auth:

{% if oci_use_instance_principals %}
  # (https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/callingservicesfrominstances.htm).
  # Ensure you have setup the following OCI policies and your kubernetes nodes are running within them
  # allow dynamic-group [your dynamic group name] to read instance-family in compartment [your compartment name]
  # allow dynamic-group [your dynamic group name] to use virtual-network-family in compartment [your compartment name]
  # allow dynamic-group [your dynamic group name] to manage load-balancers in compartment [your compartment name]
  useInstancePrincipals: true
{% else %}
  useInstancePrincipals: false
  
  region: {{ oci_region_id }}
  tenancy: {{ oci_tenancy_id }}
  user: {{ oci_user_id }}
  key: | 
    {{ oci_private_key }}

  {% if oci_private_key_passphrase is defined %}  
  passphrase: {{ oci_private_key_passphrase }}
  {% endif %}


  fingerprint: {{ oci_user_fingerprint }}
{% endif %}

# compartment configures Compartment within which the cluster resides.
compartment: {{ oci_compartment_id }}

# vcn configures the Virtual Cloud Network (VCN) within which the cluster resides.
vcn: {{ oci_vnc_id }}

loadBalancer:
  # subnet1 configures one of two subnets to which load balancers will be added.
  # OCI load balancers require two subnets to ensure high availability.
  subnet1: {{ oci_subnet1_id }}

  # subnet2 configures the second of two subnets to which load balancers will be
  # added. OCI load balancers require two subnets to ensure high availability.
  subnet2: {{ oci_subnet2_id }}

  # SecurityListManagementMode configures how security lists are managed by the CCM.
  #   "All" (default): Manage all required security list rules for load balancer services.
  #   "Frontend":      Manage only security list rules for ingress to the load
  #                    balancer. Requires that the user has setup a rule that
  #                    allows inbound traffic to the appropriate ports for kube
  #                    proxy health port, node port ranges, and health check port ranges.
  #                    E.g. 10.82.0.0/16 30000-32000.
  #   "None":          Disables all security list management. Requires that the
  #                    user has setup a rule that allows inbound traffic to the
  #                    appropriate ports for kube proxy health port, node port
  #                    ranges, and health check port ranges. E.g. 10.82.0.0/16 30000-32000.
  #                    Additionally requires the user to mange rules to allow
  #                    inbound traffic to load balancers.
  securityListManagementMode: {{ oci_security_list_management }}