz_is_system_lb_private`	Boolean	`true`	-	-	The system load balancer visibility type.
`vz_system_lb_shape`	String	`flexible`	-	-	The shape of the system load balancer.
`vz_system_lb_min_bandwidth`	Number	`10`			The minimum bandwidth of the system load balancer.
`vz_system_lb_max_bandwidth`	Number	`10`	-	-	The maximum bandwidth of the system load balancer.
`vz_is_app_lb_private`	Boolean	`false`	-	-	The application load balancer visibility type
`vz_app_lb_shape`	String	`flexible`	-	-	The shape of the application load balancer.
`vz_app_lb_min_bandwidth`	Number	`10`	-	-	The minimum bandwidth of the application load balancer.
`vz_app_lb_max_bandwidth`	Number	`100`	-	-	The maximum bandwidth of the application load balancer.
`vz_es_master_node_replica_count`	Number	`3`	-	-	The number of master node replicas.
`vz_es_master_node_memory`	Number	`1.4`	-	-	The master node memory in GB.
`vz_es_ingest_node_replica_count`	Number	`1`	-	-	The number of ingest node replicas.
`vz_es_ingest_node_memory`	Number	`2.5`	-	-	The Ingest node memory in GB.
`vz_es_data_replica_count`	Number	`2`	-	-	The number of data replicas.
`vz_es_data_replica_memory`	Number	`4.8`	-	-	The data replicate memory in GB.
`vz_es_storage_size`	Number	`50`	-	-	The storage capacity in GB.
`vz_ephemeral_storage`	Boolean	`false`	-	-	Use Ephemeral Storage for Dev profiles only.
`vz_ps_capacity_global`	Number	`50`	-	-	The persistent volume storage capacity for all components in GB.
`vz_ps_capacity_keycloak`	Number	`50`	-	-	The persistent volume storage capacity for Keycloak in GB.
`vz_node_pool_shape`	String	`VM.Standard2.4`	-	-	The shape of worker nodes.
`vz_node_pool_count`	Number	`3`	-	-	The number of nodes in the Verrazzano node pool.

Note:

Support for existing bastion host to be used in provisioning WebLogic server with private subnet is enabled in terraform CLI only. This can be achieved by using the variables: is_bastion_instance_required, existing_bastion_instance_id, and bastion_ssh_private_key. For existing WebLogic server subnet, you will need to open port 22 for bastion IP/subnet CIDR. For a new WebLogic server subnet we create security list with bastion private IP.