90 lines
3.8 KiB
Django/Jinja
90 lines
3.8 KiB
Django/Jinja
{% macro private_key() %}{{ oci_private_key }}{% endmacro %}
|
|
|
|
{% if oci_use_instance_principals %}
|
|
# (https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/callingservicesfrominstances.htm).
|
|
# Ensure you have setup the following OCI policies and your kubernetes nodes are running within them
|
|
# allow dynamic-group [your dynamic group name] to read instance-family in compartment [your compartment name]
|
|
# allow dynamic-group [your dynamic group name] to use virtual-network-family in compartment [your compartment name]
|
|
# allow dynamic-group [your dynamic group name] to manage load-balancers in compartment [your compartment name]
|
|
useInstancePrincipals: true
|
|
{% else %}
|
|
useInstancePrincipals: false
|
|
{% endif %}
|
|
|
|
auth:
|
|
|
|
{% if oci_use_instance_principals %}
|
|
# This key is put here too for backwards compatibility
|
|
useInstancePrincipals: true
|
|
{% else %}
|
|
useInstancePrincipals: false
|
|
|
|
region: {{ oci_region_id }}
|
|
tenancy: {{ oci_tenancy_id }}
|
|
user: {{ oci_user_id }}
|
|
key: |
|
|
{{ oci_private_key }}
|
|
|
|
{% if oci_private_key_passphrase is defined %}
|
|
passphrase: {{ oci_private_key_passphrase }}
|
|
{% endif %}
|
|
|
|
|
|
fingerprint: {{ oci_user_fingerprint }}
|
|
{% endif %}
|
|
|
|
# compartment configures Compartment within which the cluster resides.
|
|
compartment: {{ oci_compartment_id }}
|
|
|
|
# vcn configures the Virtual Cloud Network (VCN) within which the cluster resides.
|
|
vcn: {{ oci_vnc_id }}
|
|
|
|
loadBalancer:
|
|
# subnet1 configures one of two subnets to which load balancers will be added.
|
|
# OCI load balancers require two subnets to ensure high availability.
|
|
subnet1: {{ oci_subnet1_id }}
|
|
{% if oci_subnet2_id is defined %}
|
|
# subnet2 configures the second of two subnets to which load balancers will be
|
|
# added. OCI load balancers require two subnets to ensure high availability.
|
|
subnet2: {{ oci_subnet2_id }}
|
|
{% endif %}
|
|
# SecurityListManagementMode configures how security lists are managed by the CCM.
|
|
# "All" (default): Manage all required security list rules for load balancer services.
|
|
# "Frontend": Manage only security list rules for ingress to the load
|
|
# balancer. Requires that the user has setup a rule that
|
|
# allows inbound traffic to the appropriate ports for kube
|
|
# proxy health port, node port ranges, and health check port ranges.
|
|
# E.g. 10.82.0.0/16 30000-32000.
|
|
# "None": Disables all security list management. Requires that the
|
|
# user has setup a rule that allows inbound traffic to the
|
|
# appropriate ports for kube proxy health port, node port
|
|
# ranges, and health check port ranges. E.g. 10.82.0.0/16 30000-32000.
|
|
# Additionally requires the user to mange rules to allow
|
|
# inbound traffic to load balancers.
|
|
securityListManagementMode: {{ oci_security_list_management }}
|
|
|
|
{% if oci_security_lists is defined and oci_security_lists|length > 0 %}
|
|
# Optional specification of which security lists to modify per subnet. This does not apply if security list management is off.
|
|
securityLists:
|
|
{% for subnet_ocid, list_ocid in oci_security_lists.items() %}
|
|
{{ subnet_ocid }}: {{ list_ocid }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if oci_rate_limit is defined and oci_rate_limit|length > 0 %}
|
|
# Optional rate limit controls for accessing OCI API
|
|
rateLimiter:
|
|
{% if oci_rate_limit.rate_limit_qps_read %}
|
|
rateLimitQPSRead: {{ oci_rate_limit.rate_limit_qps_read }}
|
|
{% endif %}
|
|
{% if oci_rate_limit.rate_limit_qps_write %}
|
|
rateLimitQPSWrite: {{ oci_rate_limit.rate_limit_qps_write }}
|
|
{% endif %}
|
|
{% if oci_rate_limit.rate_limit_bucket_read %}
|
|
rateLimitBucketRead: {{ oci_rate_limit.rate_limit_bucket_read }}
|
|
{% endif %}
|
|
{% if oci_rate_limit.rate_limit_bucket_write %}
|
|
rateLimitBucketWrite: {{ oci_rate_limit.rate_limit_bucket_write }}
|
|
{% endif %}
|
|
{% endif %}
|
|
|