Showing preview only (788K chars total). Download the full file or copy to clipboard to get everything.
Repository: oracle-terraform-modules/terraform-oci-oke
Branch: main
Commit: 25ef9a02ada3
Files: 197
Total size: 734.7 KB
Directory structure:
gitextract_s2i9ymxq/
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── Bug_Report.md
│ │ ├── Feature_Request.md
│ │ └── Question.md
│ └── ISSUE_TEMPLATE.md
├── .gitignore
├── CONTRIBUTING.md
├── LICENSE
├── Makefile
├── README.md
├── THIRD_PARTY_LICENSES.txt
├── data-common.tf
├── data-images.tf
├── docs/
│ ├── diagrams.md
│ ├── prerequisites.md
│ ├── quickstart.md
│ └── terraformoptions.md
├── examples/
│ ├── bastion/
│ │ └── README.md
│ ├── cluster/
│ │ └── README.md
│ ├── cluster-addons/
│ │ └── README.md
│ ├── extensions/
│ │ └── README.md
│ ├── iam/
│ │ └── README.md
│ ├── istio-mc/
│ │ ├── README.md
│ │ ├── c1.tf
│ │ ├── c2.tf
│ │ ├── contexts.tf
│ │ ├── istio.tf
│ │ ├── locals.tf
│ │ ├── outputs.tf
│ │ ├── providers.tf
│ │ ├── resources/
│ │ │ └── istio.template.yaml
│ │ ├── scripts/
│ │ │ ├── cloud-init.sh
│ │ │ ├── generate_kubeconfig.template.sh
│ │ │ ├── istioctl.template.sh
│ │ │ ├── kubeconfig_set_credentials.template.sh
│ │ │ ├── set_alias.template.sh
│ │ │ └── token_helper.template.sh
│ │ ├── templates.tf
│ │ ├── terraform.tfvars.example
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── network/
│ │ ├── README.md
│ │ └── vars-network-drg-create.auto.tfvars.example
│ ├── operator/
│ │ └── README.md
│ ├── profiles/
│ │ ├── README.md
│ │ ├── cluster-workers-only/
│ │ │ ├── main.tf
│ │ │ ├── variables.tf
│ │ │ └── versions.tf
│ │ ├── network-cluster-workers/
│ │ │ ├── main.tf
│ │ │ ├── variables.tf
│ │ │ └── versions.tf
│ │ ├── network-only/
│ │ │ ├── main.tf
│ │ │ ├── variables.tf
│ │ │ └── versions.tf
│ │ └── workers-only/
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── provider-basic.tf
│ ├── rms/
│ │ ├── README.md
│ │ ├── oke-cluster-only/
│ │ │ ├── data.tf
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── schema.yaml
│ │ │ ├── variables-cluster.tf
│ │ │ ├── variables-extensions.tf
│ │ │ ├── variables-iam.tf
│ │ │ ├── variables-network.tf
│ │ │ ├── variables-operator.tf
│ │ │ └── versions.tf
│ │ ├── oke-network-only/
│ │ │ ├── data.tf
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── schema.yaml
│ │ │ ├── variables-bastion.tf
│ │ │ ├── variables-iam.tf
│ │ │ ├── variables-network.tf
│ │ │ ├── variables-subnets.tf
│ │ │ └── versions.tf
│ │ └── oke-workers-only/
│ │ ├── data.tf
│ │ ├── main.tf
│ │ ├── output.tf
│ │ ├── schema.yaml
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── utilities/
│ │ └── README.md
│ └── workers/
│ └── README.md
├── migration.tf
├── module-bastion.tf
├── module-cluster-addons.tf
├── module-cluster.tf
├── module-extensions.tf
├── module-iam.tf
├── module-network.tf
├── module-operator.tf
├── module-utilities.tf
├── module-workers.tf
├── modules/
│ ├── bastion/
│ │ ├── README.md
│ │ ├── cloudinit.tf
│ │ ├── compute.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── cluster/
│ │ ├── README.md
│ │ ├── cluster.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── cluster-addons/
│ │ ├── README.md
│ │ ├── addons.tf
│ │ ├── delete_addons.tf
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── extensions/
│ │ ├── README.md
│ │ ├── argocd.tf
│ │ ├── autoscaler.tf
│ │ ├── cilium.tf
│ │ ├── dcgm_exporter.tf
│ │ ├── gatekeeper.tf
│ │ ├── locals.tf
│ │ ├── metricserver.tf
│ │ ├── mpi_operator.tf
│ │ ├── multus.tf
│ │ ├── prometheus.tf
│ │ ├── rdma_cni_plugin.tf
│ │ ├── service_account.tf
│ │ ├── sriov_cni_plugin.tf
│ │ ├── sriov_device_plugin.tf
│ │ ├── variables.tf
│ │ ├── versions.tf
│ │ └── whereabouts.tf
│ ├── iam/
│ │ ├── README.md
│ │ ├── await.tf
│ │ ├── group-autoscaling.tf
│ │ ├── group-cluster.tf
│ │ ├── group-operator.tf
│ │ ├── group-workers.tf
│ │ ├── outputs.tf
│ │ ├── policy.tf
│ │ ├── tagging.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── network/
│ │ ├── README.md
│ │ ├── datasources.tf
│ │ ├── drgs.tf
│ │ ├── locals.tf
│ │ ├── nsg-bastion.tf
│ │ ├── nsg-controlplane.tf
│ │ ├── nsg-fss.tf
│ │ ├── nsg-loadbalancers-int.tf
│ │ ├── nsg-loadbalancers-pub.tf
│ │ ├── nsg-operator.tf
│ │ ├── nsg-pods.tf
│ │ ├── nsg-workers.tf
│ │ ├── rules.tf
│ │ ├── subnets.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── operator/
│ │ ├── README.md
│ │ ├── cloudinit.tf
│ │ ├── compute.tf
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── utilities/
│ │ ├── README.md
│ │ ├── drain.tf
│ │ ├── nodeready.tf
│ │ ├── ocir.tf
│ │ ├── resources/
│ │ │ └── await_node_readiness.tpl.sh
│ │ ├── variables.tf
│ │ └── versions.tf
│ └── workers/
│ ├── README.md
│ ├── cloudinit-oke.sh
│ ├── cloudinit-ubuntu.sh.tftpl
│ ├── cloudinit.tf
│ ├── clusternetworks.tf
│ ├── computecluster.tf
│ ├── data-faultdomains.tf
│ ├── data-shapes.tf
│ ├── gpumemorycluster.tf
│ ├── instance.tf
│ ├── instanceconfig.tf
│ ├── instancepools.tf
│ ├── locals.tf
│ ├── nodepools.tf
│ ├── outputs.tf
│ ├── variables.tf
│ ├── versions.tf
│ └── virtualnodepools.tf
├── variables-bastion.tf
├── variables-cluster-addons.tf
├── variables-cluster.tf
├── variables-common.tf
├── variables-extensions.tf
├── variables-iam.tf
├── variables-network.tf
├── variables-operator.tf
├── variables-utilities.tf
├── variables-workers.tf
└── versions.tf
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/ISSUE_TEMPLATE/Bug_Report.md
================================================
---
name: 🐛 Bug Report
about: If something isn't working as expected 🤔.
labels: bug
---
<!---
Please note the following potential times when an issue might be in Terraform core:
* [Configuration Language](https://www.terraform.io/docs/configuration/index.html) or resource ordering issues
* [State](https://www.terraform.io/docs/state/index.html) and [State Backend](https://www.terraform.io/docs/backends/index.html) issues
* [Provisioner](https://www.terraform.io/docs/provisioners/index.html) issues
* [Registry](https://registry.terraform.io/) issues
* Spans resources across multiple providers
If you are running into one of these scenarios, we recommend opening an issue in the [Terraform core repository](https://github.com/hashicorp/terraform/) instead.
--->
<!--- Please keep this note for the community --->
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request
* Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
* If you are interested in working on this issue or have submitted a pull request, please leave a comment
<!--- Thank you for keeping this note for the community --->
### Terraform Version and Provider Version
<!--- Please run `terraform -v` to show the Terraform core version and provider version(s).
If you are using a local copy of the Terraform Oracle Cloud Infrastructure Provider, run the plugin directly to get the version: `<path-to-plugin>/terraform-provider-oci`
If you are not running the latest version of Terraform or the provider, please upgrade because your issue may have already been fixed. [Terraform documentation on provider versioning](https://www.terraform.io/docs/configuration/providers.html#provider-versions). --->
### Affected Resource(s)
<!--- Please list the affected resources and data sources. For example, "oci_core_vcn". --->
### Terraform Configuration Files
<!--- Information about code formatting: https://help.github.com/articles/basic-writing-and-formatting-syntax/#quoting-code --->
```hcl
# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file.
# Please remove any sensitive information from configuration files before sharing them.
```
### Debug Output
<!---
Please provide a link to a GitHub Gist containing the complete debug output. Please do NOT paste the debug output in the issue; just paste a link to the Gist.
To obtain the debug output, see the [Verbose logging for OCI Terraform Provider](https://www.terraform.io/docs/providers/oci/guides/troubleshooting.html#verbose-logging-for-oci-terraform-provider).
Github Gist: https://gist.github.com/
--->
### Panic Output
<!---
If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the `crash.log`.
Github Gist: https://gist.github.com/
--->
### Expected Behavior
<!--- What should have happened? --->
### Actual Behavior
<!--- What actually happened? --->
### Steps to Reproduce
<!--- Please list the steps required to reproduce the issue. --->
1. `terraform apply`
### Important Factoids
<!--- Is there anything atypical about your environment that we should know? For example: Is the issue specific to a region? --->
### References
<!---
Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests
Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor documentation? For example:
--->
================================================
FILE: .github/ISSUE_TEMPLATE/Feature_Request.md
================================================
---
name: 🚀 Feature Request
about: I have a suggestion (and might want to implement myself 🙂)!
labels: enhancement
---
<!--- Please keep this note for the community --->
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request
* Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
* If you are interested in working on this issue or have submitted a pull request, please leave a comment
<!--- Thank you for keeping this note for the community --->
### Description
<!--- Please leave a helpful description of the feature request here. --->
### New or Affected Resource(s)
<!--- Please list any new or affected resources and data sources that are part of the request. For example: "oci_core_vcn" --->
### Potential Terraform Configuration
<!--- Information about code formatting: https://help.github.com/articles/basic-writing-and-formatting-syntax/#quoting-code --->
```hcl
# Copy-paste any Terraform configurations for how the requested feature may be used.
```
### References
<!---
Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests
Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor blog posts or documentation? For example:
--->
================================================
FILE: .github/ISSUE_TEMPLATE/Question.md
================================================
---
name: 💬 Question
about: Questions regarding the Terraform Oracle Cloud Infrastructure OKE module
labels: question
---
This Github template is intended for questions regarding the Terraform **Oracle Cloud Infrastructure** OKE module.
If you have a support request or question related to core Terraform functionality or the OCI provider, please submit them to one of these resources:
* [Terraform OCI provider](https://github.com/terraform-providers/terraform-provider-oci)
* [Terraform community resources](https://www.terraform.io/docs/extend/community/index.html)
* [HashiCorp support](https://support.hashicorp.com) (Terraform Enterprise customers)
================================================
FILE: .github/ISSUE_TEMPLATE.md
================================================
<!---
Thanks for filing an issue 😄 ! Before you submit, please read the following:
Check the other issue templates if you are trying to submit a bug report, feature request, or question
Search open/closed issues before submitting since someone might have asked the same thing before!
-->
================================================
FILE: .gitignore
================================================
# Local .terraform directories
**/.terraform/*
provider.tf
# .tfstate files
*.tfstate
*.tfstate.*
# .tfvars files
*.tfvars
generated/**
# visual code
**/.vscode/*
**/.metals*
.terraform.lock.hcl
# Generated documentation
docs/book
.idea*
.oca*
================================================
FILE: CONTRIBUTING.md
================================================
# Contributing
Oracle welcomes contributions to this repository from anyone.
If you want to submit a pull request to fix a bug or enhance an existing feature, please first open an issue and link to that issue when you submit your pull request.
If you have any questions about a possible submission, feel free to open an issue too.
## Contributing to the terraform-oci-oke repository
Pull requests can be made under [The Oracle Contributor Agreement](https://oca.opensource.oracle.com/).
For pull requests to be accepted, the bottom of your commit message must have the following line using your name and e-mail address as it appears in the OCA Signatories list.
```
Signed-off-by: Your Name <you@example.org>
```
This can be automatically added to pull requests by committing with:
```
git commit --signoff
```
Only pull requests from committers that can be verified as having
signed the OCA can be accepted.
### Pull request process
1. Fork this repository
1. Create a branch in your fork to implement the changes. We recommend using the issue number as part of your branch name, e.g. `1234-fixes`
1. Ensure that any documentation is updated with the changes that are required by your fix.
1. Ensure that any samples are updated if the base image has been changed.
1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly what your changes are meant to do and provide simple steps on how to validate your changes. Ensure that you reference the issue you created as well. We will assign the pull request to 2-3 people for review before it is merged.
================================================
FILE: LICENSE
================================================
Copyright (c) 2019 Oracle and/or its affiliates.
The Universal Permissive License (UPL), Version 1.0
Subject to the condition set forth below, permission is hereby granted to any
person obtaining a copy of this software, associated documentation and/or data
(collectively the "Software"), free of charge and under any and all copyright
rights in the Software, and any and all patent rights owned or freely
licensable by each licensor hereunder covering either (i) the unmodified
Software as contributed to or provided by such licensor, or (ii) the Larger
Works (as defined below), to deal in both
(a) the Software, and
(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
one is included with the Software (each a "Larger Work" to which the Software
is contributed by such licensors),
without restriction, including without limitation the rights to copy, create
derivative works of, display, perform, and distribute the Software and make,
use, sell, offer for sale, import, export, have made, and have sold the
Software and the Larger Work(s), and to sublicense the foregoing rights on
either these or other terms.
This license is subject to the following condition:
The above copyright notice and either this complete permission notice or at
a minimum a reference to the UPL must be included in all copies or
substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: Makefile
================================================
PROJECT_NAME := "terraform-oci-oke"
SHELL = /usr/bin/env bash -o pipefail
.SHELLFLAGS = -ec
.PHONY: all
all: build
##@ General
.PHONY: help
help: ## Display this help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
.terraform:
terraform init
##@ Usage
.PHONY: plan
plan: .terraform ## Run terraform plan
terraform plan
.PHONY: apply
apply: .terraform ## Run terraform apply
terraform apply
.PHONY: ssh
ssh: ## Print SSH command
terraform output -json | jq -rcM '.output.value.ssh_to_operator'
.PHONY: clean
clean: ## Clear Terraform module cache
rm -rf ./.terraform
##@ Hygiene
.PHONY: fmt
fmt: ## Run terraform fmt
terraform fmt -recursive .
.PHONY: validate
validate: ## Run terraform validate
terraform validate
.PHONY: tflint
tflint: ## Run tflint
tflint --recursive .
================================================
FILE: README.md
================================================
# Terraform OKE for Oracle Cloud Infrastructure
[changelog]: https://github.com/oracle-terraform-modules/terraform-oci-oke/releases
[contributing]: https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/CONTRIBUTING.md
[license]: https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/LICENSE
[canonical_license]: https://oss.oracle.com/licenses/upl/
[oci]: https://cloud.oracle.com/cloud-infrastructure
[oci_documentation]: https://docs.oracle.com/iaas/Content/services.htm
[oke]: https://docs.oracle.com/iaas/Content/ContEng/Concepts/contengoverview.htm
[docs]: https://github.com/oracle-terraform-modules/terraform-oci-oke/tree/main/docs
[prerequisites]: https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/docs/prerequisites.md
[quickstart]: https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/docs/quickstart.md
[diagrams]: https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/docs/diagrams.md
[terraform_options]: https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/docs/terraformoptions.md
[examples]: https://github.com/oracle-terraform-modules/terraform-oci-oke/tree/main/examples
[repo]: https://github.com/oracle-terraform-modules/terraform-oci-oke
[releases]: https://github.com/oracle-terraform-modules/terraform-oci-oke/releases
[terraform]: https://www.terraform.io
[terraform_oci]: https://registry.terraform.io/providers/oracle/oci/latest
[terraform_oci_examples]: https://github.com/oracle/terraform-provider-oci/tree/master/examples
[terraform_guides_examples]: https://github.com/hashicorp/terraform-guides/tree/master/infrastructure-as-code/terraform-0.12-examples
[terraform_oci_bastion]: https://github.com/oracle-terraform-modules/terraform-oci-bastion
[terraform_oci_operator]: https://github.com/oracle-terraform-modules/terraform-oci-operator
[terraform_oci_vcn]: https://github.com/oracle-terraform-modules/terraform-oci-vcn
The [Terraform OKE Module][repo] for [Oracle Cloud Infrastructure][oci] (OCI) provides a [Terraform][terraform] module that provisions an [OCI Kubernetes Engine (OKE)][oke] cluster with supporting infrastructure.
It creates the following resources:
* A Virtual Cloud Network (VCN) with public and private subnets, network security groups, and gateways (internet, NAT, service, DRG)
* An OKE cluster (basic or enhanced) with configurable CNI, Kubernetes version, and OIDC authentication
* Worker node pools in various modes: OKE-managed node pools, virtual node pools, self-managed instances, instance pools, cluster networks, and compute clusters
* A bastion host for SSH access into the VCN
* An operator host for cluster management with kubectl, Helm, and optional tools (k9s, istioctl, stern, k8sgpt)
* IAM dynamic groups, policies, and optional tag namespaces
* Kubernetes extensions deployed via Helm or YAML manifests
The module outputs the OKE cluster ID, endpoints, bastion and operator SSH commands, and network resource IDs. Detailed outputs such as kubeconfig are available when `output_detail = true`.
## Topology
The default deployment creates a VCN with the following subnets:
| Subnet | Purpose | Access |
|--------|---------|--------|
| bastion | Bastion host | Public |
| operator | Operator host | Private |
| cp | Kubernetes control plane | Private (or public) |
| workers | Worker nodes | Private |
| pods | Pod network (NPN CNI) | Private |
| int_lb | Internal load balancers | Private |
| pub_lb | Public load balancers | Public |
## Worker Modes
The module supports multiple worker management modes:
| Mode | Description | Use Case |
|------|-------------|----------|
| `node-pool` | OKE-managed node pools | General purpose workloads |
| `virtual-node-pool` | OKE-managed virtual nodes | Serverless, burstable workloads |
| `instance` | Self-managed compute instances | Custom node configuration |
| `instance-pool` | Self-managed instance pools | Scalable self-managed nodes |
| `cluster-network` | Self-managed cluster networks | HPC/GPU with RDMA networking |
| `compute-cluster` | Shared compute clusters | Multi-nodepool HPC clusters |
## Extensions
The module can deploy the following Kubernetes extensions:
| Extension | Method | Purpose |
|-----------|--------|---------|
| Cilium | Helm | eBPF-based networking, security, and observability |
| Multus | Daemonset | Multi-network pod interfaces |
| SR-IOV Device Plugin | Daemonset | SR-IOV network device advertisement |
| SR-IOV CNI Plugin | Daemonset | SR-IOV network connections |
| RDMA CNI Plugin | Daemonset | RDMA network connections |
| Whereabouts | Daemonset | IP address management for Multus |
| Metrics Server | Helm | Kubernetes metrics API |
| Cluster Autoscaler | Helm | Automatic node pool scaling |
| Prometheus | Helm | Monitoring and alerting |
| DCGM Exporter | Helm | GPU metrics for NVIDIA GPUs |
| Gatekeeper | Helm | OPA policy enforcement |
| MPI Operator | Manifest | MPI/NCCL distributed training jobs |
| ArgoCD | Helm | GitOps continuous delivery |
## [Documentation][docs]
- [Prerequisites][prerequisites]
- [Quickstart][quickstart]
- [Diagrams][diagrams]
- [Terraform Options][terraform_options]
- [Examples][examples]
## Related Documentation
- [Oracle Cloud Infrastructure Documentation][oci_documentation]
- [Terraform OCI Provider Documentation][terraform_oci]
- [OCI Kubernetes Engine Documentation][oke]
- [Terraform OCI Bastion Module][terraform_oci_bastion]
## Acknowledgement
Code derived and adapted from [Terraform OCI Examples][terraform_oci_examples] and HashiCorp's [Terraform 0.12 examples][terraform_guides_examples].
## Contributing
Learn how to [contribute][contributing].
## License
Copyright (c) 2017, 2025 Oracle Corporation and/or its affiliates. Licensed under the [Universal Permissive License 1.0][license] as shown at [https://oss.oracle.com/licenses/upl][canonical_license].
================================================
FILE: THIRD_PARTY_LICENSES.txt
================================================
github.com/open-policy-agent/gatekeeper
-------- Copyrights
Copyright 2018-2020 The Gatekeeper Authors
Copyright 2018 The Kubernetes Authors.
Copyright (c) 2015 Paxton Hare
Copyright 2019 The Kubernetes Authors.
-------- Notices
Gatekeeper
Copyright 2018-2020 The Gatekeeper Authors
This product includes modified code from the following projects,
as denoted by notifications in the source code headers:
controller-runtime
https://sigs.k8s.io/controller-runtime
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0
-------- License
SPDX:Apache-2.0
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
----------------------- Dependencies Grouped by License ------------
-------- Dependency
github.com/PuerkitoBio/purell
-------- Copyrights
Copyright (c) 2012, Martin Angers
-------- Dependencies Summary
github.com/PuerkitoBio/purell
-------- License used by Dependencies
Copyright (c) 2012, Martin Angers
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
* Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
----------------------- Dependencies Grouped by License ------------
-------- Dependency
github.com/evanphx/json-patch
-------- Copyrights
Copyright (c) 2014, Evan Phoenix
-------- Dependencies Summary
github.com/evanphx/json-patch
-------- License used by Dependencies
Copyright (c) 2014, Evan Phoenix
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the Evan Phoenix nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
----------------------- Dependencies Grouped by License ------------
-------- Dependency
github.com/pkg/errors
-------- Copyrights
Copyright (c) 2015, Dave Cheney <dave@cheney.net>
-------- Dependencies Summary
github.com/pkg/errors
-------- License used by Dependencies
Copyright (c) 2015, Dave Cheney <dave@cheney.net>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
----------------------- Dependencies Grouped by License ------------
-------- Dependency
github.com/rcrowley/go-metrics
-------- Copyrights
Copyright 2012 Richard Crowley. All rights reserved.
-------- Dependencies Summary
github.com/rcrowley/go-metrics
-------- License used by Dependencies
Copyright 2012 Richard Crowley. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
THIS SOFTWARE IS PROVIDED BY RICHARD CROWLEY ``AS IS'' AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL RICHARD CROWLEY OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.
The views and conclusions contained in the software and documentation
are those of the authors and should not be interpreted as representing
official policies, either expressed or implied, of Richard Crowley.
----------------------- Dependencies Grouped by License ------------
-------- Dependency
github.com/hashicorp/golang-lru
-------- Copyrights
-------- Dependencies Summary
github.com/hashicorp/golang-lru
-------- License used by Dependencies
Mozilla Public License, version 2.0
1. Definitions
1.1. "Contributor"
means each individual or legal entity that creates, contributes to the
creation of, or owns Covered Software.
1.2. "Contributor Version"
means the combination of the Contributions of others (if any) used by a
Contributor and that particular Contributor's Contribution.
1.3. "Contribution"
means Covered Software of a particular Contributor.
1.4. "Covered Software"
means Source Code Form to which the initial Contributor has attached the
notice in Exhibit A, the Executable Form of such Source Code Form, and
Modifications of such Source Code Form, in each case including portions
thereof.
1.5. "Incompatible With Secondary Licenses"
means
a. that the initial Contributor has attached the notice described in
Exhibit B to the Covered Software; or
b. that the Covered Software was made available under the terms of
version 1.1 or earlier of the License, but not also under the terms of
a Secondary License.
1.6. "Executable Form"
means any form of the work other than Source Code Form.
1.7. "Larger Work"
means a work that combines Covered Software with other material, in a
separate file or files, that is not Covered Software.
1.8. "License"
means this document.
1.9. "Licensable"
means having the right to grant, to the maximum extent possible, whether
at the time of the initial grant or subsequently, any and all of the
rights conveyed by this License.
1.10. "Modifications"
means any of the following:
a. any file in Source Code Form that results from an addition to,
deletion from, or modification of the contents of Covered Software; or
b. any new file in Source Code Form that contains any Covered Software.
1.11. "Patent Claims" of a Contributor
means any patent claim(s), including without limitation, method,
process, and apparatus claims, in any patent Licensable by such
Contributor that would be infringed, but for the grant of the License,
by the making, using, selling, offering for sale, having made, import,
or transfer of either its Contributions or its Contributor Version.
1.12. "Secondary License"
means either the GNU General Public License, Version 2.0, the GNU Lesser
General Public License, Version 2.1, the GNU Affero General Public
License, Version 3.0, or any later versions of those licenses.
1.13. "Source Code Form"
means the form of the work preferred for making modifications.
1.14. "You" (or "Your")
means an individual or a legal entity exercising rights under this
License. For legal entities, "You" includes any entity that controls, is
controlled by, or is under common control with You. For purposes of this
definition, "control" means (a) the power, direct or indirect, to cause
the direction or management of such entity, whether by contract or
otherwise, or (b) ownership of more than fifty percent (50%) of the
outstanding shares or beneficial ownership of such entity.
2. License Grants and Conditions
2.1. Grants
Each Contributor hereby grants You a world-wide, royalty-free,
non-exclusive license:
a. under intellectual property rights (other than patent or trademark)
Licensable by such Contributor to use, reproduce, make available,
modify, display, perform, distribute, and otherwise exploit its
Contributions, either on an unmodified basis, with Modifications, or
as part of a Larger Work; and
b. under Patent Claims of such Contributor to make, use, sell, offer for
sale, have made, import, and otherwise transfer either its
Contributions or its Contributor Version.
2.2. Effective Date
The licenses granted in Section 2.1 with respect to any Contribution
become effective for each Contribution on the date the Contributor first
distributes such Contribution.
2.3. Limitations on Grant Scope
The licenses granted in this Section 2 are the only rights granted under
this License. No additional rights or licenses will be implied from the
distribution or licensing of Covered Software under this License.
Notwithstanding Section 2.1(b) above, no patent license is granted by a
Contributor:
a. for any code that a Contributor has removed from Covered Software; or
b. for infringements caused by: (i) Your and any other third party's
modifications of Covered Software, or (ii) the combination of its
Contributions with other software (except as part of its Contributor
Version); or
c. under Patent Claims infringed by Covered Software in the absence of
its Contributions.
This License does not grant any rights in the trademarks, service marks,
or logos of any Contributor (except as may be necessary to comply with
the notice requirements in Section 3.4).
2.4. Subsequent Licenses
No Contributor makes additional grants as a result of Your choice to
distribute the Covered Software under a subsequent version of this
License (see Section 10.2) or under the terms of a Secondary License (if
permitted under the terms of Section 3.3).
2.5. Representation
Each Contributor represents that the Contributor believes its
Contributions are its original creation(s) or it has sufficient rights to
grant the rights to its Contributions conveyed by this License.
2.6. Fair Use
This License is not intended to limit any rights You have under
applicable copyright doctrines of fair use, fair dealing, or other
equivalents.
2.7. Conditions
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
Section 2.1.
3. Responsibilities
3.1. Distribution of Source Form
All distribution of Covered Software in Source Code Form, including any
Modifications that You create or to which You contribute, must be under
the terms of this License. You must inform recipients that the Source
Code Form of the Covered Software is governed by the terms of this
License, and how they can obtain a copy of this License. You may not
attempt to alter or restrict the recipients' rights in the Source Code
Form.
3.2. Distribution of Executable Form
If You distribute Covered Software in Executable Form then:
a. such Covered Software must also be made available in Source Code Form,
as described in Section 3.1, and You must inform recipients of the
Executable Form how they can obtain a copy of such Source Code Form by
reasonable means in a timely manner, at a charge no more than the cost
of distribution to the recipient; and
b. You may distribute such Executable Form under the terms of this
License, or sublicense it under different terms, provided that the
license for the Executable Form does not attempt to limit or alter the
recipients' rights in the Source Code Form under this License.
3.3. Distribution of a Larger Work
You may create and distribute a Larger Work under terms of Your choice,
provided that You also comply with the requirements of this License for
the Covered Software. If the Larger Work is a combination of Covered
Software with a work governed by one or more Secondary Licenses, and the
Covered Software is not Incompatible With Secondary Licenses, this
License permits You to additionally distribute such Covered Software
under the terms of such Secondary License(s), so that the recipient of
the Larger Work may, at their option, further distribute the Covered
Software under the terms of either this License or such Secondary
License(s).
3.4. Notices
You may not remove or alter the substance of any license notices
(including copyright notices, patent notices, disclaimers of warranty, or
limitations of liability) contained within the Source Code Form of the
Covered Software, except that You may alter any license notices to the
extent required to remedy known factual inaccuracies.
3.5. Application of Additional Terms
You may choose to offer, and to charge a fee for, warranty, support,
indemnity or liability obligations to one or more recipients of Covered
Software. However, You may do so only on Your own behalf, and not on
behalf of any Contributor. You must make it absolutely clear that any
such warranty, support, indemnity, or liability obligation is offered by
You alone, and You hereby agree to indemnify every Contributor for any
liability incurred by such Contributor as a result of warranty, support,
indemnity or liability terms You offer. You may include additional
disclaimers of warranty and limitations of liability specific to any
jurisdiction.
4. Inability to Comply Due to Statute or Regulation
If it is impossible for You to comply with any of the terms of this License
with respect to some or all of the Covered Software due to statute,
judicial order, or regulation then You must: (a) comply with the terms of
this License to the maximum extent possible; and (b) describe the
limitations and the code they affect. Such description must be placed in a
text file included with all distributions of the Covered Software under
this License. Except to the extent prohibited by statute or regulation,
such description must be sufficiently detailed for a recipient of ordinary
skill to be able to understand it.
5. Termination
5.1. The rights granted under this License will terminate automatically if You
fail to comply with any of its terms. However, if You become compliant,
then the rights granted under this License from a particular Contributor
are reinstated (a) provisionally, unless and until such Contributor
explicitly and finally terminates Your grants, and (b) on an ongoing
basis, if such Contributor fails to notify You of the non-compliance by
some reasonable means prior to 60 days after You have come back into
compliance. Moreover, Your grants from a particular Contributor are
reinstated on an ongoing basis if such Contributor notifies You of the
non-compliance by some reasonable means, this is the first time You have
received notice of non-compliance with this License from such
Contributor, and You become compliant prior to 30 days after Your receipt
of the notice.
5.2. If You initiate litigation against any entity by asserting a patent
infringement claim (excluding declaratory judgment actions,
counter-claims, and cross-claims) alleging that a Contributor Version
directly or indirectly infringes any patent, then the rights granted to
You by any and all Contributors for the Covered Software under Section
2.1 of this License shall terminate.
5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
license agreements (excluding distributors and resellers) which have been
validly granted by You or Your distributors under this License prior to
termination shall survive termination.
6. Disclaimer of Warranty
Covered Software is provided under this License on an "as is" basis,
without warranty of any kind, either expressed, implied, or statutory,
including, without limitation, warranties that the Covered Software is free
of defects, merchantable, fit for a particular purpose or non-infringing.
The entire risk as to the quality and performance of the Covered Software
is with You. Should any Covered Software prove defective in any respect,
You (not any Contributor) assume the cost of any necessary servicing,
repair, or correction. This disclaimer of warranty constitutes an essential
part of this License. No use of any Covered Software is authorized under
this License except under this disclaimer.
7. Limitation of Liability
Under no circumstances and under no legal theory, whether tort (including
negligence), contract, or otherwise, shall any Contributor, or anyone who
distributes Covered Software as permitted above, be liable to You for any
direct, indirect, special, incidental, or consequential damages of any
character including, without limitation, damages for lost profits, loss of
goodwill, work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses, even if such party shall have been
informed of the possibility of such damages. This limitation of liability
shall not apply to liability for death or personal injury resulting from
such party's negligence to the extent applicable law prohibits such
limitation. Some jurisdictions do not allow the exclusion or limitation of
incidental or consequential damages, so this exclusion and limitation may
not apply to You.
8. Litigation
Any litigation relating to this License may be brought only in the courts
of a jurisdiction where the defendant maintains its principal place of
business and such litigation shall be governed by laws of that
jurisdiction, without reference to its conflict-of-law provisions. Nothing
in this Section shall prevent a party's ability to bring cross-claims or
counter-claims.
9. Miscellaneous
This License represents the complete agreement concerning the subject
matter hereof. If any provision of this License is held to be
unenforceable, such provision shall be reformed only to the extent
necessary to make it enforceable. Any law or regulation which provides that
the language of a contract shall be construed against the drafter shall not
be used to construe this License against a Contributor.
10. Versions of the License
10.1. New Versions
Mozilla Foundation is the license steward. Except as provided in Section
10.3, no one other than the license steward has the right to modify or
publish new versions of this License. Each version will be given a
distinguishing version number.
10.2. Effect of New Versions
You may distribute the Covered Software under the terms of the version
of the License under which You originally received the Covered Software,
or under the terms of any subsequent version published by the license
steward.
10.3. Modified Versions
If you create software not governed by this License, and you want to
create a new license for such software, you may create and use a
modified version of this License if you rename the license and remove
any references to the name of the license steward (except to note that
such modified license differs from this License).
10.4. Distributing Source Code Form that is Incompatible With Secondary
Licenses If You choose to distribute Source Code Form that is
Incompatible With Secondary Licenses under the terms of this version of
the License, the notice described in Exhibit B of this License must be
attached.
Exhibit A - Source Code Form License Notice
This Source Code Form is subject to the
terms of the Mozilla Public License, v.
2.0. If a copy of the MPL was not
distributed with this file, You can
obtain one at
http://mozilla.org/MPL/2.0/.
If it is not possible or desirable to put the notice in a particular file,
then You may include the notice in a location (such as a LICENSE file in a
relevant directory) where a recipient would be likely to look for such a
notice.
You may add additional accurate notices of copyright ownership.
Exhibit B - "Incompatible With Secondary Licenses" Notice
This Source Code Form is "Incompatible
With Secondary Licenses", as defined by
the Mozilla Public License, v. 2.0.
----------------------- Dependencies Grouped by License ------------
-------- Dependency
cloud.google.com/go
-------- Copyrights
Copyright 2020 Google LLC
Copyright 2019 Google LLC
Copyright 2016 Google LLC
Copyright (c) 1996-1998 John D. Polstra. All rights reserved.
Copyright (c) 2001 David E. O'Brien
Portions Copyright 2018 Google LLC.
Copyright 2018 Google LLC
Copyright 2014 Google LLC
Copyright 2017 Google LLC
Copyright 2018 Google Inc. All Rights Reserved.
Copyright 2020, Google LLC
Copyright 2017, Google LLC
-------- Dependency
contrib.go.opencensus.io/exporter/prometheus
-------- Copyrights
Copyright 2017, OpenCensus Authors
Copyright 2018, OpenCensus Authors
-------- Dependency
github.com/OneOfOne/xxhash
-------- Copyrights
The C implementation is ([Copyright](https://github.com/Cyan4973/xxHash/blob/master/LICENSE) (c) 2012-2014, Yann Collet)
-------- Dependency
github.com/go-logr/logr
-------- Copyrights
Copyright 2020 The logr Authors.
Copyright 2019 The logr Authors.
Copyright 2021 The logr Authors.
-------- Dependency
github.com/go-logr/zapr
-------- Copyrights
Copyright 2019 The logr Authors.
Copyright 2018 Solly Ross
-------- Dependency
github.com/go-openapi/jsonpointer
-------- Copyrights
Copyright 2013 sigu-399 ( https://github.com/sigu-399 )
-------- Dependency
github.com/go-openapi/jsonreference
-------- Copyrights
Copyright 2013 sigu-399 ( https://github.com/sigu-399 )
-------- Dependency
github.com/go-openapi/spec
-------- Copyrights
Copyright 2015 go-swagger maintainers
Copyright 2017 go-swagger maintainers
-------- Dependency
github.com/go-openapi/swag
-------- Copyrights
Copyright 2015 go-swagger maintainers
-------- Dependency
github.com/golang/glog
-------- Copyrights
Copyright 2013 Google Inc. All Rights Reserved.
-------- Dependency
github.com/golang/groupcache
-------- Copyrights
Copyright 2012 Google Inc.
Copyright 2013 Google Inc.
-------- Dependency
github.com/google/gofuzz
-------- Copyrights
Copyright 2014 Google Inc. All rights reserved.
-------- Dependency
github.com/googleapis/gnostic
-------- Copyrights
Copyright 2017-2020, Google LLC.
Copyright 2019 Google LLC. All Rights Reserved.
Copyright 2020 Google LLC. All Rights Reserved.
Copyright 2017 Google LLC. All Rights Reserved.
Copyright 2018 Google LLC. All Rights Reserved.
Copyright 2020 Google LLC. All Rights Reserved.\n" +
-------- Dependency
github.com/matttproud/golang_protobuf_extensions
-------- Copyrights
Copyright 2012 Matt T. Proud (matt.proud@gmail.com)
Copyright 2013 Matt T. Proud
Copyright 2016 Matt T. Proud
-------- Notices
Copyright 2012 Matt T. Proud (matt.proud@gmail.com)
-------- Dependency
github.com/modern-go/concurrent
-------- Copyrights
-------- Dependency
github.com/modern-go/reflect2
-------- Copyrights
-------- Dependency
github.com/open-policy-agent/cert-controller
-------- Copyrights
Copyright 2018-2020 The Gatekeeper Authors
-------- Notices
cert-controller
Copyright 2018-2020 The Gatekeeper Authors
-------- Dependency
github.com/open-policy-agent/frameworks/constraint
-------- Copyrights
Copyright 2017 The OPA Authors. All rights reserved.
Copyright 2018 The OPA Authors. All rights reserved.
-------- Dependency
github.com/open-policy-agent/opa
-------- Copyrights
Copyright 2016 The OPA Authors. All rights reserved.
Copyright 2017 The OPA Authors. All rights reserved.
Copyright 2020 The OPA Authors. All rights reserved.
Copyright 2019 The OPA Authors. All rights reserved.
Copyright 2018 The OPA Authors. All rights reserved.
Copyright 2021 The OPA Authors. All rights reserved.
Copyright (c) 2019 Jeremy Thomas
Code copyright 2019 Jeremy Thomas. Code released under [the MIT license](https://github.com/jgthms/bulma/blob/master/LICENSE).
Copyright 2017-2020 Authors of Cilium
_, err := out.Write([]byte(`// Copyright 2018 The OPA Authors. All rights reserved.
Copyright 2015 xeipuuv
Copyright 2018 johandorland ( https://github.com/johandorland )
Copyright 2015 xeipuuv ( https://github.com/xeipuuv )
Copyright 2013 MongoDB, Inc.
Copyright 2017 johandorland ( https://github.com/johandorland )
Copyright (c) 2015 lestrrat
Copyright 2011 The Go Authors. All rights reserved.
Copyright 2013-2015 CoreOS, Inc.
Copyright The Helm Authors.
Copyright 2012 The Gorilla Authors. All rights reserved.
Copyright (c) 2012 Rodrigo Moraes. All rights reserved.
Copyright 2021 icza
-------- Dependency
github.com/prometheus/client_golang
-------- Copyrights
Copyright 2018 The Prometheus Authors
Copyright 2012-2015 The Prometheus Authors
Copyright 2013-2015 Blake Mizerany, Björn Rabenstein
Copyright 2010 The Go Authors
Copyright 2013 Matt T. Proud
Copyright 2015 The Prometheus Authors
Copyright 2017 The Prometheus Authors
Copyright 2019 The Prometheus Authors
Copyright 2014 The Prometheus Authors
Copyright 2021 The Prometheus Authors
Copyright 2016 The Prometheus Authors
Copyright 2020 The Prometheus Authors
Copyright (c) 2013, The Prometheus Authors
-------- Notices
Prometheus instrumentation library for Go applications
Copyright 2012-2015 The Prometheus Authors
This product includes software developed at
SoundCloud Ltd. (http://soundcloud.com/).
The following components are included in this product:
perks - a fork of https://github.com/bmizerany/perks
https://github.com/beorn7/perks
Copyright 2013-2015 Blake Mizerany, Björn Rabenstein
See https://github.com/beorn7/perks/blob/master/README.md for license details.
Go support for Protocol Buffers - Google's data interchange format
http://github.com/golang/protobuf/
Copyright 2010 The Go Authors
See source code for license details.
Support for streaming Protocol Buffer messages for the Go language (golang).
https://github.com/matttproud/golang_protobuf_extensions
Copyright 2013 Matt T. Proud
Licensed under the Apache License, Version 2.0
-------- Dependency
github.com/prometheus/client_model
-------- Copyrights
Copyright 2013 Prometheus Team
Copyright 2012-2015 The Prometheus Authors
-------- Notices
Data model artifacts for Prometheus.
Copyright 2012-2015 The Prometheus Authors
This product includes software developed at
SoundCloud Ltd. (http://soundcloud.com/).
-------- Dependency
github.com/prometheus/common
-------- Copyrights
Copyright 2018 The Prometheus Authors
Copyright 2015 The Prometheus Authors
Copyright 2016 The Prometheus Authors
Copyright 2021 The Prometheus Authors
Copyright 2014 The Prometheus Authors
Copyright 2020 The Prometheus Authors
Copyright (c) 2011, Open Knowledge Foundation Ltd.
Copyright 2013 The Prometheus Authors
Copyright 2019 The Prometheus Authors
Copyright 2017 The Prometheus Authors
-------- Notices
Common libraries shared by Prometheus Go components.
Copyright 2015 The Prometheus Authors
This product includes software developed at
SoundCloud Ltd. (http://soundcloud.com/).
-------- Dependency
github.com/prometheus/procfs
-------- Copyrights
Copyright 2018 The Prometheus Authors
Copyright 2014-2015 The Prometheus Authors
Copyright 2019 The Prometheus Authors
Copyright 2017 The Prometheus Authors
Copyright 2021 The Prometheus Authors
Copyright 2020 The Prometheus Authors
Copyright 2014 Prometheus Team
Copyright 2017 Prometheus Team
-------- Notices
procfs provides functions to retrieve system, kernel and process
metrics from the pseudo-filesystem proc.
Copyright 2014-2015 The Prometheus Authors
This product includes software developed at
SoundCloud Ltd. (http://soundcloud.com/).
-------- Dependency
github.com/prometheus/statsd_exporter
-------- Copyrights
Copyright 2013 The Prometheus Authors
Copyright 2018 The Prometheus Authors
Copyright 2013-2015 The Prometheus Authors
Copyright 2020 The Prometheus Authors
Copyright 2019 The Prometheus Authors
Copyright 2021 The Prometheus Authors
-------- Notices
StatsD-to-Prometheus exporter
Copyright 2013-2015 The Prometheus Authors
This product includes software developed at
SoundCloud Ltd. (http://soundcloud.com/).
-------- Dependency
github.com/spf13/cobra
-------- Copyrights
Copyright © 2020 Steve Francia <spf@spf13.com>
Copyright © 2015 Steve Francia <spf@spf13.com>.
Copyright: copyrightLine(),
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
11 of the WIPO copyright treaty adopted on 20 December 1996, or
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
Copyright string
copyright": copyrightLine(),
Copyright © 2013 Steve Francia <spf@spf13.com>.
Copyright 2015 Red Hat Inc. All rights reserved.
Copyright 2016 French Ben. All rights reserved.
-------- Dependency
github.com/xeipuuv/gojsonpointer
-------- Copyrights
Copyright 2015 xeipuuv
Copyright 2015 xeipuuv ( https://github.com/xeipuuv )
-------- Dependency
github.com/xeipuuv/gojsonreference
-------- Copyrights
Copyright 2015 xeipuuv
Copyright 2015 xeipuuv ( https://github.com/xeipuuv )
-------- Dependency
github.com/yashtewari/glob-intersection
-------- Copyrights
-------- Dependency
go.opencensus.io
-------- Copyrights
Copyright 2019, OpenCensus Authors
Copyright 2017, OpenCensus Authors
Copyright 2018, OpenCensus Authors
Copyright 2020, OpenCensus Authors
-------- Dependency
gomodules.xyz/jsonpatch/v2
-------- Copyrights
-------- Dependency
google.golang.org/genproto
-------- Copyrights
Copyright 2020 Google LLC.
Copyright 2020 Google LLC
Copyright 2019 Google LLC.
Copyright (c) 2015, Google Inc.
Copyright 2016 Google Inc.
Copyright 2017 Google Inc.
Copyright 2018 Google Inc.
Copyright 2018 Google LLC
Copyright 2018 The Grafeas Authors. All rights reserved.
Copyright 2019 Google LLC
-------- Dependency
google.golang.org/grpc
-------- Copyrights
Copyright 2019 gRPC authors.
Copyright 2017 gRPC authors.
Copyright 2015 The gRPC Authors
Copyright 2016 gRPC authors.
Copyright 2018 gRPC authors.
Copyright 2020 gRPC authors.
Copyright 2020 The gRPC Authors
Copyright 2014 gRPC authors.
Copyright 2018 The gRPC Authors
Copyright 2015 gRPC authors.
Copyright 2019 Istio Authors. All Rights Reserved.
Copyright 2016 The gRPC Authors
Copyright 2015-2016 gRPC authors.
-------- Dependency
gopkg.in/yaml.v2
-------- Copyrights
Copyright (c) 2006 Kirill Simonov
Copyright 2011-2016 Canonical Ltd.
-------- Notices
Copyright 2011-2016 Canonical Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-------- Dependency
k8s.io/api
-------- Copyrights
Copyright 2019 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Copyright 2017 The Kubernetes Authors.
Copyright 2016 The Kubernetes Authors.
Copyright 2015 The Kubernetes Authors.
Copyright 2018 The Kubernetes Authors.
Copyright 2020 The Kubernetes Authors.
-------- Dependency
k8s.io/apiextensions-apiserver
-------- Copyrights
Copyright 2019 The Kubernetes Authors.
Copyright 2017 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Copyright 2018 The Kubernetes Authors.
Copyright 2020 The Kubernetes Authors.
Copyright 2016 The Kubernetes Authors.
-------- Dependency
k8s.io/apimachinery
-------- Copyrights
Copyright 2017 The Kubernetes Authors.
Copyright 2019 The Kubernetes Authors.
Copyright 2014 The Kubernetes Authors.
Copyright 2020 The Kubernetes Authors.
Copyright 2015 The Kubernetes Authors.
Copyright 2016 The Kubernetes Authors.
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Copyright 2013 The Go Authors. All rights reserved.
Copyright 2009 The Go Authors. All rights reserved.
-------- Dependency
k8s.io/apiserver
-------- Copyrights
Copyright 2014 The Kubernetes Authors.
Copyright 2018 The Kubernetes Authors.
Copyright 2015 The Kubernetes Authors.
Copyright 2017 The Kubernetes Authors.
Copyright 2020 The Kubernetes Authors.
Copyright 2016 The Kubernetes Authors.
Copyright 2019 The Kubernetes Authors.
Copyright The Kubernetes Authors.
-------- Dependency
k8s.io/client-go
-------- Copyrights
Copyright 2016 The Kubernetes Authors.
Copyright 2017 The Kubernetes Authors.
Copyright 2019 The Kubernetes Authors.
Copyright 2015 The Kubernetes Authors.
Copyright 2014 The Kubernetes Authors.
Copyright 2018 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Copyright 2020 The Kubernetes Authors.
-------- Dependency
k8s.io/component-base
-------- Copyrights
Copyright 2017 The Kubernetes Authors.
Copyright 2020 The Kubernetes Authors.
Copyright 2014 The Kubernetes Authors.
Copyright 2016 The Kubernetes Authors.
Copyright 2018 The Kubernetes Authors.
Copyright 2019 The Kubernetes Authors.
Copyright The Kubernetes Authors.
Copyright 2015 The Kubernetes Authors.
-------- Dependency
k8s.io/klog/v2
-------- Copyrights
Copyright 2013 Google Inc. All Rights Reserved.
Copyright 2020 The Kubernetes Authors.
-------- Dependency
k8s.io/kube-openapi
-------- Copyrights
Copyright The Kubernetes Authors.
Copyright 2018 The Kubernetes Authors.
Copyright 2017 The Kubernetes Authors.
Copyright 2019 The Kubernetes Authors.
Copyright 2016 The Kubernetes Authors.
Copyright 2020 The Kubernetes Authors.
Copyright 2015 go-swagger maintainers
Copyright (C) MongoDB, Inc. 2017-present.
Copyright 2017 go-swagger maintainers
-------- Dependency
k8s.io/utils
-------- Copyrights
Copyright 2018 The Kubernetes Authors.
Copyright 2017 The Kubernetes Authors.
Copyright 2014 The Kubernetes Authors.
Copyright 2015 The Kubernetes Authors.
Copyright 2016 The Kubernetes Authors.
Copyright 2020 The Kubernetes Authors.
Copyright 2019 The Kubernetes Authors.
Copyright (c) 2009 The Go Authors. All rights reserved.
Copyright 2010 The Go Authors. All rights reserved.
Copyright (c) 2012 The Go Authors. All rights reserved.
Copyright 2009 The Go Authors. All rights reserved.
-------- Dependency
sigs.k8s.io/apiserver-network-proxy/konnectivity-client
-------- Copyrights
Copyright 2019 The Kubernetes Authors.
Copyright The Kubernetes Authors.
-------- Dependency
sigs.k8s.io/controller-runtime
-------- Copyrights
Copyright 2020 The Kubernetes Authors.
Copyright 2018 The Kubernetes Authors.
Copyright 2019 The Kubernetes Authors.
Copyright 2018 The Kubernetes authors.
Copyright 2017 The Kubernetes Authors.
Copyright 2016 The Kubernetes Authors.
Copyright 2014 The Kubernetes Authors.
-------- Dependency
sigs.k8s.io/structured-merge-diff/v4
-------- Copyrights
Copyright 2018 The Kubernetes Authors.
Copyright 2019 The Kubernetes Authors.
Copyright 2020 The Kubernetes Authors.
-------- Dependencies Summary
cloud.google.com/go
contrib.go.opencensus.io/exporter/prometheus
github.com/OneOfOne/xxhash
github.com/go-logr/logr
github.com/go-logr/zapr
github.com/go-openapi/jsonpointer
github.com/go-openapi/jsonreference
github.com/go-openapi/spec
github.com/go-openapi/swag
github.com/golang/glog
github.com/golang/groupcache
github.com/google/gofuzz
github.com/googleapis/gnostic
github.com/matttproud/golang_protobuf_extensions
github.com/modern-go/concurrent
github.com/modern-go/reflect2
github.com/open-policy-agent/cert-controller
github.com/open-policy-agent/frameworks/constraint
github.com/open-policy-agent/opa
github.com/prometheus/client_golang
github.com/prometheus/client_model
github.com/prometheus/common
github.com/prometheus/procfs
github.com/prometheus/statsd_exporter
github.com/spf13/cobra
github.com/xeipuuv/gojsonpointer
github.com/xeipuuv/gojsonreference
github.com/yashtewari/glob-intersection
go.opencensus.io
gomodules.xyz/jsonpatch/v2
google.golang.org/genproto
google.golang.org/grpc
gopkg.in/yaml.v2
k8s.io/api
k8s.io/apiextensions-apiserver
k8s.io/apimachinery
k8s.io/apiserver
k8s.io/client-go
k8s.io/component-base
k8s.io/klog/v2
k8s.io/kube-openapi
k8s.io/utils
sigs.k8s.io/apiserver-network-proxy/konnectivity-client
sigs.k8s.io/controller-runtime
sigs.k8s.io/structured-merge-diff/v4
-------- License used by Dependencies
SPDX:Apache-2.0
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
----------------------- Dependencies Grouped by License ------------
-------- Dependency
github.com/PuerkitoBio/urlesc
-------- Copyrights
Copyright (c) 2012 The Go Authors. All rights reserved.
Copyright 2009 The Go Authors. All rights reserved.
-------- Dependency
github.com/fsnotify/fsnotify
-------- Copyrights
Copyright (c) 2012 The Go Authors. All rights reserved.
Copyright (c) 2012-2019 fsnotify Authors. All rights reserved.
Copyright 2010 The Go Authors. All rights reserved.
Copyright 2012 The Go Authors. All rights reserved.
Copyright 2016 The Go Authors. All rights reserved.
Copyright 2015 The Go Authors. All rights reserved.
Copyright 2013 The Go Authors. All rights reserved.
Copyright 2011 The Go Authors. All rights reserved.
-------- Dependency
github.com/gogo/protobuf
-------- Copyrights
Copyright (c) 2013, The GoGo Authors. All rights reserved.
Copyright 2010 The Go Authors. All rights reserved.
Copyright 2010 The Go Authors.
Copyright (c) 2015, The GoGo Authors. All rights reserved.
Copyright 2016 The Go Authors. All rights reserved.
Copyright 2015 The Go Authors. All rights reserved.
Copyright 2011 The Go Authors. All rights reserved.
Copyright (c) 2018, The GoGo Authors. All rights reserved.
Copyright 2018 The Go Authors. All rights reserved.
Copyright 2017 The Go Authors. All rights reserved.
Copyright (c) 2016, The GoGo Authors. All rights reserved.
Copyright 2014 The Go Authors. All rights reserved.
Copyright 2012 The Go Authors. All rights reserved.
Copyright 2013 The Go Authors. All rights reserved.
Copyright (c) 2019, The GoGo Authors. All rights reserved.
Copyright (c) 2017, The GoGo Authors. All rights reserved.
Copyright (c) 2015, The GoGo Authors. rights reserved.
-------- Dependency
github.com/golang/protobuf
-------- Copyrights
Copyright 2010 The Go Authors. All rights reserved.
Copyright 2016 The Go Authors. All rights reserved.
Copyright 2020 The Go Authors. All rights reserved.
Copyright 2019 The Go Authors. All rights reserved.
Copyright 2018 The Go Authors. All rights reserved.
Copyright 2015 The Go Authors. All rights reserved.
Copyright 2017 The Go Authors. All rights reserved.
Copyright 2010 The Go Authors. All rights reserved.
Copyright 2014 The Go Authors. All rights reserved.
Copyright 2011 The Go Authors. All rights reserved.
Copyright 2015 The Go Authors. All rights reserved.
-------- Dependency
github.com/google/go-cmp
-------- Copyrights
Copyright (c) 2017 The Go Authors. All rights reserved.
Copyright 2017, The Go Authors. All rights reserved.
Copyright 2021, The Go Authors. All rights reserved.
Copyright 2020, The Go Authors. All rights reserved.
Copyright 2018, The Go Authors. All rights reserved.
Copyright 2019, The Go Authors. All rights reserved.
-------- Dependency
github.com/google/uuid
-------- Copyrights
Copyright (c) 2009,2014 Google Inc. All rights reserved.
Copyright 2016 Google Inc. All rights reserved.
Copyright 2017 Google Inc. All rights reserved.
Copyright 2018 Google Inc. All rights reserved.
-------- Dependency
github.com/imdario/mergo
-------- Copyrights
Copyright (c) 2013 Dario Castañé. All rights reserved.
Copyright (c) 2012 The Go Authors. All rights reserved.
Copyright 2013 Dario Castañé. All rights reserved.
Copyright 2009 The Go Authors. All rights reserved.
Copyright 2014 Dario Castañé. All rights reserved.
-------- Dependency
github.com/spf13/pflag
-------- Copyrights
Copyright (c) 2012 Alex Ogier. All rights reserved.
Copyright (c) 2012 The Go Authors. All rights reserved.
Copyright 2009 The Go Authors. All rights reserved.
Copyright 2012 The Go Authors. All rights reserved.
Copyright 2010 The Go Authors. All rights reserved.
-------- Dependency
golang.org/x/crypto
-------- Copyrights
Copyright (c) 2009 The Go Authors. All rights reserved.
Copyright 2015 The Go Authors. All rights reserved.
Copyright 2016 The Go Authors. All rights reserved.
Copyright 2017 The Go Authors. All rights reserved.
Copyright 2018 The Go Authors. All rights reserved.
Copyright 2019 The Go Authors. All rights reserved.
Copyright 2011 The Go Authors. All rights reserved.
Copyright 2010 The Go Authors. All rights reserved.
Copyright 2012 The Go Authors. All rights reserved.
Copyright 2013 The Go Authors. All rights reserved.
Copyright 2014 The Go Authors. All rights reserved.
Copyright 2020 The Go Authors. All rights reserved.
Copyright 2009 The Go Authors. All rights reserved.
-------- Patents
Additional IP Rights Grant (Patents)
"This implementation" means the copyrightable works distributed by
Google as part of the Go project.
Google hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import,
transfer and otherwise run, modify and propagate the contents of this
implementation of Go, where such license applies only to those patent
claims, both currently owned or controlled by Google and acquired in
the future, licensable by Google that are necessarily infringed by this
implementation of Go. This grant does not include claims that would be
infringed only as a consequence of further modification of this
implementation. If you or your agent or exclusive licensee institute or
order or agree to the institution of patent litigation against any
entity (including a cross-claim or counterclaim in a lawsuit) alleging
that this implementation of Go or any code incorporated within this
implementation of Go constitutes direct or contributory patent
infringement, or inducement of patent infringement, then any patent
rights granted to you under this License for this implementation of Go
shall terminate as of the date such litigation is filed.
-------- Dependency
golang.org/x/net
-------- Copyrights
Copyright (c) 2009 The Go Authors. All rights reserved.
Copyright 2016 The Go Authors. All rights reserved.
Copyright 2017 The Go Authors. All rights reserved.
Copyright 2014 The Go Authors. All rights reserved.
Copyright 2015 The Go Authors. All rights reserved.
Copyright 2010 The Go Authors. All rights reserved.
Copyright 2009 The Go Authors. All rights reserved.
Copyright 2012 The Go Authors. All rights reserved.
Copyright 2013 The Go Authors. All rights reserved.
Copyright 2011 The Go Authors. All rights reserved.
Copyright (C) 2009 Apple Inc. All rights reserved.
Copyright 2018 The Go Authors. All rights reserved.
Copyright 2021 The Go Authors. All rights reserved.
Copyright 2020 The Go Authors. All rights reserved.
Copyright 2019 The Go Authors. All rights reserved.
-------- Patents
Additional IP Rights Grant (Patents)
"This implementation" means the copyrightable works distributed by
Google as part of the Go project.
Google hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import,
transfer and otherwise run, modify and propagate the contents of this
implementation of Go, where such license applies only to those patent
claims, both currently owned or controlled by Google and acquired in
the future, licensable by Google that are necessarily infringed by this
implementation of Go. This grant does not include claims that would be
infringed only as a consequence of further modification of this
implementation. If you or your agent or exclusive licensee institute or
order or agree to the institution of patent litigation against any
entity (including a cross-claim or counterclaim in a lawsuit) alleging
that this implementation of Go or any code incorporated within this
implementation of Go constitutes direct or contributory patent
infringement, or inducement of patent infringement, then any patent
rights granted to you under this License for this implementation of Go
shall terminate as of the date such litigation is filed.
-------- Dependency
golang.org/x/oauth2
-------- Copyrights
Copyright (c) 2009 The Go Authors. All rights reserved.
Copyright 2017 The oauth2 Authors. All rights reserved.
Copyright 2021 The Go Authors. All rights reserved.
Copyright 2015 The oauth2 Authors. All rights reserved.
Copyright 2018 The Go Authors. All rights reserved.
Copyright 2014 The Go Authors. All rights reserved.
Copyright 2019 The Go Authors. All rights reserved.
Copyright 2015 The Go Authors. All rights reserved.
Copyright 2016 The Go Authors. All rights reserved.
Copyright 2020 The Go Authors. All rights reserved.
Copyright 2017 The Go Authors. All rights reserved.
Copyright 2018 The oauth2 Authors. All rights reserved.
-------- Dependency
golang.org/x/sync
-------- Copyrights
Copyright (c) 2009 The Go Authors. All rights reserved.
Copyright 2016 The Go Authors. All rights reserved.
Copyright 2017 The Go Authors. All rights reserved.
Copyright 2013 The Go Authors. All rights reserved.
Copyright 2019 The Go Authors. All rights reserved.
-------- Patents
Additional IP Rights Grant (Patents)
"This implementation" means the copyrightable works distributed by
Google as part of the Go project.
Google hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import,
transfer and otherwise run, modify and propagate the contents of this
implementation of Go, where such license applies only to those patent
claims, both currently owned or controlled by Google and acquired in
the future, licensable by Google that are necessarily infringed by this
implementation of Go. This grant does not include claims that would be
infringed only as a consequence of further modification of this
implementation. If you or your agent or exclusive licensee institute or
order or agree to the institution of patent litigation against any
entity (including a cross-claim or counterclaim in a lawsuit) alleging
that this implementation of Go or any code incorporated within this
implementation of Go constitutes direct or contributory patent
infringement, or inducement of patent infringement, then any patent
rights granted to you under this License for this implementation of Go
shall terminate as of the date such litigation is filed.
-------- Dependency
golang.org/x/sys
-------- Copyrights
Copyright (c) 2009 The Go Authors. All rights reserved.
Copyright 2019 The Go Authors. All rights reserved.
Copyright 2018 The Go Authors. All rights reserved.
Copyright 2020 The Go Authors. All rights reserved.
Copyright 2012 The Go Authors. All rights reserved.
Copyright 2011 The Go Authors. All rights reserved.
Copyright 2015 The Go Authors. All rights reserved.
Copyright 2009 The Go Authors. All rights reserved.
Copyright 2013 The Go Authors. All rights reserved.
Copyright 2016 The Go Authors. All rights reserved.
Copyright 2017 The Go Authors. All rights reserved.
Copyright 2010 The Go Authors. All rights reserved.
Copyright 2014 The Go Authors. All rights reserved.
Copyright 2021 The Go Authors. All rights reserved.
Copyright 2009,2010 The Go Authors. All rights reserved.
Copyright 2017 The Go Authors. All right reserved.
-------- Patents
Additional IP Rights Grant (Patents)
"This implementation" means the copyrightable works distributed by
Google as part of the Go project.
Google hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import,
transfer and otherwise run, modify and propagate the contents of this
implementation of Go, where such license applies only to those patent
claims, both currently owned or controlled by Google and acquired in
the future, licensable by Google that are necessarily infringed by this
implementation of Go. This grant does not include claims that would be
infringed only as a consequence of further modification of this
implementation. If you or your agent or exclusive licensee institute or
order or agree to the institution of patent litigation against any
entity (including a cross-claim or counterclaim in a lawsuit) alleging
that this implementation of Go or any code incorporated within this
implementation of Go constitutes direct or contributory patent
infringement, or inducement of patent infringement, then any patent
rights granted to you under this License for this implementation of Go
shall terminate as of the date such litigation is filed.
-------- Dependency
golang.org/x/term
-------- Copyrights
Copyright (c) 2009 The Go Authors. All rights reserved.
Copyright 2019 The Go Authors. All rights reserved.
Copyright 2013 The Go Authors. All rights reserved.
Copyright 2020 The Go Authors. All rights reserved.
Copyright 2011 The Go Authors. All rights reserved.
-------- Patents
Additional IP Rights Grant (Patents)
"This implementation" means the copyrightable works distributed by
Google as part of the Go project.
Google hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import,
transfer and otherwise run, modify and propagate the contents of this
implementation of Go, where such license applies only to those patent
claims, both currently owned or controlled by Google and acquired in
the future, licensable by Google that are necessarily infringed by this
implementation of Go. This grant does not include claims that would be
infringed only as a consequence of further modification of this
implementation. If you or your agent or exclusive licensee institute or
order or agree to the institution of patent litigation against any
entity (including a cross-claim or counterclaim in a lawsuit) alleging
that this implementation of Go or any code incorporated within this
implementation of Go constitutes direct or contributory patent
infringement, or inducement of patent infringement, then any patent
rights granted to you under this License for this implementation of Go
shall terminate as of the date such litigation is filed.
-------- Dependency
golang.org/x/text
-------- Copyrights
Copyright (c) 2009 The Go Authors. All rights reserved.
Copyright 2014 The Go Authors. All rights reserved.
Copyright 2016 The Go Authors. All rights reserved.
Copyright 2015 The Go Authors. All rights reserved.
Copyright 2017 The Go Authors. All rights reserved.
Copyright 2012 The Go Authors. All rights reserved.
Copyright 2013 The Go Authors. All rights reserved.
Copyright 2019 The Go Authors. All rights reserved.
Copyright 2018 The Go Authors. All rights reserved.
Copyright 2009 The Go Authors. All rights reserved.
Copyright 2011 The Go Authors. All rights reserved.
-------- Patents
Additional IP Rights Grant (Patents)
"This implementation" means the copyrightable works distributed by
Google as part of the Go project.
Google hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import,
transfer and otherwise run, modify and propagate the contents of this
implementation of Go, where such license applies only to those patent
claims, both currently owned or controlled by Google and acquired in
the future, licensable by Google that are necessarily infringed by this
implementation of Go. This grant does not include claims that would be
infringed only as a consequence of further modification of this
implementation. If you or your agent or exclusive licensee institute or
order or agree to the institution of patent litigation against any
entity (including a cross-claim or counterclaim in a lawsuit) alleging
that this implementation of Go or any code incorporated within this
implementation of Go constitutes direct or contributory patent
infringement, or inducement of patent infringement, then any patent
rights granted to you under this License for this implementation of Go
shall terminate as of the date such litigation is filed.
-------- Dependency
golang.org/x/time
-------- Copyrights
Copyright (c) 2009 The Go Authors. All rights reserved.
Copyright 2015 The Go Authors. All rights reserved.
-------- Patents
Additional IP Rights Grant (Patents)
"This implementation" means the copyrightable works distributed by
Google as part of the Go project.
Google hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import,
transfer and otherwise run, modify and propagate the contents of this
implementation of Go, where such license applies only to those patent
claims, both currently owned or controlled by Google and acquired in
the future, licensable by Google that are necessarily infringed by this
implementation of Go. This grant does not include claims that would be
infringed only as a consequence of further modification of this
implementation. If you or your agent or exclusive licensee institute or
order or agree to the institution of patent litigation against any
entity (including a cross-claim or counterclaim in a lawsuit) alleging
that this implementation of Go or any code incorporated within this
implementation of Go constitutes direct or contributory patent
infringement, or inducement of patent infringement, then any patent
rights granted to you under this License for this implementation of Go
shall terminate as of the date such litigation is filed.
-------- Dependency
google.golang.org/protobuf
-------- Copyrights
Copyright (c) 2018 The Go Authors. All rights reserved.
Copyright 2018 The Go Authors. All rights reserved.
Copyright 2019 The Go Authors. All rights reserved.
Copyright 2020 The Go Authors. All rights reserved.
Copyright 2019 The Go Authors. All rights reserved.",
Copyright 2018 The Go Authors. All rights reserved.",
Copyright 2008 Google Inc. All rights reserved.
Copyright 2021 The Go Authors. All rights reserved.
-------- Patents
Additional IP Rights Grant (Patents)
"This implementation" means the copyrightable works distributed by
Google as part of the Go project.
Google hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import,
transfer and otherwise run, modify and propagate the contents of this
implementation of Go, where such license applies only to those patent
claims, both currently owned or controlled by Google and acquired in
the future, licensable by Google that are necessarily infringed by this
implementation of Go. This grant does not include claims that would be
infringed only as a consequence of further modification of this
implementation. If you or your agent or exclusive licensee institute or
order or agree to the institution of patent litigation against any
entity (including a cross-claim or counterclaim in a lawsuit) alleging
that this implementation of Go or any code incorporated within this
implementation of Go constitutes direct or contributory patent
infringement, or inducement of patent infringement, then any patent
rights granted to you under this License for this implementation of Go
shall terminate as of the date such litigation is filed.
-------- Dependency
gopkg.in/inf.v0
-------- Copyrights
Copyright (c) 2012 Péter Surányi. Portions Copyright (c) 2009 The Go
-------- Dependencies Summary
github.com/PuerkitoBio/urlesc
github.com/fsnotify/fsnotify
github.com/gogo/protobuf
github.com/golang/protobuf
github.com/google/go-cmp
github.com/google/uuid
github.com/imdario/mergo
github.com/spf13/pflag
golang.org/x/crypto
golang.org/x/net
golang.org/x/oauth2
golang.org/x/sync
golang.org/x/sys
golang.org/x/term
golang.org/x/text
golang.org/x/time
google.golang.org/protobuf
gopkg.in/inf.v0
-------- License used by Dependencies
SPDX:BSD-3-Clause--modified-by-Google
Redistribution and use in source and binary forms, with
or without modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
----------------------- Dependencies Grouped by License ------------
-------- Dependency
github.com/davecgh/go-spew
-------- Copyrights
Copyright (c) 2012-2016 Dave Collins <dave@davec.name>
Copyright (c) 2015-2016 Dave Collins <dave@davec.name>
Copyright (c) 2013-2016 Dave Collins <dave@davec.name>
Copyright (c) 2013 Dave Collins <dave@davec.name>
-------- Dependencies Summary
github.com/davecgh/go-spew
-------- License used by Dependencies
SPDX:ISC
Permission to use, copy, modify, and/or distribute this
software for any purpose with or without fee is hereby granted, provided that
the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
----------------------- Dependencies Grouped by License ------------
-------- Dependency
github.com/asaskevich/govalidator
-------- Copyrights
Copyright (c) 2014-2020 Alex Saskevich
-------- Dependency
github.com/beorn7/perks
-------- Copyrights
Copyright (C) 2013 Blake Mizerany
-------- Dependency
github.com/blang/semver
-------- Copyrights
Copyright (c) 2014 Benedikt Lang <github at benediktlang.de>
-------- Dependency
github.com/cespare/xxhash/v2
-------- Copyrights
Copyright (c) 2016 Caleb Spare
-------- Dependency
github.com/go-kit/log
-------- Copyrights
Copyright (c) 2021 Go kit
Copyright (c) 2014 Simon Eskildsen
Copyright 2013 The Go Authors. All rights reserved.
Copyright 2011 The Go Authors. All rights reserved.
-------- Dependency
github.com/go-logfmt/logfmt
-------- Copyrights
Copyright (c) 2015 go-logfmt
Copyright 2010 The Go Authors. All rights reserved.
-------- Dependency
github.com/gobwas/glob
-------- Copyrights
Copyright (c) 2016 Sergey Kamardin
-------- Dependency
github.com/josharian/intern
-------- Copyrights
Copyright (c) 2019 Josh Bleecher Snyder
-------- Dependency
github.com/json-iterator/go
-------- Copyrights
Copyright (c) 2016 json-iterator
-------- Dependency
github.com/mailru/easyjson
-------- Copyrights
Copyright (c) 2016 Mail.Ru Group
Copyright (c) 2009 The Go Authors. All rights reserved.
-------- Dependency
github.com/mitchellh/mapstructure
-------- Copyrights
Copyright (c) 2013 Mitchell Hashimoto
-------- Dependency
go.uber.org/atomic
-------- Copyrights
Copyright (c) 2016 Uber Technologies, Inc.
Copyright (c) 2019 Uber Technologies, Inc.
-------- Dependency
go.uber.org/multierr
-------- Copyrights
Copyright (c) 2017 Uber Technologies, Inc.
Copyright (c) 2019 Uber Technologies, Inc.
-------- Dependency
go.uber.org/zap
-------- Copyrights
Copyright (c) 2016-2017 Uber Technologies, Inc.
Copyright (c) 2016 Uber Technologies, Inc.
Copyright (c) "*" Uber Technologies, Inc.")
Copyright (c) 2017 Uber Technologies, Inc.
Copyright (c) 2019 Uber Technologies, Inc.
Copyright (c) 2020 Uber Technologies, Inc.
Copyright (c) 2016, 2017 Uber Technologies, Inc.
Copyright (c) 2018 Uber Technologies, Inc.
-------- Dependency
gopkg.in/yaml.v3
-------- Copyrights
copyright staring in 2011 when the project was ported over:
Copyright (c) 2006-2010 Kirill Simonov
Copyright (c) 2006-2011 Kirill Simonov
Copyright (c) 2011-2019 Canonical Ltd
Copyright 2011-2016 Canonical Ltd.
-------- Notices
Copyright 2011-2016 Canonical Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-------- Dependencies Summary
github.com/asaskevich/govalidator
github.com/beorn7/perks
github.com/blang/semver
github.com/cespare/xxhash/v2
github.com/go-kit/log
github.com/go-logfmt/logfmt
github.com/gobwas/glob
github.com/josharian/intern
github.com/json-iterator/go
github.com/mailru/easyjson
github.com/mitchellh/mapstructure
go.uber.org/atomic
go.uber.org/multierr
go.uber.org/zap
gopkg.in/yaml.v3
-------- License used by Dependencies
SPDX:MIT
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction, including without
limitation the rights to use, copy, modify, merge, publish, distribute,
sublicense, and/or sell copies of the Software, and to permit persons to whom
the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
----------------------- Dependencies Grouped by License ------------
-------- Dependency
github.com/ghodss/yaml
-------- Copyrights
Copyright (c) 2014 Sam Ghods
Copyright (c) 2012 The Go Authors. All rights reserved.
Copyright 2013 The Go Authors. All rights reserved.
-------- Dependency
sigs.k8s.io/yaml
-------- Copyrights
Copyright (c) 2014 Sam Ghods
Copyright (c) 2012 The Go Authors. All rights reserved.
Copyright 2013 The Go Authors. All rights reserved.
-------- Dependencies Summary
github.com/ghodss/yaml
sigs.k8s.io/yaml
-------- License used by Dependencies
The MIT License (MIT)
Copyright (c) 2014 Sam Ghods
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Copyright (c) 2012 The Go Authors. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
ATTRIBUTION-HELPER-GENERATED:
License file based on go.mod with md5 sum: 8e6c0582e13472356e90672b8842731d
================================================
FILE: data-common.tf
================================================
# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
locals {
state_id = coalesce(var.state_id, random_string.state_id.id)
}
resource "random_string" "state_id" {
length = 6
lower = true
numeric = false
special = false
upper = false
}
output "state_id" {
value = local.state_id
}
================================================
FILE: data-images.tf
================================================
# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
# Used to retrieve available worker node images, k8s versions, shapes...
data "oci_containerengine_node_pool_option" "oke" {
count = local.cluster_enabled ? 1 : 0
node_pool_option_id = "all"
compartment_id = local.compartment_id
}
locals {
k8s_versions = toset(concat([var.kubernetes_version], [for k, v in var.worker_pools : lookup(v, "kubernetes_version", "") if lookup(v, "kubernetes_version", "") != ""]))
k8s_versions_only = [for k8_version in local.k8s_versions : trimprefix(lower(k8_version), "v")]
# OKE managed node pool images
node_pool_images = try(one(data.oci_containerengine_node_pool_option.oke[*].sources), [])
# Parse platform/operating system information from node pool image names
indexed_images = try({
for k, v in local.node_pool_images : v.image_id => merge(
try(element(regexall("OKE-(?P<k8s_version>[0-9\\.]+)-(?P<build>[0-9]+)", v.source_name), 0), { k8s_version = "none" }),
{
arch = length(regexall("aarch64", v.source_name)) > 0 ? "aarch64" : "x86_64"
image_type = length(regexall("OKE", v.source_name)) > 0 ? "oke" : "platform"
is_gpu = length(regexall("GPU", v.source_name)) > 0
os = trimspace(replace(element(regexall("^[a-zA-Z-]+", v.source_name), 0), "-", " "))
os_version = element(regexall("[0-9\\.]+", v.source_name), 0)
sort_key = replace(try(join(".", regex("-([0-9]{4}\\.[01][0-9].[0-9]{1,2}).*?-([0-9]+)$", v.source_name)), v.source_name), ".", "")
source_name = v.source_name
},
)
}, {})
# Create non-exclusive groupings of image IDs for intersection when selecting based on config and instance shape
image_ids = try(merge({
x86_64 = [for k, v in local.indexed_images : k if v.arch == "x86_64"]
aarch64 = [for k, v in local.indexed_images : k if v.arch == "aarch64"]
oke = [for k, v in local.indexed_images : k if v.image_type == "oke" && contains(local.k8s_versions_only, v.k8s_version)]
platform = [for k, v in local.indexed_images : k if v.image_type == "platform"]
gpu = [for k, v in local.indexed_images : k if v.is_gpu]
nongpu = [for k, v in local.indexed_images : k if !v.is_gpu]
}, {
# Include groups for OS name and major version
# https://developer.hashicorp.com/terraform/language/expressions/for#grouping-results
for k, v in local.indexed_images : format("%v %v", v.os, split(".", v.os_version)[0]) => k...
}, {
# Include groups for referenced Kubernetes versions
for k, v in local.indexed_images : format("%v", v.k8s_version) => k... if contains(local.k8s_versions_only, v.k8s_version)
}), {})
}
================================================
FILE: docs/diagrams.md
================================================
# Diagrams
This page collects the currently relevant architecture diagrams for the module.
## Default topologies
### Default Multi-AD topology
Shows the default regional deployment spread across multiple availability domains. The control plane, worker nodes, bastion, operator, and load balancer subnets are separated so the module can provide both public entry points and private east-west traffic paths.
### Default Single-AD topology
Shows the same baseline layout constrained to a single availability domain. This is the simpler topology when multi-AD placement is not required or not available in the target region.
## Network and access
### Network layout
Illustrates how the module divides the VCN into functional subnets and NSG boundaries. Use it to understand where the control plane, workers, pods, and load balancers live and how traffic is expected to flow between them.
### Load balancer layout
Highlights the public and internal load balancer subnet choices. This is the diagram to consult when deciding how to set `load_balancers`, `preferred_load_balancer`, and the related service exposure model.
### Bastion access layout
Shows the administrative access path into the VCN through the bastion host. It is useful when validating SSH reachability to private resources such as the operator or worker nodes.
## Exposure variants
### Public control plane topology
Shows the variant where the Kubernetes API endpoint is reachable through a public address. This is the most direct management model, but it also requires tighter control of the allowed CIDR ranges.
### Private control plane topology
Shows the variant where the Kubernetes API endpoint stays private inside the VCN. This is the preferred layout when cluster administration should happen from the bastion, operator, or connected private networks only.
### Public workers topology
Shows worker nodes with public IPs and direct outbound reachability. This can simplify bootstrap and troubleshooting, but it expands the exposed surface compared with private workers.
### Private workers topology
Shows worker nodes kept on private addresses behind the VCN gateways. This is the more typical production posture when outbound access is routed through NAT or service gateways instead of direct public addressing.
## Identity
### OIDC discovery flow
Explains the OIDC discovery integration exposed by the cluster. Use it when enabling `oidc_discovery_enabled` or documenting how external identity providers and token validation interact with the OKE API server.
================================================
FILE: docs/prerequisites.md
================================================
# Pre-requisites
[Quick Start guide](https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/docs/quickstart.md)
This section will guide you through the pre-requisites before you can use this project.
You can proceed to the [Quick Start guide](https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/docs/quickstart.md) if you have already done these.
1. [Install Terraform](#install-terraform)
2. [Generate and upload your OCI API keys](#generate-and-upload-your-oci-api-keys)
3. [Create an OCI compartment](#create-an-oci-compartment)
4. [Obtain the necessary OCIDs](#obtain-the-necessary-ocids)
5. [Generate an SSH key pair](#generate-an-ssh-key-pair)
6. [Identity and Access Management Rights](#identity-and-access-management-rights)
### Install Terraform
Start by installing Terraform and configuring your path. You need version 1.3.0+.
#### Installing Terraform on Oracle Linux
```bash
yum -y install oraclelinux-developer-release-el7 && yum -y install terraform
```
#### Installing Terraform on macOS
```bash
brew install terraform
```
#### Manual Installation
1. Open your browser and navigate to the [Terraform download page](https://www.terraform.io/downloads.html). You need version 1.3.0+.
2. Download the appropriate version for your operating system.
3. Extract the contents of the compressed file and copy the `terraform` binary to a location that is in your path.
##### Configure path on Linux/macOS
```bash
sudo mv /path/to/terraform /usr/local/bin
```
##### Configure path on Windows
1. Click on `Start`, type `Control Panel` and open it.
2. Select `System > Advanced System Settings > Environment Variables`.
3. Select `System variables > PATH` and click `Edit`.
4. Click `New` and paste the location of the directory where you extracted `terraform.exe`.
5. Close all open windows by clicking `OK`.
6. Open a new terminal and verify Terraform has been properly installed.
#### Testing Terraform installation
```bash
terraform -v
Terraform v1.x.x
```
### Generate and upload your OCI API keys
Follow the documentation for [generating and uploading your API keys](https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#two).
Note the key fingerprint.
### Create an OCI compartment
Follow the documentation for [creating a compartment](https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingcompartments.htm#two).
### Obtain the necessary OCIDs
The following OCIDs are required:
1. Compartment OCID
2. Tenancy OCID
3. User OCID
Follow the documentation for [obtaining the tenancy and user OCIDs](https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#five).
To obtain the compartment OCID:
1. Navigate to `Identity > Compartments`.
2. Click on your compartment.
3. Locate `OCID` on the page and click `Copy`.
### Generate an SSH key pair
An SSH key pair is required for access to the bastion and operator hosts. Generate one if you don't have one:
```bash
ssh-keygen -t rsa -b 4096 -f ~/.ssh/oke_key
```
This creates `~/.ssh/oke_key` (private key) and `~/.ssh/oke_key.pub` (public key).
### Identity and Access Management Rights
The user or group running Terraform needs the following permissions:
| Permission | Purpose |
|------------|---------|
| `manage all-resources in compartment` | Full management of all OKE resources |
| `manage instance-family in compartment` | Create and manage compute instances |
| `manage virtual-network-family in compartment` | Create and manage VCN, subnets, NSGs |
| `manage cluster-family in compartment` | Create and manage OKE clusters |
| `manage volume-family in compartment` | Create and manage block volumes |
| `manage dynamic-groups in tenancy` | Create IAM dynamic groups (if `create_iam_resources = true`) |
| `manage policies in tenancy` | Create IAM policies (if `create_iam_resources = true`) |
For a least-privilege setup, set `create_iam_resources = true` and the module will create the required dynamic groups and policies automatically.
================================================
FILE: docs/quickstart.md
================================================
# Quickstart
1. [Assumptions](#assumptions)
2. [Pre-requisites](#pre-requisites)
3. [Instructions](#instructions)
4. [Connect to the cluster](#connect-to-the-cluster)
5. [Update the cluster](#update-the-cluster)
6. [Destroy the cluster](#destroy-the-cluster)
7. [Related documentation](#related-documentation)
### Assumptions
1. You have set up the [required API keys](https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm).
2. You know the [required OCIDs](https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#five).
3. You have the necessary [permissions](./prerequisites.md#identity-and-access-management-rights).
4. You have an SSH key pair available.
### Pre-requisites
1. `git` is installed.
2. An SSH client is installed.
3. Terraform 1.3.0+ is installed.
See [Pre-requisites](./prerequisites.md) for detailed setup instructions.
### Instructions
#### Provisioning using this git repo
1. Clone the repo:
```bash
git clone https://github.com/oracle-terraform-modules/terraform-oci-oke.git tfoke
cd tfoke
```
Create a `terraform.tfvars` file for your environment. This repository does not ship a generic root `terraform.tfvars.example`.
2. Create a `provider.tf` file and add the following:
```hcl
terraform {
required_providers {
oci = {
source = "oracle/oci"
version = ">= 7.30.0"
}
}
}
provider "oci" {
tenancy_ocid = var.tenancy_id
user_ocid = var.user_id
fingerprint = var.api_fingerprint
private_key_path = var.api_private_key_path
region = var.region
}
provider "oci" {
alias = "home"
tenancy_ocid = var.tenancy_id
user_ocid = var.user_id
fingerprint = var.api_fingerprint
private_key_path = var.api_private_key_path
region = coalesce(var.home_region, var.region)
}
```
Provider credentials are intentionally configured in `provider.tf`, not in `terraform.tfvars`.
3. Set mandatory provider parameters:
- `api_fingerprint`
- `api_private_key_path`
- `region`
- `tenancy_id`
- `user_id`
4. Set other required parameters:
- `compartment_id`
- One of `ssh_public_key` or `ssh_public_key_path`
5. Set cluster and worker parameters. At minimum, configure:
```hcl
# Cluster
create_cluster = true
cluster_name = "oke-cluster"
kubernetes_version = "v1.34.2"
# Workers
worker_pool_mode = "node-pool"
worker_pool_size = 1
worker_pools = {
np1 = {
size = 1
}
}
```
6. Optional parameters to override (see [Terraform Options](./terraformoptions.md) for the full list):
- Cluster: `cluster_type`, `cni_type`, `control_plane_is_public`, `pods_cidr`, `services_cidr`
- Workers: `worker_shape`, `worker_image_type`, `worker_image_os`, `worker_image_os_version`
- Network: `vcn_cidrs`, `subnets`, `nsgs`, `load_balancers`
- Bastion: `create_bastion`, `bastion_shape`, `bastion_allowed_cidrs`
- Operator: `create_operator`, `operator_shape`, `operator_upgrade`
7. Run Terraform:
```bash
terraform init
terraform plan
terraform apply
```
8. Retrieve the cluster and access information:
```bash
terraform output cluster_id
terraform output cluster_endpoints
terraform output ssh_to_bastion
terraform output ssh_to_operator
```
If you want Terraform to emit `cluster_kubeconfig`, also set:
```hcl
output_detail = true
```
### Connect to the cluster
#### Via the operator host
1. SSH to the operator through the bastion:
```bash
# Use the output from terraform output ssh_to_operator
ssh -o ProxyCommand='ssh -W %h:%p -i ~/.ssh/oke_key opc@<bastion_ip>' -i ~/.ssh/oke_key opc@<operator_ip>
```
2. Verify connectivity:
```bash
kubectl get nodes
```
#### Via kubeconfig
1. Retrieve the kubeconfig:
```bash
terraform output -raw cluster_kubeconfig > ~/.kube/config-oke
export KUBECONFIG=~/.kube/config-oke
```
`cluster_kubeconfig` is only populated when `output_detail = true`.
2. Verify connectivity:
```bash
kubectl get nodes
```
### Update the cluster
To update the infrastructure:
```bash
# Modify terraform.tfvars as needed
terraform plan
terraform apply
```
Common updates:
- **Kubernetes version**: Change `kubernetes_version` and run `terraform apply`
- **Worker pool size**: Adjust `worker_pool_size` or individual pool `size`
- **Add worker pools**: Add entries to the `worker_pools` map
- **Extensions**: Enable extensions by setting `<extension>_install = true`
### Destroy the cluster
```bash
terraform destroy
```
### Related documentation
- [All Terraform configuration options](./terraformoptions.md) for this module
- [Example configurations](https://github.com/oracle-terraform-modules/terraform-oci-oke/tree/main/examples)
- [Pre-requisites](./prerequisites.md)
================================================
FILE: docs/terraformoptions.md
================================================
# Terraform Options
Configuration Terraform Options:
1. [General](#general)
2. [Identity and Access Management](#identity-and-access-management)
3. [Network](#network)
4. [Cluster](#cluster)
5. [Cluster Add-ons](#cluster-add-ons)
6. [Workers](#workers)
7. [Bastion](#bastion)
8. [Operator](#operator)
9. [Extensions](#extensions)
- [Cilium](#cilium)
- [Multus](#multus)
- [SR-IOV Device Plugin](#sr-iov-device-plugin)
- [SR-IOV CNI Plugin](#sr-iov-cni-plugin)
- [RDMA CNI Plugin](#rdma-cni-plugin)
- [Whereabouts](#whereabouts)
- [Metrics Server](#metrics-server)
- [Cluster Autoscaler](#cluster-autoscaler)
- [Prometheus](#prometheus)
- [DCGM Exporter](#dcgm-exporter)
- [Gatekeeper](#gatekeeper)
- [MPI Operator](#mpi-operator)
- [ArgoCD](#argocd)
- [Service Accounts](#service-accounts)
10. [Utilities](#utilities)
11. [Tagging](#tagging)
12. [Validation Rules](#validation-rules)
## General
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `state_id` | Optional Terraform state_id from an existing deployment for resource reuse. | string | `null` |
| `output_detail` | Whether to include detailed output in the Terraform state. | `true` / `false` | `false` |
| `timezone` | Preferred timezone for worker, operator, and bastion instances. | string (IANA timezone) | `"Etc/UTC"` |
| `ssh_private_key` | SSH private key contents, optionally base64-encoded. Sensitive. | string | `null` |
| `ssh_private_key_path` | Path to SSH private key on the machine running Terraform. | string | `null` |
| `ssh_public_key` | SSH public key contents, optionally base64-encoded. | string | `null` |
| `ssh_public_key_path` | Path to SSH public key. | string | `null` |
## Identity and Access Management
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `tenancy_id` | Tenancy OCID. Required unless using `config_file_profile` or Resource Manager. | OCID string | `null` |
| `tenancy_ocid` | Tenancy OCID for Resource Manager. Used as alias for `tenancy_id` in RMS. | OCID string | `null` |
| `user_id` | User OCID for API key authentication. | OCID string | `null` |
| `current_user_ocid` | User OCID for Resource Manager. | OCID string | `null` |
| `compartment_id` | Compartment OCID where resources are created. Required. | OCID string | `null` |
| `compartment_ocid` | Compartment OCID for Resource Manager. | OCID string | `null` |
| `worker_compartment_id` | Compartment for worker resources. Defaults to `compartment_id`. | OCID string | `null` |
| `network_compartment_id` | Compartment for network resources. Defaults to `compartment_id`. | OCID string | `null` |
| `region` | OCI region for resource provisioning. | [OCI region identifier](https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm) | `"us-ashburn-1"` |
| `home_region` | Tenancy home region. Required when `create_iam_resources = true`. | OCI region identifier | `null` |
| `api_fingerprint` | Fingerprint of the OCI API public key. | string | `null` |
| `api_private_key` | OCI API private key contents. Sensitive. | string | `null` |
| `api_private_key_password` | Password for the OCI API private key. Sensitive. | string | `null` |
| `api_private_key_path` | Path to the OCI API private key file. | string | `null` |
| `config_file_profile` | OCI CLI config file profile name for authentication. | string | `"DEFAULT"` |
| `create_iam_resources` | Whether to create IAM dynamic groups and policies. | `true` / `false` | `false` |
| `create_iam_autoscaler_policy` | Create IAM policy for cluster autoscaler. | `"never"` / `"auto"` / `"always"` | `"auto"` |
| `create_iam_kms_policy` | Create IAM policy for KMS encryption. | `"never"` / `"auto"` / `"always"` | `"auto"` |
| `create_iam_operator_policy` | Create IAM policy for operator instance principal. | `"never"` / `"auto"` / `"always"` | `"auto"` |
| `create_iam_worker_policy` | Create IAM policy for worker nodes. | `"never"` / `"auto"` / `"always"` | `"auto"` |
| `create_iam_tag_namespace` | Create IAM tag namespace and tags. | `true` / `false` | `false` |
| `create_iam_defined_tags` | Create IAM defined tags in the tag namespace. | `true` / `false` | `false` |
| `use_defined_tags` | Apply defined tags to created resources. | `true` / `false` | `false` |
| `tag_namespace` | Tag namespace name for OKE defined tags. | string | `"oke"` |
## Network
Relevant diagrams:
- [Network layout](./diagrams.md#network-layout)
- [Load balancer layout](./diagrams.md#load-balancer-layout)
- [Bastion access layout](./diagrams.md#bastion-access-layout)
### VCN
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `create_vcn` | Whether to create a VCN. Set to `false` to use an existing VCN. | `true` / `false` | `true` |
| `vcn_name` | Display name for the VCN. | string | `null` |
| `vcn_id` | OCID of an existing VCN. Required when `create_vcn = false`. | OCID string | `null` |
| `vcn_cidrs` | IPv4 CIDR blocks for the VCN. | list(string) | `["10.0.0.0/16"]` |
| `vcn_dns_label` | DNS label for the VCN. | string | `null` |
| `vcn_enable_ipv6_gua` | Enable IPv6 Global Unicast Address. | `true` / `false` | `true` |
| `vcn_ipv6_ula_cidrs` | IPv6 ULA CIDR blocks for the VCN. | list(string) | `[]` |
| `assign_dns` | Whether to assign DNS records to created instances and subnet hostname labels. | `true` / `false` | `true` |
| `lockdown_default_seclist` | Remove all default rules from the VCN default security list. | `true` / `false` | `true` |
### Gateways
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `vcn_create_internet_gateway` | Create an internet gateway. | `"auto"` / `"always"` / `"never"` | `"auto"` |
| `vcn_create_nat_gateway` | Create a NAT gateway. | `"auto"` / `"always"` / `"never"` | `"auto"` |
| `vcn_create_service_gateway` | Create a service gateway. | `"auto"` / `"always"` / `"never"` | `"always"` |
| `internet_gateway_id` | OCID of an existing internet gateway. | OCID string | `null` |
| `nat_gateway_id` | OCID of an existing NAT gateway. | OCID string | `null` |
| `nat_gateway_public_ip_id` | Reserved public IP OCID for the NAT gateway. | OCID string | `null` |
### Routing
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `ig_route_table_id` | OCID of an existing internet gateway route table. | OCID string | `null` |
| `nat_route_table_id` | OCID of an existing NAT gateway route table. | OCID string | `null` |
| `igw_ngw_mixed_route_id` | OCID of a mixed route table (NAT GW for IPv4, IGW for IPv6). | OCID string | `null` |
| `internet_gateway_route_rules` | Additional route rules for the internet gateway route table. | list(map(string)) | `null` |
| `nat_gateway_route_rules` | Additional route rules for the NAT gateway route table. | list(map(string)) | `null` |
### DRG
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `create_drg` | Whether to create a Dynamic Routing Gateway. | `true` / `false` | `false` |
| `drg_display_name` | Display name for the DRG. | string | `null` |
| `drg_id` | OCID of an existing DRG. | OCID string | `null` |
| `drg_compartment_id` | Compartment for the DRG. Defaults to `network_compartment_id`. | OCID string | `null` |
| `drg_attachments` | DRG attachment configurations. | map(any) | `{}` |
| `remote_peering_connections` | Remote peering connection configurations. | map(any) | `{}` |
| `local_peering_gateways` | Local peering gateway configurations. | map(any) | `null` |
### Subnets
See [Network layout](./diagrams.md#network-layout) for the default subnet split used by the module.
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `subnets` | Configuration for standard subnets (bastion, operator, cp, int_lb, pub_lb, workers, pods). Each entry supports `create`, `id`, `cidr`, `netnum`, `newbits`, `display_name`, `dns_label`, and `ipv6_cidr`. | map(object) | Module-defined defaults for all standard subnets |
Example with automatic subnet creation:
```hcl
subnets = {
bastion = { newbits = 13 }
operator = { newbits = 13 }
cp = { newbits = 13 }
int_lb = { newbits = 11 }
pub_lb = { newbits = 11 }
workers = { newbits = 4 }
pods = { newbits = 2 }
}
```
Example with explicit CIDRs:
```hcl
subnets = {
bastion = { cidr = "10.0.0.0/29" }
operator = { cidr = "10.0.0.64/29" }
cp = { cidr = "10.0.0.8/29" }
int_lb = { cidr = "10.0.0.32/27" }
pub_lb = { cidr = "10.0.128.0/27" }
workers = { cidr = "10.0.144.0/20" }
pods = { cidr = "10.0.64.0/18" }
}
```
Example with existing subnets:
```hcl
subnets = {
operator = { id = "ocid1.subnet..." }
cp = { id = "ocid1.subnet..." }
workers = { id = "ocid1.subnet..." }
}
```
### Network Security Groups
See [Network layout](./diagrams.md#network-layout) for how the NSG-backed subnet boundaries fit together.
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `nsgs` | Configuration for NSGs (bastion, operator, cp, int_lb, pub_lb, workers, pods, optional `fss`). Each entry supports `create` and `id`. | map(object) | Module-defined defaults for standard NSGs |
| `allow_node_port_access` | Allow NodePort access to load balancers. | `true` / `false` | `false` |
| `allow_worker_internet_access` | Allow worker nodes outbound internet access. | `true` / `false` | `true` |
| `allow_pod_internet_access` | Allow pod outbound internet access. | `true` / `false` | `true` |
| `allow_worker_ssh_access` | Allow SSH access to worker nodes. | `true` / `false` | `false` |
| `allow_bastion_cluster_access` | Allow bastion to cluster endpoint access. | `true` / `false` | `false` |
| `allow_rules_cp` | Additional NSG rules for the control plane. | map(any) | `{}` |
| `allow_rules_internal_lb` | Additional NSG rules for internal load balancers. | map(any) | `{}` |
| `allow_rules_pods` | Additional NSG rules for pods. | map(any) | `{}` |
| `allow_rules_public_lb` | Additional NSG rules for public load balancers. | map(any) | `{}` |
| `allow_rules_workers` | Additional NSG rules for workers. | map(any) | `{}` |
| `control_plane_allowed_cidrs` | CIDR blocks allowed to access the control plane. | list(string) | `[]` |
| `enable_waf` | Enable WAF monitoring for load balancers. | `true` / `false` | `false` |
| `use_stateless_rules` | Use stateless NSG rules instead of stateful. | `true` / `false` | `false` |
Additional NSG rule example:
```hcl
allow_rules_workers = {
"Allow TCP 8080 from VCN" = {
protocol = 6, port = 8080, source = "10.0.0.0/16", source_type = "CIDR_BLOCK",
},
}
```
## Cluster
Relevant diagrams:
- [Public control plane topology](./diagrams.md#public-control-plane-topology)
- [Private control plane topology](./diagrams.md#private-control-plane-topology)
- [OIDC discovery flow](./diagrams.md#oidc-discovery-flow)
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `create_cluster` | Whether to create an OKE cluster. | `true` / `false` | `true` |
| `cluster_name` | Name of the OKE cluster. | string | `"oke"` |
| `cluster_type` | Cluster type. Enhanced clusters support additional features like virtual node pools and workload identity. | `"basic"` / `"enhanced"` | `"basic"` |
| `control_plane_is_public` | Whether the control plane has a public IP. | `true` / `false` | `false` |
| `assign_public_ip_to_control_plane` | Assign a public IP to the API endpoint. | `true` / `false` | `false` |
| `control_plane_nsg_ids` | Additional NSG IDs for the cluster endpoint. | set(string) | `[]` |
| `backend_nsg_ids` | Additional NSG IDs for load balancer backends. Workers and pods NSGs are always included. | set(string) | `[]` |
| `cni_type` | Container Network Interface type. | `"flannel"` / `"npn"` | `"flannel"` |
| `enable_ipv6` | Create a dual-stack (IPv4 and IPv6) cluster. | `true` / `false` | `false` |
| `oke_ip_families` | Override the `ip_families` cluster attribute. | list(string) | `[]` |
| `pods_cidr` | CIDR range for Kubernetes pods. Must not overlap with VCN, worker, or LB subnets. | CIDR string | `"10.244.0.0/16"` |
| `services_cidr` | CIDR range for Kubernetes services. Must not overlap with the VCN CIDR. | CIDR string | `"10.96.0.0/16"` |
| `kubernetes_version` | Kubernetes version for the cluster. | string (e.g. `"v1.34.2"`) | `"v1.34.2"` |
| `cluster_kms_key_id` | KMS key OCID for Kubernetes secrets encryption. | OCID string | `""` |
| `use_signed_images` | Enforce that only signed container images can be deployed. | `true` / `false` | `false` |
| `image_signing_keys` | KMS key IDs used to verify signed images. | set(string) | `[]` |
| `load_balancers` | Type of subnets created for load balancers. | `"public"` / `"internal"` / `"both"` | `"both"` |
| `preferred_load_balancer` | Preferred load balancer subnet type. | `"public"` / `"internal"` | `"public"` |
| `oidc_discovery_enabled` | Enable OIDC discovery for third-party token validation. Requires enhanced cluster. | `true` / `false` | `false` |
| `oidc_token_auth_enabled` | Enable OIDC token authentication via API server flags. Requires enhanced cluster. | `true` / `false` | `false` |
| `oidc_token_authentication_config` | OIDC token authentication configuration (client_id, issuer_url, username_claim, required_claims). | any | `{}` |
Basic cluster example:
```hcl
cluster_name = "oke-example"
kubernetes_version = "v1.34.2"
```
Enhanced cluster example:
```hcl
cluster_name = "oke"
cluster_type = "enhanced"
cni_type = "flannel"
kubernetes_version = "v1.34.2"
assign_public_ip_to_control_plane = true
```
OIDC authentication example for GitHub Actions:
```hcl
cluster_type = "enhanced"
oidc_token_auth_enabled = true
oidc_token_authentication_config = {
client_id = "oke-kubernetes-cluster"
issuer_url = "https://token.actions.githubusercontent.com"
username_claim = "sub"
required_claims = [
{ key = "repository", value = "GITHUB_ACCOUNT/GITHUB_REPOSITORY" },
{ key = "workflow", value = "oke-oidc" },
{ key = "ref", value = "refs/heads/main" },
]
}
```
## Cluster Add-ons
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `cluster_addons` | Map of cluster addons to enable. Each addon supports `remove_addon_resources_on_delete`, `override_existing`, and `configurations`. | any | `{}` |
| `cluster_addons_to_remove` | Map of cluster addons to remove. Each entry supports `remove_k8s_resources`. | any | `{}` |
Example:
```hcl
cluster_addons = {
"CertManager" = {
remove_addon_resources_on_delete = true
override_existing = true
configurations = [
{ key = "numOfReplicas", value = "1" }
]
}
"NvidiaGpuPlugin" = {
remove_addon_resources_on_delete = true
}
}
cluster_addons_to_remove = {
Flannel = { remove_k8s_resources = true }
}
```
## Workers
Relevant diagrams:
- [Public workers topology](./diagrams.md#public-workers-topology)
- [Private workers topology](./diagrams.md#private-workers-topology)
### Default Pool Configuration
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `cluster_id` | Existing OKE cluster OCID. Required when `create_cluster = false`. | OCID string | `null` |
| `cluster_ca_cert` | Base64+PEM-encoded cluster CA certificate. Required when `create_cluster = false`. | string | `null` |
| `cluster_dns` | Cluster DNS resolver IP address. Required when `create_cluster = false`. | string | `null` |
| `worker_pools` | Map of worker pool definitions. Key is the pool name, value is the pool configuration. | any | `{}` |
| `worker_pool_mode` | Default management mode for worker pools. | `"node-pool"` / `"virtual-node-pool"` / `"instance"` / `"instance-pool"` / `"cluster-network"` / `"compute-cluster"` | `"node-pool"` |
| `worker_pool_size` | Default size for worker pools. | number | `0` |
| `worker_compute_clusters` | Shared compute cluster definitions for use by multiple pools. | map(any) | `{}` |
### Worker Pool Defaults
These parameters set defaults for all worker pools. Individual pools can override these.
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `worker_is_public` | Provision workers with public IPs. | `true` / `false` | `false` |
| `worker_nsg_ids` | Additional NSG IDs for all worker nodes. | list(string) | `[]` |
| `pod_nsg_ids` | Additional NSG IDs for pods (NPN CNI). | list(string) | `[]` |
| `kubeproxy_mode` | Kube-proxy mode. | `"iptables"` / `"ipvs"` | `"iptables"` |
| `worker_block_volume_type` | Block volume attachment type for self-managed workers. | `"paravirtualized"` / `"iscsi"` | `"paravirtualized"` |
| `worker_node_labels` | Default Kubernetes node labels. | map(string) | `{}` |
| `worker_node_metadata` | Additional worker node metadata. | map(string) | `{}` |
| `worker_image_id` | Default image OCID for worker pools. | OCID string | `null` |
| `worker_image_type` | Default image type. `"oke"` uses OKE Oracle Linux images. | `"oke"` / `"custom"` / `"platform"` | `"oke"` |
| `worker_image_os` | Default OS for platform/OKE images. | string | `"Oracle Linux"` |
| `worker_image_os_version` | Default OS version for platform/OKE images. | string | `"8"` |
| `worker_shape` | Default shape for worker instances. | map(any) | `{shape = "VM.Standard.E4.Flex", ocpus = 2, memory = 16, boot_volume_size = 50, boot_volume_vpus_per_gb = 10}` |
| `worker_capacity_reservation_id` | Capacity reservation OCID for worker instances. | OCID string | `null` |
| `worker_preemptible_config` | Preemptible compute configuration. | map(any) | `{}` |
| `worker_cloud_init` | Default cloud-init MIME parts for all pools. | list(map(string)) | `[]` |
| `worker_disable_default_cloud_init` | Disable the default OKE cloud-init. | `true` / `false` | `false` |
| `worker_volume_kms_key_id` | KMS key OCID for boot volume encryption. | OCID string | `null` |
| `worker_pv_transit_encryption` | Enable in-transit encryption for paravirtualized volumes. | `true` / `false` | `false` |
| `worker_legacy_imds_endpoints_disabled` | Disable IMDSv1 endpoint on workers. | `true` / `false` | `false` |
| `max_pods_per_node` | Maximum pods per node (1-110). Only applies with NPN CNI. | number | `31` |
| `platform_config` | Platform configuration for self-managed pools (shielded instances). | object | `null` |
| `agent_config` | Management agent configuration for self-managed pools. | object | `null` |
| `allow_short_container_image_names` | Allow short container image names without full registry path. Requires Kubernetes >= 1.34.0. | `true` / `false` | `false` |
### Worker Pool Entry Configuration
Each entry in the `worker_pools` map supports the following attributes:
| Attribute | Description | Values |
|-----------|-------------|--------|
| `mode` | Worker management mode. Overrides `worker_pool_mode`. | `"node-pool"` / `"virtual-node-pool"` / `"instance"` / `"instance-pool"` / `"cluster-network"` / `"compute-cluster"` |
| `size` | Number of nodes in the pool. | number |
| `shape` | Instance shape name. | string |
| `ocpus` | Number of OCPUs (Flex shapes). | number |
| `memory` | Memory in GB (Flex shapes). | number |
| `boot_volume_size` | Boot volume size in GB. | number |
| `boot_volume_vpus_per_gb` | Boot volume performance (10/20/30-120). Self-managed modes only. | number |
| `description` | Pool description. | string |
| `create` | Whether to create this pool. | `true` / `false` |
| `image_type` | Image type for this pool. | `"oke"` / `"custom"` / `"platform"` |
| `image_id` | Custom image OCID. | OCID string |
| `os` | OS name. | string |
| `os_version` | OS version. | string |
| `node_labels` | Kubernetes node labels. | map(string) |
| `subnet_id` | Custom subnet OCID for this pool. | OCID string |
| `pod_subnet_id` | Custom pod subnet OCID (NPN CNI). | OCID string |
| `nsg_ids` | Additional NSG IDs for this pool. | list(string) |
| `pod_nsg_ids` | Additional pod NSG IDs for this pool (NPN CNI). | list(string) |
| `assign_public_ip` | Assign a public IP to nodes. | `true` / `false` |
| `cloud_init` | Pool-specific cloud-init MIME parts. | list(map(string)) |
| `secondary_vnics` | Secondary VNIC configurations. | map(any) |
| `autoscale` | Enable cluster autoscaler for this pool. | `true` / `false` |
| `min_size` | Minimum pool size for autoscaling. | number |
| `max_size` | Maximum pool size for autoscaling. | number |
| `allow_autoscaler` | Allow cluster autoscaler to manage this pool. | `true` / `false` |
| `ignore_initial_pool_size` | Ignore initial pool size when autoscaling. | `true` / `false` |
| `drain` | Mark pool for draining (disables scheduling, drains through operator). | `true` / `false` |
| `placement_ads` | List of AD numbers for placement. | list(number) |
| `compute_cluster` | Name of a shared compute cluster (compute-cluster mode). | string |
| `instance_ids` | Instance IDs in compute cluster. | list(string) |
| `platform_config` | Platform configuration (shielded instances). | object |
| `agent_config` | Management agent configuration. | object |
| `burst` | CPU bursting configuration for Flex shapes. | `"BASELINE_1_8"` / `"BASELINE_1_2"` |
| `node_cycling_enabled` | Enable node cycling for updates. | `true` / `false` |
| `node_cycling_max_surge` | Max surge during cycling (percentage or number). | string |
| `node_cycling_max_unavailable` | Max unavailable during cycling. | number |
| `node_cycling_mode` | Cycling mode. | `["instance"]` / `["boot_volume"]` |
| `eviction_grace_duration` | Grace duration for eviction in seconds. | number |
| `is_force_delete_after_grace_duration` | Force delete after grace duration. | `true` / `false` |
Basic node pool example:
```hcl
worker_pool_mode = "node-pool"
worker_pool_size = 1
worker_pools = {
oke-vm-standard = {}
oke-vm-standard-large = {
size = 1
shape = "VM.Standard.E4.Flex"
ocpus = 8
memory = 128
boot_volume_size = 200
}
}
```
Autoscaled node pool example:
```hcl
worker_pools = {
np-autoscaled = {
size = 2
min_size = 1
max_size = 3
autoscale = true
ignore_initial_pool_size = true
}
}
```
Cluster network (HPC/GPU) example:
```hcl
worker_pools = {
oke-bm-gpu-rdma = {
mode = "cluster-network"
size = 1
shape = "BM.GPU.B4.8"
placement_ads = [1]
image_id = "ocid1.image..."
secondary_vnics = {
"vnic-display-name" = {
nic_index = 1
subnet_id = "ocid1.subnet..."
}
}
}
}
```
## Bastion
The bastion instance provides a public SSH entrypoint into the VCN.
See [Bastion access layout](./diagrams.md#bastion-access-layout) for the administrative access path.
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `create_bastion` | Whether to create a bastion host. | `true` / `false` | `true` |
| `bastion_public_ip` | IP address of an existing bastion. Ignored when `create_bastion = true`. | string | `null` |
| `bastion_allowed_cidrs` | List of CIDR blocks allowed SSH access to the bastion. Set to `["0.0.0.0/0"]` to allow from anywhere. | list(string) | `[]` |
| `bastion_availability_domain` | Availability domain number for the bastion. Defaults to first available. | string | `null` |
| `bastion_nsg_ids` | Additional NSG IDs for the bastion. Combined with the created NSG. | list(string) | `[]` |
| `bastion_user` | SSH user for the bastion host. | string | `"opc"` |
| `bastion_image_id` | Custom image OCID for the bastion. Ignored when `bastion_image_type = "platform"`. | OCID string | `null` |
| `bastion_image_type` | Image type for the bastion. | `"platform"` / `"custom"` | `"platform"` |
| `bastion_image_os` | Platform image OS name. | string | `"Oracle Autonomous Linux"` |
| `bastion_image_os_version` | Platform image OS version. | string | `"8"` |
| `bastion_shape` | Shape of the bastion instance. | map(any) | `{shape = "VM.Standard.E4.Flex", ocpus = 1, memory = 4, boot_volume_size = 50, baseline_ocpu_utilization = 100}` |
| `bastion_is_public` | Whether the bastion is provisioned with a public IP. | `true` / `false` | `true` |
| `bastion_upgrade` | Whether to upgrade bastion packages after provisioning. | `true` / `false` | `false` |
| `bastion_await_cloudinit` | Block Terraform until cloud-init completes on the bastion. | `true` / `false` | `true` |
| `bastion_volume_kms_key_id` | KMS key OCID for bastion boot volume encryption. | OCID string | `null` |
| `bastion_legacy_imds_endpoints_disabled` | Disable IMDSv1 endpoint on the bastion. | `true` / `false` | `true` |
Example:
```hcl
create_bastion = true
bastion_allowed_cidrs = ["0.0.0.0/0"]
bastion_image_type = "platform"
bastion_upgrade = false
bastion_user = "opc"
bastion_shape = {
shape = "VM.Standard.E4.Flex"
ocpus = 1
memory = 4
boot_volume_size = 50
baseline_ocpu_utilization = 100
}
```
## Operator
The operator instance provides an environment within the VCN from which the OKE cluster can be managed. It comes pre-installed with kubectl, Helm, and optional tools.
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `create_operator` | Whether to create an operator host. | `true` / `false` | `true` |
| `operator_availability_domain` | Availability domain for the operator. Defaults to first available. | string | `null` |
| `operator_cloud_init` | Cloud-init MIME parts for custom operator initialization. | list(map(string)) | `[]` |
| `operator_nsg_ids` | Additional NSG IDs for the operator. | list(string) | `[]` |
| `operator_user` | SSH user for the operator host. | string | `"opc"` |
| `operator_image_id` | Custom image OCID for the operator. Ignored when `operator_image_type = "platform"`. | OCID string | `null` |
| `operator_image_os` | Platform image OS name. | string | `"Oracle Linux"` |
| `operator_image_os_version` | Platform image OS version. | string | `"8"` |
| `operator_image_type` | Image type for the operator. | `"platform"` / `"custom"` | `"platform"` |
| `operator_install_helm` | Whether to install Helm on the operator. | `true` / `false` | `true` |
| `operator_install_helm_from_repo` | Install Helm from the package repository. | `true` / `false` | `false` |
| `operator_install_oci_cli_from_repo` | Install OCI CLI from the package repository. | `true` / `false` | `false` |
| `operator_install_istioctl` | Whether to install istioctl on the operator. | `true` / `false` | `false` |
| `operator_install_k8sgpt` | Whether to install k8sgpt on the operator. | `true` / `false` | `false` |
| `operator_install_k9s` | Whether to install k9s on the operator. | `true` / `false` | `false` |
| `operator_install_kubectl_from_repo` | Install kubectl from the package repository. | `true` / `false` | `true` |
| `operator_install_kubectx` | Whether to install kubectx/kubens on the operator. | `true` / `false` | `true` |
| `operator_install_stern` | Whether to install stern on the operator. | `true` / `false` | `false` |
| `operator_shape` | Shape of the operator instance. | map(any) | `{shape = "VM.Standard.E4.Flex", ocpus = 1, memory = 4, boot_volume_size = 50, baseline_ocpu_utilization = 100}` |
| `operator_volume_kms_key_id` | KMS key OCID for operator boot volume encryption. | OCID string | `null` |
| `operator_pv_transit_encryption` | Enable in-transit encryption for paravirtualized volumes. | `true` / `false` | `false` |
| `operator_upgrade` | Whether to upgrade operator packages after provisioning. | `true` / `false` | `false` |
| `operator_private_ip` | IP address of an existing operator. Ignored when `create_operator = true`. | string | `null` |
| `operator_await_cloudinit` | Block Terraform until cloud-init completes on the operator. | `true` / `false` | `true` |
| `operator_legacy_imds_endpoints_disabled` | Disable IMDSv1 endpoint on the operator. | `true` / `false` | `true` |
Example with cloud-init:
```hcl
create_operator = true
operator_upgrade = false
operator_user = "opc"
operator_cloud_init = [
{
content = <<-EOT
runcmd:
- echo "Operator cloud_init using cloud-config"
EOT
content_type = "text/cloud-config"
}
]
operator_shape = {
shape = "VM.Standard.E4.Flex"
ocpus = 1
memory = 4
boot_volume_size = 50
baseline_ocpu_utilization = 100
}
```
## Extensions
### Cilium
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `cilium_install` | Whether to install Cilium. | `true` / `false` | `false` |
| `cilium_reapply` | Reapply Cilium Helm release on every Terraform apply. | `true` / `false` | `false` |
| `cilium_namespace` | Kubernetes namespace for Cilium. | string | `"kube-system"` |
| `cilium_helm_version` | Cilium Helm chart version. | string | `"1.16.3"` |
| `cilium_helm_values` | Helm values for Cilium. | any | `{}` |
| `cilium_helm_values_files` | List of Helm values files for Cilium. | list(string) | `[]` |
### Multus
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `multus_install` | Whether to install Multus CNI. | `true` / `false` | `false` |
| `multus_namespace` | Kubernetes namespace for Multus. | string | `"network"` |
| `multus_daemonset_url` | URL to the Multus daemonset manifest. Determined automatically by default. | string | `null` |
| `multus_version` | Multus version. | string | `"3.9.3"` |
### SR-IOV Device Plugin
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `sriov_device_plugin_install` | Whether to install the SR-IOV device plugin. | `true` / `false` | `false` |
| `sriov_device_plugin_namespace` | Kubernetes namespace. | string | `"network"` |
| `sriov_device_plugin_daemonset_url` | URL to the daemonset manifest. Determined automatically by default. | string | `null` |
| `sriov_device_plugin_version` | SR-IOV device plugin version. | string | `"master"` |
### SR-IOV CNI Plugin
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `sriov_cni_plugin_install` | Whether to install the SR-IOV CNI plugin. | `true` / `false` | `false` |
| `sriov_cni_plugin_namespace` | Kubernetes namespace. | string | `"network"` |
| `sriov_cni_plugin_daemonset_url` | URL to the daemonset manifest. Determined automatically by default. | string | `null` |
| `sriov_cni_plugin_version` | SR-IOV CNI plugin version. | string | `"master"` |
### RDMA CNI Plugin
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `rdma_cni_plugin_install` | Whether to install the RDMA CNI plugin. | `true` / `false` | `false` |
| `rdma_cni_plugin_namespace` | Kubernetes namespace. | string | `"network"` |
| `rdma_cni_plugin_daemonset_url` | URL to the daemonset manifest. Determined automatically by default. | string | `null` |
| `rdma_cni_plugin_version` | RDMA CNI plugin version. | string | `"master"` |
### Whereabouts
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `whereabouts_install` | Whether to install Whereabouts IPAM. | `true` / `false` | `false` |
| `whereabouts_namespace` | Kubernetes namespace. | string | `"default"` |
| `whereabouts_daemonset_url` | URL to the daemonset manifest. Determined automatically by default. | string | `null` |
| `whereabouts_version` | Whereabouts version. | string | `"master"` |
### Metrics Server
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `metrics_server_install` | Whether to install Metrics Server. | `true` / `false` | `false` |
| `metrics_server_namespace` | Kubernetes namespace. | string | `"metrics"` |
| `metrics_server_helm_version` | Helm chart version. | string | `"3.8.3"` |
| `metrics_server_helm_values` | Helm values. | map(string) | `{}` |
| `metrics_server_helm_values_files` | List of Helm values files. | list(string) | `[]` |
### Cluster Autoscaler
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `cluster_autoscaler_install` | Whether to install the standalone Cluster Autoscaler. | `true` / `false` | `false` |
| `cluster_autoscaler_namespace` | Kubernetes namespace. | string | `"kube-system"` |
| `cluster_autoscaler_helm_version` | Helm chart version. | string | `"9.24.0"` |
| `cluster_autoscaler_helm_values` | Helm values. | map(string) | `{}` |
| `cluster_autoscaler_helm_values_files` | List of Helm values files. | list(string) | `[]` |
### Prometheus
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `prometheus_install` | Whether to install Prometheus. | `true` / `false` | `false` |
| `prometheus_reapply` | Reapply Prometheus Helm release on every apply. | `true` / `false` | `false` |
| `prometheus_namespace` | Kubernetes namespace. | string | `"metrics"` |
| `prometheus_helm_version` | Helm chart version. | string | `"45.2.0"` |
| `prometheus_helm_values` | Helm values. | map(string) | `{}` |
| `prometheus_helm_values_files` | List of Helm values files. | list(string) | `[]` |
### DCGM Exporter
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `dcgm_exporter_install` | Whether to install the DCGM Exporter for GPU metrics. | `true` / `false` | `false` |
| `dcgm_exporter_reapply` | Reapply DCGM Exporter Helm release on every apply. | `true` / `false` | `false` |
| `dcgm_exporter_namespace` | Kubernetes namespace. | string | `"metrics"` |
| `dcgm_exporter_helm_version` | Helm chart version. | string | `"3.1.5"` |
| `dcgm_exporter_helm_values` | Helm values. | map(string) | `{}` |
| `dcgm_exporter_helm_values_files` | List of Helm values files. | list(string) | `[]` |
### Gatekeeper
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `gatekeeper_install` | Whether to install Gatekeeper (OPA). | `true` / `false` | `false` |
| `gatekeeper_namespace` | Kubernetes namespace. | string | `"kube-system"` |
| `gatekeeper_helm_version` | Helm chart version. | string | `"3.11.0"` |
| `gatekeeper_helm_values` | Helm values. | map(string) | `{}` |
| `gatekeeper_helm_values_files` | List of Helm values files. | list(string) | `[]` |
### MPI Operator
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `mpi_operator_install` | Whether to install the MPI Operator. | `true` / `false` | `false` |
| `mpi_operator_namespace` | Kubernetes namespace. | string | `"default"` |
| `mpi_operator_deployment_url` | URL to the deployment manifest. Determined automatically by default. | string | `null` |
| `mpi_operator_version` | MPI Operator version. | string | `"0.4.0"` |
### ArgoCD
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `argocd_install` | Whether to install ArgoCD. | `true` / `false` | `false` |
| `argocd_namespace` | Kubernetes namespace. | string | `"argocd"` |
| `argocd_helm_version` | Helm chart version. | string | `"8.1.2"` |
| `argocd_helm_values` | Helm values. | map(string) | `{}` |
| `argocd_helm_values_files` | List of Helm values files. | list(string) | `[]` |
### Service Accounts
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `create_service_account` | Whether to create Kubernetes service accounts with RBAC. | `true` / `false` | `false` |
| `service_accounts` | Map of service account definitions. Each supports `sa_name`, `sa_namespace`, `sa_cluster_role`, `sa_cluster_role_binding`, `sa_role`, `sa_role_binding`. | map(any) | Seeded with a default `kubeconfigsa` entry |
Example:
```hcl
create_service_account = true
service_accounts = {
example_cluster_role_binding = {
sa_name = "sa1"
sa_namespace = "kube-system"
sa_cluster_role = "cluster-admin"
sa_cluster_role_binding = "sa1-crb"
}
}
```
## Utilities
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `await_node_readiness` | Block Terraform until nodes are ready. | `"none"` / `"one"` / `"all"` | `"none"` |
| `ocir_email_address` | Email address for OCIR secret. | string | `null` |
| `ocir_secret_id` | OCIR secret OCID from OCI Vault. | OCID string | `null` |
| `ocir_secret_name` | Name of the Kubernetes Docker registry secret. | string | `"ocirsecret"` |
| `ocir_secret_namespace` | Kubernetes namespace for the OCIR secret. | string | `"default"` |
| `ocir_username` | Username for OCIR secret access. | string | `null` |
| `worker_drain_ignore_daemonsets` | Ignore DaemonSet pods when draining workers. | `true` / `false` | `true` |
| `worker_drain_delete_local_data` | Delete local data when draining workers. | `true` / `false` | `true` |
| `worker_drain_timeout_seconds` | Timeout for worker draining in seconds. | number | `900` |
## Tagging
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `freeform_tags` | Freeform tags applied to all resources. | any | `{access = "private", environment = "dev", role = "oke", version = "5"}` |
| `defined_tags` | Defined tags applied to all resources. Requires `use_defined_tags = true`. | any | `{}` |
| `bastion_defined_tags` | Defined tags for bastion resources only. | any | `{}` |
| `bastion_freeform_tags` | Freeform tags for bastion resources only. | any | `{}` |
| `cluster_defined_tags` | Defined tags for cluster resources only. | any | `{}` |
| `cluster_freeform_tags` | Freeform tags for cluster resources only. | any | `{}` |
| `iam_defined_tags` | Defined tags for IAM resources only. | any | `{}` |
| `iam_freeform_tags` | Freeform tags for IAM resources only. | any | `{}` |
| `network_defined_tags` | Defined tags for network resources only. | any | `{}` |
| `network_freeform_tags` | Freeform tags for network resources only. | any | `{}` |
| `operator_defined_tags` | Defined tags for operator resources only. | any | `{}` |
| `operator_freeform_tags` | Freeform tags for operator resources only. | any | `{}` |
| `persistent_volume_defined_tags` | Defined tags for persistent volume resources only. | any | `{}` |
| `persistent_volume_freeform_tags` | Freeform tags for persistent volume resources only. | any | `{}` |
| `service_lb_defined_tags` | Defined tags for service load balancer resources only. | any | `{}` |
| `service_lb_freeform_tags` | Freeform tags for service load balancer resources only. | any | `{}` |
| `workers_defined_tags` | Defined tags for worker resources only. | any | `{}` |
| `workers_freeform_tags` | Freeform tags for worker resources only. | any | `{}` |
## Validation Rules
- `compartment_id` is required.
- Either `ssh_public_key` or `ssh_public_key_path` must be provided when creating bastion or operator.
- `bastion_image_type = "custom"` requires `bastion_image_id`.
- `operator_image_type = "custom"` requires `operator_image_id`.
- `cni_type = "npn"` requires `cluster_type = "enhanced"`.
- `oidc_discovery_enabled = true` requires `cluster_type = "enhanced"`.
- `oidc_token_auth_enabled = true` requires `cluster_type = "enhanced"`.
- `worker_pool_mode = "node-pool"` is the only mode that supports OKE-managed node pools.
- `worker_pool_mode = "cluster-network"` or `"instance-pool"` or `"instance"` are self-managed modes.
- Pods CIDR must not overlap with VCN, worker, or load balancer subnets.
- Services CIDR must not overlap with the VCN CIDR.
## Outputs
| Output | Description |
|--------|-------------|
| `state_id` | Generated state identifier. |
| `cluster_id` | OKE cluster OCID. |
| `cluster_endpoints` | Cluster endpoints (public and private). |
| `cluster_oidc_discovery_endpoint` | OIDC discovery endpoint URL. |
| `cluster_kubeconfig` | Kubernetes kubeconfig YAML (requires `output_detail = true`). |
| `cluster_ca_cert` | Base64-encoded cluster CA certificate. |
| `apiserver_private_host` | Private API server hostname. |
| `bastion_id` | Bastion instance OCID. |
| `bastion_public_ip` | Bastion public IP address. |
| `ssh_to_bastion` | SSH command to connect to the bastion. |
| `operator_id` | Operator instance OCID. |
| `operator_private_ip` | Operator private IP address. |
| `ssh_to_operator` | SSH command to connect to the operator (via bastion). |
| `vcn_id` | VCN OCID. |
| `ig_route_table_id` | Internet gateway route table OCID. |
| `nat_route_table_id` | NAT gateway route table OCID. |
| `drg_id` | Dynamic Routing Gateway OCID (when created). |
| `lpg_all_attributes` | Local Peering Gateway attributes. |
| `bastion_subnet_id` | Bastion subnet OCID. |
| `bastion_subnet_cidr` | Bastion subnet CIDR. |
| `operator_subnet_id` | Operator subnet OCID. |
| `operator_subnet_cidr` | Operator subnet CIDR. |
| `control_plane_subnet_id` | Control plane subnet OCID. |
| `control_plane_subnet_cidr` | Control plane subnet CIDR. |
| `worker_subnet_id` | Worker subnet OCID. |
| `worker_subnet_cidr` | Worker subnet CIDR. |
| `pod_subnet_id` | Pod subnet OCID. |
| `pod_subnet_cidr` | Pod subnet CIDR. |
| `int_lb_subnet_id` | Internal load balancer subnet OCID. |
| `int_lb_subnet_cidr` | Internal load balancer subnet CIDR. |
| `pub_lb_subnet_id` | Public load balancer subnet OCID. |
| `pub_lb_subnet_cidr` | Public load balancer subnet CIDR. |
| `fss_subnet_id` | FSS subnet OCID. |
| `fss_subnet_cidr` | FSS subnet CIDR. |
| `bastion_nsg_id` | Bastion NSG OCID. |
| `operator_nsg_id` | Operator NSG OCID. |
| `control_plane_nsg_id` | Control plane NSG OCID. |
| `int_lb_nsg_id` | Internal load balancer NSG OCID. |
| `pub_lb_nsg_id` | Public load balancer NSG OCID. |
| `worker_nsg_id` | Worker NSG OCID. |
| `pod_nsg_id` | Pod NSG OCID. |
| `fss_nsg_id` | FSS NSG OCID. |
| `network_security_rules` | Map of all NSG security rules (requires `output_detail = true`). |
| `availability_domains` | Map of availability domains. |
| `dynamic_group_ids` | IAM dynamic group OCIDs. |
| `policy_statements` | IAM policy statements. |
| `worker_pools` | Worker pool details. |
| `worker_instances` | Worker instance details. |
| `worker_pool_ids` | Worker pool OCIDs. |
| `worker_pool_ips` | Worker pool IP addresses. |
================================================
FILE: examples/bastion/README.md
================================================
# Bastion Example
Enables the bastion host with a public IP for SSH access into the VCN.
## Usage
Copy `vars-bastion.auto.tfvars` to your root module and adjust the values as needed.
================================================
FILE: examples/cluster/README.md
================================================
# Cluster Examples
Example configurations for OKE cluster creation:
| File | Description |
|------|-------------|
| `vars-cluster-basic.auto.tfvars` | Basic cluster with default settings |
| `vars-cluster-enhanced.auto.tfvars` | Enhanced cluster with additional features |
| `vars-cluster-oidc-discovery.auto.tfvars` | Cluster with OIDC discovery enabled |
| `vars-cluster-oidc-auth-single.auto.tfvars` | Cluster with single OIDC token authentication |
| `vars-cluster-oidc-auth-multiple.auto.tfvars` | Cluster with multiple OIDC token authentication configurations |
## Usage
Copy the desired `.auto.tfvars` file(s) to your root module and adjust the values as needed.
================================================
FILE: examples/cluster-addons/README.md
================================================
# Cluster Add-ons Example
Example configuration for enabling and configuring OKE cluster add-ons such as CertManager and NvidiaGpuPlugin.
## Usage
Copy `vars-cluster-addons.auto.tfvars` to your root module and adjust the values as needed.
================================================
FILE: examples/extensions/README.md
================================================
# Extension Examples
Example configurations for deploying Kubernetes extensions:
| File | Extension | Description |
|------|-----------|-------------|
| `vars-extensions-argocd.auto.tfvars` | ArgoCD | GitOps continuous delivery |
| `vars-extensions-cilium.auto.tfvars` | Cilium | eBPF-based networking and security |
| `vars-extensions-cluster-autoscaler.auto.tfvars` | Cluster Autoscaler | Automatic node pool scaling |
| `vars-extensions-dcgm-exporter.auto.tfvars` | DCGM Exporter | GPU metrics for NVIDIA GPUs |
| `vars-extensions-gatekeeper.auto.tfvars` | Gatekeeper | OPA policy enforcement |
| `vars-extensions-metrics-server.auto.tfvars` | Metrics Server | Kubernetes metrics API |
| `vars-extensions-mpi-operator.auto.tfvars` | MPI Operator | MPI/NCCL distributed training jobs |
| `vars-extensions-multus.auto.tfvars` | Multus | Multi-network pod interfaces |
| `vars-extensions-prometheus.auto.tfvars` | Prometheus | Monitoring and alerting |
| `vars-extensions-rdma-cni.auto.tfvars` | RDMA CNI | RDMA network connections |
| `vars-extensions-service-account.auto.tfvars` | Service Accounts | Kubernetes service accounts with RBAC |
| `vars-extensions-sriov-cni.auto.tfvars` | SR-IOV CNI | SR-IOV network connections |
| `vars-extensions-sriov-device.auto.tfvars` | SR-IOV Device Plugin | SR-IOV network device advertisement |
| `vars-extensions-whereabouts.auto.tfvars` | Whereabouts | IP address management for Multus |
## Usage
Copy the desired `.auto.tfvars` file(s) to your root module and adjust the values as needed.
================================================
FILE: examples/iam/README.md
================================================
# IAM Examples
Example configurations for IAM resources:
| File | Description |
|------|-------------|
| `vars-iam-policies.auto.tfvars` | IAM dynamic groups and policies |
| `vars-iam-tags.auto.tfvars` | IAM tag namespaces and defined tags |
## Usage
Copy the desired `.auto.tfvars` file(s) to your root module and adjust the values as needed.
================================================
FILE: examples/istio-mc/README.md
================================================
# Multi-region service mesh with Istio and OKE
## Assumptions
1. A pair of OKE clusters in 2 different OCI regions will be used.
2. The OKE clusters will use private control planes.
3. The topology model used is [Multi-Primary on different networks](https://istio.io/latest/docs/setup/install/multicluster/multi-primary_multi-network/).
4. This example uses self-signed certificates.
## Create the OKE Clusters
1. Copy the terraform.tfvars.example to terraform.tfvars and provide the necessary values as detailed in steps 2-6.
2. Configure the provider parameters:
```
# provider
api_fingerprint = ""
api_private_key_path = "~/.oci/oci_rsa.pem"
home_region = "ashburn"
tenancy_id = "ocid1.tenancy.oc1.."
user_id = "ocid1.user.oc1.."
compartment_id = "ocid1.compartment.oc1.."
```
3. Configure an ssh key pair:
```
# ssh
ssh_private_key_path = "~/.ssh/id_rsa"
ssh_public_key_path = "~/.ssh/id_rsa.pub"
```
4. Configure your clusters' regions.
```
# clusters
clusters = {
c1 = { region = "sydney", vcn = "10.1.0.0/16", pods = "10.201.0.0/16", services = "10.101.0.0/16", enabled = true }
c2 = { region = "melbourne", vcn = "10.2.0.0/16", pods = "10.202.0.0/16", services = "10.102.0.0/16", enabled = true }
}
```
5. Configure additional parameters if necessary:
```
kubernetes_version = "v1.32.1"
cluster_type = "basic"
oke_control_plane = "private"
```
6. Configure your node pools:
```
nodepools = {
np1 = {
shape = "VM.Standard.E4.Flex",
ocpus = 2,
memory = 64,
size = 2,
boot_volume_size = 150,
}
}
```
7. Run terraform to create your clusters:
```
terraform apply --auto-approve
```
8. Once the Dynamic Routing Gateways (DRGs) and Remote Peering Connections (RPCs) have been created, use the OCI console to establish a connection between them.
## Install Istio
1. Terraform will output an ssh convenience command. Use it to ssh to the operator host:
```
ssh_to_operator = "ssh -o ProxyCommand='ssh -W %h:%p -i ~/.ssh/id_rsa opc@<bastion_ip>' -i ~/.ssh/id_rsa opc@<operator_ip>"
```
2. Verify connectivity to both clusters:
```
for cluster in c1 c2; do
ktx $cluster
k get nodes
done
```
3. Generate certs for each cluster:
```
export ISTIO_HOME=/home/opc/istio-1.20.2
cd $ISTIO_HOME/tools/certs
make -f Makefile.selfsigned.mk c1-cacerts
make -f Makefile.selfsigned.mk c2-cacerts
```
4. Create and label istio-system namespace in each cluster:
```
for cluster in c1 c2; do
ktx $cluster
k create ns istio-system
k label namespace istio-system topology.istio.io/network=$cluster
done
```
5. Create a secret containing the certificates in istio-system namespace for both clusters:
```
for cluster in c1 c2; do
ktx $cluster
kubectl create secret generic cacerts -n istio-system \
--from-file=$cluster/ca-cert.pem \
--from-file=$cluster/ca-key.pem \
--from-file=$cluster/root-cert.pem \
--from-file=$cluster/cert-chain.pem
done
```
6. Install Istio in both clusters:
```
for cluster in c1 c2; do
ktx $cluster
istioctl install --set profile=default -f $HOME/$cluster.yaml
done
```
7. Verify the Istio installation in both clusters:
```
for cluster in c1 c2; do
ktx $cluster
istioctl verify-install
done
```
8. Check if the load balancers have been properly provisioned:
```
for cluster in c1 c2; do
ktx $cluster
k -n istio-system get svc
done
```
9. Check if Istio pods are running:
```
for cluster in c1 c2; do
ktx $cluster
k -n istio-system get pods
done
```
10. Create an Gateway to expose all services through the eastwest ingress gateway:
```
cd $ISTIO_HOME
for cluster in c1 c2; do
ktx $cluster
k apply -f samples/multicluster/expose-services.yaml
done
```
11. Set the environment variables to verify multi-cluster connectivity:
```
export CTX_CLUSTER1=c1
export CTX_CLUSTER2=c2
```
12. Enable endpoint discovery in each cluster by creating a remote secret:
```
istioctl create-remote-secret \
--context="${CTX_CLUSTER1}" \
--name="${CTX_CLUSTER1}" | \
kubectl apply -f - --context="${CTX_CLUSTER2}"
istioctl create-remote-secret \
--context="${CTX_CLUSTER2}" \
--name="${CTX_CLUSTER2}" | \
kubectl apply -f - --context="${CTX_CLUSTER1}"
```
## Verify cross-cluster connectivity
1. Deploy the HelloWorld Service in both clusters:
```
for cluster in c1 c2; do
kubectl create --context="${cluster}" namespace sample
kubectl label --context="${cluster}" namespace sample istio-injection=enabled
kubectl apply --context="${cluster}" -f samples/helloworld/helloworld.yaml -l service=helloworld -n sample
done
```
2. Deploy v1 to cluster c1:
```
kubectl apply --context="${CTX_CLUSTER1}" \
-f samples/helloworld/helloworld.yaml \
-l version=v1 -n sample
kubectl get pod --context="${CTX_CLUSTER1}" -n sample -l app=helloworld
```
3. Deploy v2 to cluster c2:
```
kubectl apply --context="${CTX_CLUSTER2}" \
-f samples/helloworld/helloworld.yaml \
-l version=v2 -n sample
kubectl get pod --context="${CTX_CLUSTER2}" -n sample -l app=helloworld
```
4. Deploy Sleep client pod in both clusters:
```
kubectl apply --context="${CTX_CLUSTER1}" \
-f samples/sleep/sleep.yaml -n sample
kubectl apply --context="${CTX_CLUSTER2}" \
-f samples/sleep/sleep.yaml -n sample
```
5. Generate traffic from c1. The response should alternate between c1 (v1) and c2 (v2) regions:
```
for i in $(seq 1 100); do
kubectl exec --context="${CTX_CLUSTER1}" -n sample -c sleep \
"$(kubectl get pod --context="${CTX_CLUSTER1}" -n sample -l \
app=sleep -o jsonpath='{.items[0].metadata.name}')" \
-- curl -sS helloworld.sample:5000/hello
done
```
6. Generate traffic from c2. The response should alternate between c1 (v1) and c2 (v2) regions:
```
for i in $(seq 1 100); do
kubectl exec --context="${CTX_CLUSTER2}" -n sample -c sleep \
"$(kubectl get pod --context="${CTX_CLUSTER2}" -n sample -l \
app=sleep -o jsonpath='{.items[0].metadata.name}')" \
-- curl -sS helloworld.sample:5000/hello
done
```
7. Cross-cluster connectivity has been verified.
================================================
FILE: examples/istio-mc/c1.tf
================================================
# Copyright (c) 2024 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
module "c1" {
source = "oracle-terraform-modules/oke/oci"
version = "5.2.2"
count = lookup(lookup(var.clusters, "c1"), "enabled") ? 1 : 0
home_region = lookup(local.regions, var.home_region)
region = lookup(local.regions, lookup(lookup(var.clusters, "c1"), "region"))
tenancy_id = var.tenancy_id
# general oci parameters
compartment_id = var.compartment_id
# ssh keys
ssh_private_key_path = var.ssh_private_key_path
ssh_public_key_path = var.ssh_public_key_path
# networking
create_drg = var.oke_control_plane == "private" ? true : false
drg_display_name = "c1-drg"
remote_peering_connections = var.oke_control_plane == "private" ? {
for k, v in var.clusters : "rpc-to-${k}" => {} if k != "c1"
} : {}
nat_gateway_route_rules = var.oke_control_plane == "private" ? [
for k, v in var.clusters :
{
destination = lookup(v, "vcn")
destination_type = "CIDR_BLOCK"
network_entity_id = "drg"
description = "Routing to allow connectivity to ${title(k)} cluster"
} if k != "c1"
] : []
vcn_cidrs = [lookup(lookup(var.clusters, "c1"), "vcn")]
vcn_dns_label = "c1"
vcn_name = "c1"
#subnets
subnets = {
bastion = { newbits = 13, netnum = 0, dns_label = "bastion" }
operator = { newbits = 13, netnum = 1, dns_label = "operator" }
cp = { newbits = 13, netnum = 2, dns_label = "cp" }
int_lb = { newbits = 11, netnum = 16, dns_label = "ilb" }
pub_lb = { newbits = 11, netnum = 17, dns_label = "plb" }
workers = { newbits = 2, netnum = 1, dns_label = "workers" }
}
# bastion host
create_bastion = true
bastion_allowed_cidrs = ["0.0.0.0/0"]
bastion_upgrade = false
# operator host
create_operator = true
operator_upgrade = false
create_iam_resources = true
create_iam_operator_policy = "always"
operator_install_k9s = true
# oke cluster options
cluster_name = "c1"
cluster_type = var.cluster_type
cni_type = var.preferred_cni
control_plane_is_public = var.oke_control_plane == "public"
control_plane_allowed_cidrs = [local.anywhere]
kubernetes_version = var.kubernetes_version
pods_cidr = lookup(lookup(var.clusters, "c1"), "pods")
services_cidr = lookup(lookup(var.clusters, "c1"), "services")
# node pools
allow_worker_ssh_access = true
kubeproxy_mode = "iptables"
worker_pool_mode = "node-pool"
worker_pools = var.nodepools
worker_cloud_init = local.worker_cloud_init
worker_image_type = "oke"
# oke load balancers
load_balancers = "both"
preferred_load_balancer = "public"
allow_rules_internal_lb = merge({
for p in local.service_mesh_ports :
format("Allow ingress to port %v from cluster c2 for Istio", p) => {
protocol = local.tcp_protocol, port = p, source = lookup(lookup(var.clusters, "c2"), "vcn"),
source_type = local.rule_type_cidr,
}
},
{
for c in var.clusters : format("Allow TCP ingress from cluster %v for Cilium clustermesh", lookup(c, "name")) => {
protocol = local.tcp_protocol, port = 2379, source = lookup(c, "vcn"), source_type = local.rule_type_cidr,
} if lookup(c, "name") != "c1"
},
{
for c in var.clusters :
format("Allow UDP ingress from cluster %v for cross-cluster DNS lookup via NLB for Coherence WKA", lookup(c, "name"))
=> {
protocol = local.udp_protocol, port = 53, source = lookup(c, "vcn"), source_type = local.rule_type_cidr,
} if lookup(c, "name") != "c1"
},
)
allow_rules_public_lb = merge({
for p in local.public_lb_allowed_ports :
format("Allow ingress to port %v", p) => {
protocol = local.tcp_protocol, port = p, source = "0.0.0.0/0", source_type = local.rule_type_cidr,
}
},
)
allow_rules_workers = merge(
{
for c in var.clusters :
format("Allow UDP ingress to workers from cluster %v for default VXLAN", lookup(c, "name")) => {
protocol = local.udp_protocol, port = 8472, source = lookup(c, "vcn"), source_type = local.rule_type_cidr,
} if lookup(c, "name") != "c1"
},
)
user_id = var.user_id
providers = {
oci = oci.c1
oci.home = oci.home
}
}
================================================
FILE: examples/istio-mc/c2.tf
================================================
# Copyright (c) 2024 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
module "c2" {
source = "oracle-terraform-modules/oke/oci"
version = "5.2.2"
count = lookup(lookup(var.clusters, "c2"), "enabled") ? 1 : 0
home_region = lookup(local.regions, var.home_region)
region = lookup(local.regions, lookup(lookup(var.clusters, "c2"), "region"))
tenancy_id = var.tenancy_id
# general oci parameters
compartment_id = var.compartment_id
# ssh keys
ssh_private_key_path = var.ssh_private_key_path
ssh_public_key_path = var.ssh_public_key_path
# networking
create_drg = var.oke_control_plane == "private" ? true : false
drg_display_name = "c2"
remote_peering_connections = var.oke_control_plane == "private" ? {
for k, v in var.clusters : "rpc-to-${k}" => {} if k != "c2"
} : {}
nat_gateway_route_rules = var.oke_control_plane == "private" ? [
for k, v in var.clusters :
{
destination = lookup(v, "vcn")
destination_type = "CIDR_BLOCK"
network_entity_id = "drg"
description = "Routing to allow connectivity to ${title(k)} cluster"
} if k != "c2"
] : []
vcn_cidrs = [lookup(lookup(var.clusters, "c2"), "vcn")]
vcn_dns_label = "c2"
vcn_name = "c2"
#subnets
subnets = {
cp = { newbits = 13, netnum = 2, dns_label = "cp" }
int_lb = { newbits = 11, netnum = 16, dns_label = "ilb" }
pub_lb = { newbits = 11, netnum = 17, dns_label = "plb" }
workers = { newbits = 2, netnum = 1, dns_label = "workers" }
}
# bastion host
create_bastion = false
bastion_allowed_cidrs = ["0.0.0.0/0"]
bastion_upgrade = false
# operator host
create_operator = false
operator_upgrade = false
create_iam_resources = true
create_iam_operator_policy = "always"
operator_install_k9s = true
# oke cluster options
cluster_name = "c2"
cluster_type = var.cluster_type
cni_type = var.preferred_cni
control_plane_is_public = var.oke_control_plane == "public"
control_plane_allowed_cidrs = [local.anywhere]
kubernetes_version = var.kubernetes_version
pods_cidr = lookup(lookup(var.clusters, "c2"), "pods")
services_cidr = lookup(lookup(var.clusters, "c2"), "services")
# node pools
kubeproxy_mode = "iptables"
worker_pool_mode = "node-pool"
worker_pools = var.nodepools
worker_cloud_init = local.worker_cloud_init
worker_image_type = "oke"
# oke load balancers
load_balancers = "both"
preferred_load_balancer = "public"
allow_rules_internal_lb = merge({
for p in local.service_mesh_ports :
format("Allow ingress to port %v from cluster c1", p) => {
protocol = local.tcp_protocol, port = p, source = lookup(lookup(var.clusters, "c1"), "vcn"),
source_type = local.rule_type_cidr,
}
},
{
for c in var.clusters : format("Allow TCP ingress from cluster %v for Cilium clustermesh", lookup(c, "name")) => {
protocol = local.tcp_protocol, port = 2379, source = lookup(c, "vcn"), source_type = local.rule_type_cidr,
} if lookup(c, "name") != "c2"
},
{
for c in var.clusters :
format("Allow UDP ingress from cluster %v for cross-cluster DNS lookup via NLB for Coherence WKA", lookup(c, "name"))
=> {
protocol = local.udp_protocol, port = 53, source = lookup(c, "vcn"), source_type = local.rule_type_cidr,
} if lookup(c, "name") != "c2"
},
)
allow_rules_public_lb = merge({
for p in local.public_lb_allowed_ports :
format("Allow ingress to port %v", p) => {
protocol = local.tcp_protocol, port = p, source = "0.0.0.0/0", source_type = local.rule_type_cidr,
}
},
)
allow_rules_workers = merge(
{
for c in var.clusters :
format("Allow UDP ingress to workers from cluster %v for default VXLAN", lookup(c, "name")) => {
protocol = local.udp_protocol, port = 8472, source = lookup(c, "vcn"), source_type = local.rule_type_cidr
} if lookup(c, "name") != "c2"
},
)
user_id = var.user_id
providers = {
oci = oci.c2
oci.home = oci.home
}
}
================================================
FILE: examples/istio-mc/contexts.tf
================================================
# Copyright (c) 2024 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
resource "null_resource" "tools" {
depends_on = [module.c1]
connection {
host = local.operator_ip
private_key = file(var.ssh_private_key_path)
timeout = "40m"
type = "ssh"
user = "opc"
bastion_host = local.bastion_ip
bastion_user = "opc"
bastion_private_key = file(var.ssh_private_key_path)
}
provisioner "file" {
content = local.token_helper_template
destination = "/home/opc/token_helper.sh"
}
provisioner "file" {
content = local.istioctl_template
destination = "/home/opc/install_istioctl.sh"
}
provisioner "remote-exec" {
inline = [
"mkdir /home/opc/bin; mv token_helper.sh /home/opc/bin; chmod +x /home/opc/bin/token_helper.sh",
"if [ -f \"$HOME/install_istioctl.sh\" ]; then bash \"$HOME/install_istioctl.sh\";fi",
]
}
}
resource "null_resource" "set_contexts" {
depends_on = [module.c1, module.c2]
for_each = local.all_cluster_ids
connection {
host = local.operator_ip
private_key = file(var.ssh_private_key_path)
timeout = "40m"
type = "ssh"
user = "opc"
bastion_host = local.bastion_ip
bastion_user = "opc"
bastion_private_key = file(var.ssh_private_key_path)
}
provisioner "file" {
content = lookup(local.kubeconfig_templates, each.key)
destination = "/home/opc/generate_kubeconfig_${each.key}.sh"
}
provisioner "file" {
content = lookup(local.set_credentials_templates, each.key)
destination = "/home/opc/kubeconfig_set_credentials_${each.key}.sh"
}
provisioner "file" {
content = lookup(local.set_alias_templates, each.key)
destination = "/home/opc/set_alias_${each.key}.sh"
}
provisioner "remote-exec" {
inline = [
"if [ -f \"$HOME/generate_kubeconfig_${each.key}.sh\" ]; then bash \"$HOME/generate_kubeconfig_${each.key}.sh\";fi",
"if [ -f \"$HOME/kubeconfig_set_credentials_${each.key}.sh\" ]; then bash \"$HOME/kubeconfig_set_credentials_${each.key}.sh\";fi",
"if [ -f \"$HOME/set_alias_${each.key}.sh\" ]; then bash \"$HOME/set_alias_${each.key}.sh\";fi",
]
}
triggers = {
clusters = length(var.clusters)
}
lifecycle {
create_before_destroy = true
}
}
================================================
FILE: examples/istio-mc/istio.tf
================================================
# Copyright (c) 2024 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
locals {
istio_c1 = templatefile("${path.module}/resources/istio.template.yaml",
{
mesh_id = var.istio_mesh_id
cluster = "c1"
mesh_network = "c1"
pub_nsg_id = one(element([module.c1[*].pub_lb_nsg_id], 0))
int_lb_subnet_id = one(element([module.c1[*].int_lb_subnet_id], 0))
int_nsg_id = one(element([module.c1[*].int_lb_nsg_id], 0))
}
)
istio_c2 = templatefile("${path.module}/resources/istio.template.yaml",
{
mesh_id = var.istio_mesh_id
cluster = "c2"
mesh_network = "c2"
pub_nsg_id = one(element([module.c2[*].pub_lb_nsg_id], 0))
int_lb_subnet_id = one(element([module.c2[*].int_lb_subnet_id], 0))
int_nsg_id = one(element([module.c2[*].int_lb_nsg_id], 0))
}
)
}
resource "null_resource" "istio" {
depends_on = [module.c1, module.c2]
connection {
host = local.operator_ip
private_key = file(var.ssh_private_key_path)
timeout = "40m"
type = "ssh"
user = "opc"
bastion_host = local.bastion_ip
bastion_user = "opc"
bastion_private_key = file(var.ssh_private_key_path)
}
provisioner "file" {
content = local.istio_c1
destination = "/home/opc/c1.yaml"
}
provisioner "file" {
content = local.istio_c2
destination = "/home/opc/c2.yaml"
}
}
================================================
FILE: examples/istio-mc/locals.tf
================================================
# Copyright (c) 2024 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
locals {
all_ports = -1
# Protocols
# See https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
all_protocols = "all"
icmp_protocol = 1
tcp_protocol = 6
udp_protocol = 17
anywhere = "0.0.0.0/0"
rule_type_nsg = "NETWORK_SECURITY_GROUP"
rule_type_cidr = "CIDR_BLOCK"
rule_type_service = "SERVICE_CIDR_BLOCK"
bastion_ip = one(element([module.c1[*].bastion_public_ip], 0))
operator_ip = one(element([module.c1[*].operator_private_ip], 0))
# TODO: check when is 15021 required for public
public_lb_allowed_ports = [80, 443, 15021]
# ports required to be opened for inter-cluster communication between for Istio
service_mesh_ports = [15012, 15017, 15021, 15443]
regions = {
# Africa
johannesburg = "af-johannesburg-1"
# Asia
chuncheon = "ap-chuncheon-1"
hyderabad = "ap-hyderabad-1"
mumbai = "ap-mumbai-1"
osaka = "ap-osaka-1"
seoul = "ap-seoul-1"
singapore = "ap-singapore-1"
tokyo = "ap-tokyo-1"
# Europe
amsterdam = "eu-amsterdam-1"
frankfurt = "eu-frankfurt-1"
london = "uk-london-1"
madrid = "eu-madrid-1"
marseille = "eu-marseille-1"
milan = "eu-milan-1"
newport = "uk-cardiff-1"
paris = "eu-paris-1"
stockholm = "eu-stockholm-1"
zurich = "eu-zurich-1"
# Middle East
abudhabi = "me-abudhabi-1"
dubai = "me-dubai-1"
jeddah = "me-jeddah-1"
jerusalem = "il-jerusalem-1"
# Oceania
melbourne = "ap-melbourne-1"
sydney = "ap-sydney-1"
# South America
bogota = "sa-bogota-1"
santiago = "sa-santiago-1"
saupaulo = "sa-saupaulo-1"
valparaiso = "sa-valparaiso-1"
vinhedo = "sa-vinhedo-1"
# North America
ashburn = "us-ashburn-1"
chicago = "us-chicago-1"
monterrey = "mx-monterrey-1"
montreal = "ca-montreal-1"
phoenix = "us-phoenix-1"
queretaro = "mx-queretaro-1"
sanjose = "us-sanjose-1"
toronto = "ca-toronto-1"
# US Gov FedRamp
us-gov-ashburn = "us-langley-1"
us-gov-phoenix = "us-luke-1"
# US Gov DISA L5
us-dod-east = "us-gov-ashburn-1"
us-dod-north = "us-gov-chicago-1"
us-dod-west = "us-gov-phoenix-1"
# UK Gov
uk-gov-south = "uk-gov-london-1"
uk-gov-west = "uk-gov-cardiff-1"
# Australia Gov
au-gov-cbr = "ap-dcc-canberra-1"
}
worker_cloud_init = [
{
content = <<-EOT
runcmd:
- 'echo "Kernel module configuration for Istio and worker node initialization"'
- 'modprobe br_netfilter'
- 'modprobe nf_nat'
- 'modprobe xt_REDIRECT'
- 'modprobe xt_owner'
- 'modprobe iptable_nat'
- 'modprobe iptable_mangle'
- 'modprobe iptable_filter'
- '/usr/libexec/oci-growfs -y'
- 'timedatectl set-timezone Australia/Sydney'
- 'curl --fail -H "Authorization: Bearer Oracle" -L0 http://169.254.169.254/opc/v2/instance/metadata/oke_init_script | base64 --decode >/var/run/oke-init.sh'
- 'bash -x /var/run/oke-init.sh'
EOT
content_type = "text/cloud-config",
}
]
}
================================================
FILE: examples/istio-mc/outputs.tf
================================================
# Copyright (c) 2024 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
output "ssh_to_operator" {
description = "convenient command to ssh to the Admin operator host"
value = one(element([module.c1[*].ssh_to_operator], 0))
}
================================================
FILE: examples/istio-mc/providers.tf
================================================
# Copyright (c) 2024 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
provider "oci" {
fingerprint = var.api_fingerprint
private_key_path = var.api_private_key_path
region = lookup(local.regions, var.home_region)
tenancy_ocid = var.tenancy_id
user_ocid = var.user_id
alias = "home"
ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"]
}
provider "oci" {
fingerprint = var.api_fingerprint
private_key_path = var.api_private_key_path
region = lookup(local.regions, lookup(lookup(var.clusters, "c1"), "region"))
tenancy_ocid = var.tenancy_id
user_ocid = var.user_id
alias = "c1"
ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"]
}
provider "oci" {
fingerprint = var.api_fingerprint
private_key_path = var.api_private_key_path
region = lookup(local.regions, lookup(lookup(var.clusters, "c2"), "region"))
tenancy_ocid = var.tenancy_id
user_ocid = var.user_id
alias = "c2"
ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"]
}
================================================
FILE: examples/istio-mc/resources/istio.template.yaml
================================================
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
values:
global:
meshID: ${mesh_id}
multiCluster:
clusterName: ${cluster}
network: ${mesh_network}
components:
egressGateways:
- name: istio-egressgateway
enabled: true
ingressGateways:
- name: istio-ingressgateway
enabled: true
k8s:
serviceAnnotations:
service.beta.kubernetes.io/oci-load-balancer-internal: "false"
service.beta.kubernetes.io/oci-load-balancer-shape: "flexible"
service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "50"
service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"
service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode: "None"
oci.oraclecloud.com/oci-network-security-groups: "${pub_nsg_id}"
- name: istio-eastwestgateway
enabled: true
k8s:
serviceAnnotations:
service.beta.kubernetes.io/oci-load-balancer-internal: "true"
service.beta.kubernetes.io/oci-load-balancer-shape: "flexible"
service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "50"
service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"
service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode: "None"
service.beta.kubernetes.io/oci-load-balancer-subnet1: "${int_lb_subnet_id}"
oci.oraclecloud.com/oci-network-security-groups: "${int_nsg_id}"
env:
- name: ISTIO_META_REQUESTED_NETWORK_VIEW
value: ${mesh_network}
- name: ISTIO_META_ROUTER_MODE
value: "sni-dnat"
service:
ports:
- name: status-port
port: 15021
targetPort: 15021
- name: tls
port: 15443
targetPort: 15443
- name: tls-istiod
port: 15012
targetPort: 15012
- name: tls-webhook
port: 15017
targetPort: 15017
label:
app: istio-eastwestgateway
istio: eastwestgateway
topology.istio.io/network: ${mesh_network}
================================================
FILE: examples/istio-mc/scripts/cloud-init.sh
================================================
#!/bin/sh
modprobe br_netfilter
modprobe nf_nat
modprobe xt_REDIRECT
modprobe xt_owner
modprobe iptable_nat
modprobe iptable_mangle
modprobe iptable_filter
/usr/libexec/oci-growfs -y
timedatectl set-timezone Australia/Sydney
'curl --fail -H "Authorization: Bearer Oracle" -L0 http://169.254.169.254/opc/v2/instance/metadata/oke_init_script | base64 --decode >/var/run/oke-init.sh'
bash -x /var/run/oke-init.sh
touch /var/log/oke.done
================================================
FILE: examples/istio-mc/scripts/generate_kubeconfig.template.sh
================================================
#!/usr/bin/bash
# Copyright (c) 2023 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
oci ce cluster create-kubeconfig --cluster-id ${cluster_id} --file $HOME/.kube/config --region ${region} --token-version 2.0.0 --kube-endpoint ${endpoint}
================================================
FILE: examples/istio-mc/scripts/istioctl.template.sh
================================================
#!/usr/bin/bash
# Copyright (c) 2024 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
echo "Installing istioctl"
curl -L curl -L https://istio.io/downloadIstio | ISTIO_VERSION=${version} TARGET_ARCH=x86_64 sh -
================================================
FILE: examples/istio-mc/scripts/kubeconfig_set_credentials.template.sh
================================================
#!/usr/bin/bash
# Copyright (c) 2023 Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
kubectl config set-credentials "user-${cluster_id_11}" --exec-command="$HOME/bin/token_helper.sh" \
--exec-arg="ce" \
--exec-arg="cluster" \
--exec-arg="generate-token" \
--exec-arg="--cluster-id" \
--exec-arg="${cluster_id}" \
--exec-arg="--region" \
--exec-arg="${region}"
==============================
gitextract_s2i9ymxq/ ├── .github/ │ ├── ISSUE_TEMPLATE/ │ │ ├── Bug_Report.md │ │ ├── Feature_Request.md │ │ └── Question.md │ └── ISSUE_TEMPLATE.md ├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── THIRD_PARTY_LICENSES.txt ├── data-common.tf ├── data-images.tf ├── docs/ │ ├── diagrams.md │ ├── prerequisites.md │ ├── quickstart.md │ └── terraformoptions.md ├── examples/ │ ├── bastion/ │ │ └── README.md │ ├── cluster/ │ │ └── README.md │ ├── cluster-addons/ │ │ └── README.md │ ├── extensions/ │ │ └── README.md │ ├── iam/ │ │ └── README.md │ ├── istio-mc/ │ │ ├── README.md │ │ ├── c1.tf │ │ ├── c2.tf │ │ ├── contexts.tf │ │ ├── istio.tf │ │ ├── locals.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── resources/ │ │ │ └── istio.template.yaml │ │ ├── scripts/ │ │ │ ├── cloud-init.sh │ │ │ ├── generate_kubeconfig.template.sh │ │ │ ├── istioctl.template.sh │ │ │ ├── kubeconfig_set_credentials.template.sh │ │ │ ├── set_alias.template.sh │ │ │ └── token_helper.template.sh │ │ ├── templates.tf │ │ ├── terraform.tfvars.example │ │ ├── variables.tf │ │ └── versions.tf │ ├── network/ │ │ ├── README.md │ │ └── vars-network-drg-create.auto.tfvars.example │ ├── operator/ │ │ └── README.md │ ├── profiles/ │ │ ├── README.md │ │ ├── cluster-workers-only/ │ │ │ ├── main.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── network-cluster-workers/ │ │ │ ├── main.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── network-only/ │ │ │ ├── main.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── workers-only/ │ │ ├── main.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── provider-basic.tf │ ├── rms/ │ │ ├── README.md │ │ ├── oke-cluster-only/ │ │ │ ├── data.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── schema.yaml │ │ │ ├── variables-cluster.tf │ │ │ ├── variables-extensions.tf │ │ │ ├── variables-iam.tf │ │ │ ├── variables-network.tf │ │ │ ├── variables-operator.tf │ │ │ └── versions.tf │ │ ├── oke-network-only/ │ │ │ ├── data.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── schema.yaml │ │ │ ├── variables-bastion.tf │ │ │ ├── variables-iam.tf │ │ │ ├── variables-network.tf │ │ │ ├── variables-subnets.tf │ │ │ └── versions.tf │ │ └── oke-workers-only/ │ │ ├── data.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── schema.yaml │ │ ├── variables.tf │ │ └── versions.tf │ ├── utilities/ │ │ └── README.md │ └── workers/ │ └── README.md ├── migration.tf ├── module-bastion.tf ├── module-cluster-addons.tf ├── module-cluster.tf ├── module-extensions.tf ├── module-iam.tf ├── module-network.tf ├── module-operator.tf ├── module-utilities.tf ├── module-workers.tf ├── modules/ │ ├── bastion/ │ │ ├── README.md │ │ ├── cloudinit.tf │ │ ├── compute.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── cluster/ │ │ ├── README.md │ │ ├── cluster.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── cluster-addons/ │ │ ├── README.md │ │ ├── addons.tf │ │ ├── delete_addons.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── extensions/ │ │ ├── README.md │ │ ├── argocd.tf │ │ ├── autoscaler.tf │ │ ├── cilium.tf │ │ ├── dcgm_exporter.tf │ │ ├── gatekeeper.tf │ │ ├── locals.tf │ │ ├── metricserver.tf │ │ ├── mpi_operator.tf │ │ ├── multus.tf │ │ ├── prometheus.tf │ │ ├── rdma_cni_plugin.tf │ │ ├── service_account.tf │ │ ├── sriov_cni_plugin.tf │ │ ├── sriov_device_plugin.tf │ │ ├── variables.tf │ │ ├── versions.tf │ │ └── whereabouts.tf │ ├── iam/ │ │ ├── README.md │ │ ├── await.tf │ │ ├── group-autoscaling.tf │ │ ├── group-cluster.tf │ │ ├── group-operator.tf │ │ ├── group-workers.tf │ │ ├── outputs.tf │ │ ├── policy.tf │ │ ├── tagging.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── network/ │ │ ├── README.md │ │ ├── datasources.tf │ │ ├── drgs.tf │ │ ├── locals.tf │ │ ├── nsg-bastion.tf │ │ ├── nsg-controlplane.tf │ │ ├── nsg-fss.tf │ │ ├── nsg-loadbalancers-int.tf │ │ ├── nsg-loadbalancers-pub.tf │ │ ├── nsg-operator.tf │ │ ├── nsg-pods.tf │ │ ├── nsg-workers.tf │ │ ├── rules.tf │ │ ├── subnets.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── operator/ │ │ ├── README.md │ │ ├── cloudinit.tf │ │ ├── compute.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── utilities/ │ │ ├── README.md │ │ ├── drain.tf │ │ ├── nodeready.tf │ │ ├── ocir.tf │ │ ├── resources/ │ │ │ └── await_node_readiness.tpl.sh │ │ ├── variables.tf │ │ └── versions.tf │ └── workers/ │ ├── README.md │ ├── cloudinit-oke.sh │ ├── cloudinit-ubuntu.sh.tftpl │ ├── cloudinit.tf │ ├── clusternetworks.tf │ ├── computecluster.tf │ ├── data-faultdomains.tf │ ├── data-shapes.tf │ ├── gpumemorycluster.tf │ ├── instance.tf │ ├── instanceconfig.tf │ ├── instancepools.tf │ ├── locals.tf │ ├── nodepools.tf │ ├── outputs.tf │ ├── variables.tf │ ├── versions.tf │ └── virtualnodepools.tf ├── variables-bastion.tf ├── variables-cluster-addons.tf ├── variables-cluster.tf ├── variables-common.tf ├── variables-extensions.tf ├── variables-iam.tf ├── variables-network.tf ├── variables-operator.tf ├── variables-utilities.tf ├── variables-workers.tf └── versions.tf
Condensed preview — 197 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (794K chars).
[
{
"path": ".github/ISSUE_TEMPLATE/Bug_Report.md",
"chars": 3792,
"preview": "---\nname: 🐛 Bug Report\nabout: If something isn't working as expected 🤔.\nlabels: bug\n---\n\n<!---\nPlease note the following"
},
{
"path": ".github/ISSUE_TEMPLATE/Feature_Request.md",
"chars": 1569,
"preview": "---\nname: 🚀 Feature Request\nabout: I have a suggestion (and might want to implement myself 🙂)!\nlabels: enhancement\n---\n\n"
},
{
"path": ".github/ISSUE_TEMPLATE/Question.md",
"chars": 657,
"preview": "---\nname: 💬 Question\nabout: Questions regarding the Terraform Oracle Cloud Infrastructure OKE module\nlabels: question\n--"
},
{
"path": ".github/ISSUE_TEMPLATE.md",
"chars": 288,
"preview": "<!---\nThanks for filing an issue 😄 ! Before you submit, please read the following:\n\nCheck the other issue templates if y"
},
{
"path": ".gitignore",
"chars": 252,
"preview": "# Local .terraform directories\n**/.terraform/*\n\nprovider.tf\n\n# .tfstate files\n*.tfstate\n*.tfstate.*\n\n# .tfvars files\n*."
},
{
"path": "CONTRIBUTING.md",
"chars": 1590,
"preview": "# Contributing\n\nOracle welcomes contributions to this repository from anyone.\n\nIf you want to submit a pull request to f"
},
{
"path": "LICENSE",
"chars": 1839,
"preview": "Copyright (c) 2019 Oracle and/or its affiliates. \n\nThe Universal Permissive License (UPL), Version 1.0\n\nSubject to the c"
},
{
"path": "Makefile",
"chars": 979,
"preview": "PROJECT_NAME := \"terraform-oci-oke\"\nSHELL = /usr/bin/env bash -o pipefail\n.SHELLFLAGS = -ec\n\n.PHONY: all\nall: build\n\n##@"
},
{
"path": "README.md",
"chars": 5974,
"preview": "# Terraform OKE for Oracle Cloud Infrastructure\n\n[changelog]: https://github.com/oracle-terraform-modules/terraform-oci-"
},
{
"path": "THIRD_PARTY_LICENSES.txt",
"chars": 90369,
"preview": "github.com/open-policy-agent/gatekeeper\n-------- Copyrights\nCopyright 2018-2020 The Gatekeeper Authors\nCopyright 2018 Th"
},
{
"path": "data-common.tf",
"chars": 422,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "data-images.tf",
"chars": 2853,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "docs/diagrams.md",
"chars": 3158,
"preview": "# Diagrams\n\nThis page collects the currently relevant architecture diagrams for the module.\n\n## Default topologies\n\n### "
},
{
"path": "docs/prerequisites.md",
"chars": 4025,
"preview": "# Pre-requisites\n\n[Quick Start guide](https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/docs/quick"
},
{
"path": "docs/quickstart.md",
"chars": 4691,
"preview": "# Quickstart\n\n1. [Assumptions](#assumptions)\n2. [Pre-requisites](#pre-requisites)\n3. [Instructions](#instructions)\n4. [C"
},
{
"path": "docs/terraformoptions.md",
"chars": 42164,
"preview": "# Terraform Options\n\nConfiguration Terraform Options:\n\n1. [General](#general)\n2. [Identity and Access Management](#ident"
},
{
"path": "examples/bastion/README.md",
"chars": 186,
"preview": "# Bastion Example\n\nEnables the bastion host with a public IP for SSH access into the VCN.\n\n## Usage\n\nCopy `vars-bastion."
},
{
"path": "examples/cluster/README.md",
"chars": 674,
"preview": "# Cluster Examples\n\nExample configurations for OKE cluster creation:\n\n| File | Description |\n|------|-------------|\n| `v"
},
{
"path": "examples/cluster-addons/README.md",
"chars": 242,
"preview": "# Cluster Add-ons Example\n\nExample configuration for enabling and configuring OKE cluster add-ons such as CertManager an"
},
{
"path": "examples/extensions/README.md",
"chars": 1538,
"preview": "# Extension Examples\n\nExample configurations for deploying Kubernetes extensions:\n\n| File | Extension | Description |\n|-"
},
{
"path": "examples/iam/README.md",
"chars": 349,
"preview": "# IAM Examples\n\nExample configurations for IAM resources:\n\n| File | Description |\n|------|-------------|\n| `vars-iam-pol"
},
{
"path": "examples/istio-mc/README.md",
"chars": 6168,
"preview": "# Multi-region service mesh with Istio and OKE\n\n## Assumptions\n\n1. A pair of OKE clusters in 2 different OCI regions wil"
},
{
"path": "examples/istio-mc/c1.tf",
"chars": 4545,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/istio-mc/c2.tf",
"chars": 4331,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/istio-mc/contexts.tf",
"chars": 2461,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/istio-mc/istio.tf",
"chars": 1582,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/istio-mc/locals.tf",
"chars": 3285,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/istio-mc/outputs.tf",
"chars": 331,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/istio-mc/providers.tf",
"chars": 1291,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/istio-mc/resources/istio.template.yaml",
"chars": 2250,
"preview": "apiVersion: install.istio.io/v1alpha1\nkind: IstioOperator\nspec:\n values:\n global:\n meshID: ${mesh_id}\n mul"
},
{
"path": "examples/istio-mc/scripts/cloud-init.sh",
"chars": 440,
"preview": "#!/bin/sh\n\nmodprobe br_netfilter \nmodprobe nf_nat\nmodprobe xt_REDIRECT\nmodprobe xt_owner\nmodprobe iptable_nat\nmodprobe i"
},
{
"path": "examples/istio-mc/scripts/generate_kubeconfig.template.sh",
"chars": 339,
"preview": "#!/usr/bin/bash\n# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive"
},
{
"path": "examples/istio-mc/scripts/istioctl.template.sh",
"chars": 308,
"preview": "#!/usr/bin/bash\n# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive"
},
{
"path": "examples/istio-mc/scripts/kubeconfig_set_credentials.template.sh",
"chars": 472,
"preview": "#!/usr/bin/bash\n# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive"
},
{
"path": "examples/istio-mc/scripts/set_alias.template.sh",
"chars": 228,
"preview": "#!/usr/bin/bash\n# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive"
},
{
"path": "examples/istio-mc/scripts/token_helper.template.sh",
"chars": 450,
"preview": "#!/bin/bash\n# Copyright 2024 Oracle Corporation and/or affiliates.\n# Licensed under the Universal Permissive License v 1"
},
{
"path": "examples/istio-mc/templates.tf",
"chars": 1734,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/istio-mc/terraform.tfvars.example",
"chars": 1206,
"preview": " # provider\napi_fingerprint = \"\"\n\napi_private_key_path = \"~/.oci/oci_rsa.pem\"\n\nhome_region = \"ashburn\" # Use short fo"
},
{
"path": "examples/istio-mc/variables.tf",
"chars": 3458,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/istio-mc/versions.tf",
"chars": 326,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/network/README.md",
"chars": 1009,
"preview": "# Network Examples\n\nExample configurations for VCN networking:\n\n| File | Description |\n|------|-------------|\n| `vars-ne"
},
{
"path": "examples/network/vars-network-drg-create.auto.tfvars.example",
"chars": 551,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "examples/operator/README.md",
"chars": 357,
"preview": "# Operator Examples\n\nExample configurations for the operator host:\n\n| File | Description |\n|------|-------------|\n| `var"
},
{
"path": "examples/profiles/README.md",
"chars": 558,
"preview": "# Deployment Profiles\n\nComposable deployment profiles that enable only the components you need:\n\n| Profile | Description"
},
{
"path": "examples/profiles/cluster-workers-only/main.tf",
"chars": 1011,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/profiles/cluster-workers-only/variables.tf",
"chars": 796,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/profiles/cluster-workers-only/versions.tf",
"chars": 324,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "examples/profiles/network-cluster-workers/main.tf",
"chars": 596,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/profiles/network-cluster-workers/variables.tf",
"chars": 437,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/profiles/network-cluster-workers/versions.tf",
"chars": 324,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "examples/profiles/network-only/main.tf",
"chars": 1488,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/profiles/network-only/variables.tf",
"chars": 437,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/profiles/network-only/versions.tf",
"chars": 324,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "examples/profiles/workers-only/main.tf",
"chars": 1007,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/profiles/workers-only/variables.tf",
"chars": 749,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/profiles/workers-only/versions.tf",
"chars": 324,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "examples/provider-basic.tf",
"chars": 363,
"preview": "# Copyright 2017, 2023 Oracle Corporation and/or affiliates.\n# Licensed under the Universal Permissive License v 1.0 as "
},
{
"path": "examples/rms/README.md",
"chars": 636,
"preview": "# Oracle Resource Manager Stack Examples\n\nPre-built configurations for deploying via [OCI Resource Manager (ORM)](https:"
},
{
"path": "examples/rms/oke-cluster-only/data.tf",
"chars": 888,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-cluster-only/main.tf",
"chars": 6814,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-cluster-only/output.tf",
"chars": 1594,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-cluster-only/schema.yaml",
"chars": 27504,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-cluster-only/variables-cluster.tf",
"chars": 1870,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-cluster-only/variables-extensions.tf",
"chars": 3567,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-cluster-only/variables-iam.tf",
"chars": 1802,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-cluster-only/variables-network.tf",
"chars": 930,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-cluster-only/variables-operator.tf",
"chars": 1597,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-cluster-only/versions.tf",
"chars": 448,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "examples/rms/oke-network-only/data.tf",
"chars": 888,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-network-only/main.tf",
"chars": 5083,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-network-only/output.tf",
"chars": 2184,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-network-only/schema.yaml",
"chars": 22230,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-network-only/variables-bastion.tf",
"chars": 1268,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-network-only/variables-iam.tf",
"chars": 1499,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-network-only/variables-network.tf",
"chars": 2073,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-network-only/variables-subnets.tf",
"chars": 1372,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-network-only/versions.tf",
"chars": 448,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "examples/rms/oke-workers-only/data.tf",
"chars": 888,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-workers-only/main.tf",
"chars": 3104,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-workers-only/output.tf",
"chars": 1302,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-workers-only/schema.yaml",
"chars": 15325,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-workers-only/variables.tf",
"chars": 3664,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "examples/rms/oke-workers-only/versions.tf",
"chars": 448,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "examples/utilities/README.md",
"chars": 464,
"preview": "# Utility Examples\n\nExample configurations for utility features:\n\n| File | Description |\n|------|-------------|\n| `vars-"
},
{
"path": "examples/workers/README.md",
"chars": 1515,
"preview": "# Worker Examples\n\nExample configurations for various worker pool modes and features:\n\n| File | Description |\n|------|--"
},
{
"path": "migration.tf",
"chars": 1651,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "module-bastion.tf",
"chars": 4093,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "module-cluster-addons.tf",
"chars": 1038,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "module-cluster.tf",
"chars": 7179,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "module-extensions.tf",
"chars": 5611,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "module-iam.tf",
"chars": 5735,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "module-network.tf",
"chars": 11196,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "module-operator.tf",
"chars": 5453,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "module-utilities.tf",
"chars": 1291,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "module-workers.tf",
"chars": 6053,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/bastion/README.md",
"chars": 209,
"preview": "# Bastion\n\nThis sub-module creates a bastion host in a public subnet for SSH access into the VCN.\n\n## Usage\n\nRefer to th"
},
{
"path": "modules/bastion/cloudinit.tf",
"chars": 1858,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/bastion/compute.tf",
"chars": 2892,
"preview": "# Copyright (c) 2019, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/bastion/variables.tf",
"chars": 1229,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\r\n# Licensed under the Universal Permissive License "
},
{
"path": "modules/bastion/versions.tf",
"chars": 493,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/cluster/README.md",
"chars": 229,
"preview": "# Cluster\n\nThis sub-module creates an OKE cluster with configurable CNI, Kubernetes version, and OIDC authentication.\n\n#"
},
{
"path": "modules/cluster/cluster.tf",
"chars": 4198,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/cluster/outputs.tf",
"chars": 462,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/cluster/variables.tf",
"chars": 1704,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/cluster/versions.tf",
"chars": 323,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/cluster-addons/README.md",
"chars": 216,
"preview": "# Cluster Add-ons\n\nThis sub-module manages OKE cluster add-ons and their configurations.\n\n## Usage\n\nRefer to the [Cluste"
},
{
"path": "modules/cluster-addons/addons.tf",
"chars": 2795,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/cluster-addons/delete_addons.tf",
"chars": 1699,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/cluster-addons/outputs.tf",
"chars": 285,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/cluster-addons/variables.tf",
"chars": 684,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/cluster-addons/versions.tf",
"chars": 323,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/extensions/README.md",
"chars": 280,
"preview": "# Extensions\n\nThis sub-module deploys Kubernetes extensions via Helm charts or YAML manifests, including Cilium, Multus,"
},
{
"path": "modules/extensions/argocd.tf",
"chars": 2421,
"preview": "# Copyright (c) 2021, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/extensions/autoscaler.tf",
"chars": 5088,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/extensions/cilium.tf",
"chars": 7588,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/extensions/dcgm_exporter.tf",
"chars": 3768,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/extensions/gatekeeper.tf",
"chars": 2322,
"preview": "# Copyright (c) 2021, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/extensions/locals.tf",
"chars": 1116,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 "
},
{
"path": "modules/extensions/metricserver.tf",
"chars": 2583,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/extensions/mpi_operator.tf",
"chars": 2150,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/extensions/multus.tf",
"chars": 1954,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/extensions/prometheus.tf",
"chars": 3571,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/extensions/rdma_cni_plugin.tf",
"chars": 2222,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/extensions/service_account.tf",
"chars": 5289,
"preview": "# Copyright (c) 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/extensions/sriov_cni_plugin.tf",
"chars": 2265,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/extensions/sriov_device_plugin.tf",
"chars": 2364,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/extensions/variables.tf",
"chars": 4521,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/extensions/versions.tf",
"chars": 487,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/extensions/whereabouts.tf",
"chars": 4618,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/iam/README.md",
"chars": 260,
"preview": "# IAM\n\nThis sub-module creates IAM dynamic groups, policies, and optional tag namespaces for OKE resources.\n\n## Usage\n\nR"
},
{
"path": "modules/iam/await.tf",
"chars": 203,
"preview": "resource \"time_sleep\" \"await_iam_resources\" {\n count = anytrue([\n local.has_policy_statements,\n local.create_iam_"
},
{
"path": "modules/iam/group-autoscaling.tf",
"chars": 2468,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/iam/group-cluster.tf",
"chars": 1569,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/iam/group-operator.tf",
"chars": 2084,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/iam/group-workers.tf",
"chars": 2703,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/iam/outputs.tf",
"chars": 681,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/iam/policy.tf",
"chars": 2050,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/iam/tagging.tf",
"chars": 2667,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/iam/variables.tf",
"chars": 1370,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/iam/versions.tf",
"chars": 443,
"preview": "// Copyright (c) 2024 Oracle and/or its affiliates\n\n# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates."
},
{
"path": "modules/network/README.md",
"chars": 237,
"preview": "# Network\n\nThis sub-module creates the VCN, subnets, network security groups, gateways, routing, DRG, and LPG configurat"
},
{
"path": "modules/network/datasources.tf",
"chars": 420,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/drgs.tf",
"chars": 1807,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/locals.tf",
"chars": 1078,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/nsg-bastion.tf",
"chars": 4014,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/nsg-controlplane.tf",
"chars": 9112,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/nsg-fss.tf",
"chars": 5477,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/nsg-loadbalancers-int.tf",
"chars": 6102,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/nsg-loadbalancers-pub.tf",
"chars": 6153,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/nsg-operator.tf",
"chars": 4583,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/nsg-pods.tf",
"chars": 9764,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/nsg-workers.tf",
"chars": 18358,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/rules.tf",
"chars": 10712,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/subnets.tf",
"chars": 12086,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/variables.tf",
"chars": 2552,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/network/versions.tf",
"chars": 323,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/operator/README.md",
"chars": 240,
"preview": "# Operator\n\nThis sub-module creates an operator host in a private subnet pre-installed with kubectl, Helm, and optional "
},
{
"path": "modules/operator/cloudinit.tf",
"chars": 14549,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/operator/compute.tf",
"chars": 3599,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/operator/variables.tf",
"chars": 1944,
"preview": "# Copyright (c) 2019, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/operator/versions.tf",
"chars": 493,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/utilities/README.md",
"chars": 251,
"preview": "# Utilities\n\nThis sub-module provides helper resources including node readiness checks, OCIR secret creation, and worker"
},
{
"path": "modules/utilities/drain.tf",
"chars": 1412,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/utilities/nodeready.tf",
"chars": 1223,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/utilities/ocir.tf",
"chars": 2334,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/utilities/resources/await_node_readiness.tpl.sh",
"chars": 1452,
"preview": "#!/usr/bin/env bash\n# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal "
},
{
"path": "modules/utilities/variables.tf",
"chars": 1107,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/utilities/versions.tf",
"chars": 403,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/README.md",
"chars": 227,
"preview": "# Worker pools\n\nThis sub-module supports different modes of OKE worker node management with advanced configuration.\n\n## "
},
{
"path": "modules/workers/cloudinit-oke.sh",
"chars": 3130,
"preview": "#!/usr/bin/env bash\n# Copyright (c) 2022, 2025 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal "
},
{
"path": "modules/workers/cloudinit-ubuntu.sh.tftpl",
"chars": 719,
"preview": "#!/bin/bash\nset -x\n\nsource /etc/os-release\n\noke_package_name=\"oci-oke-node-all-${oke_minor_version}\"\n\n# Add OKE Ubuntu p"
},
{
"path": "modules/workers/cloudinit.tf",
"chars": 8122,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/clusternetworks.tf",
"chars": 2072,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/computecluster.tf",
"chars": 8572,
"preview": "# Copyright (c) 2022, 2025 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/data-faultdomains.tf",
"chars": 338,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/workers/data-shapes.tf",
"chars": 677,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/workers/gpumemorycluster.tf",
"chars": 2967,
"preview": "# Copyright (c) 2026 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "modules/workers/instance.tf",
"chars": 6340,
"preview": "resource \"oci_core_instance\" \"workers\" {\n for_each = local.enabled_instances\n availability_domain = eleme"
},
{
"path": "modules/workers/instanceconfig.tf",
"chars": 9260,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/instancepools.tf",
"chars": 4239,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/locals.tf",
"chars": 16941,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/nodepools.tf",
"chars": 12754,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/outputs.tf",
"chars": 1633,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/variables.tf",
"chars": 12840,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/versions.tf",
"chars": 413,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "modules/workers/virtualnodepools.tf",
"chars": 2886,
"preview": "# Copyright (c) 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v 1.0 a"
},
{
"path": "variables-bastion.tf",
"chars": 3554,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "variables-cluster-addons.tf",
"chars": 826,
"preview": "# Copyright (c) 2017, 2024 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "variables-cluster.tf",
"chars": 6235,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "variables-common.tf",
"chars": 2256,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "variables-extensions.tf",
"chars": 16004,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "variables-iam.tf",
"chars": 11921,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "variables-network.tf",
"chars": 11151,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "variables-operator.tf",
"chars": 5622,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "variables-utilities.tf",
"chars": 2393,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "variables-workers.tf",
"chars": 10730,
"preview": "# Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
},
{
"path": "versions.tf",
"chars": 805,
"preview": "# Copyright (c) 2017, 2023 Oracle Corporation and/or its affiliates.\n# Licensed under the Universal Permissive License v"
}
]
About this extraction
This page contains the full source code of the oracle-terraform-modules/terraform-oci-oke GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 197 files (734.7 KB), approximately 193.5k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.