Merge pull request #2710 from oracle-devrel/oke-rm

alcampag · web-flow · commit c6010726c8c4 · 2026-03-27T12:57:13.000+01:00
Oke-rm 1.3.3
diff --git a/app-dev/devops-and-containers/oke/oke-rm/README.md b/app-dev/devops-and-containers/oke/oke-rm/README.md
@@ -17,13 +17,13 @@ This stack is used to create the initial network infrastructure for OKE. When co
 * You can apply this stack even on an existing VCN, so that only the NSGs for OKE will be created
 * The default CNI is the VCN Native CNI, and it is the recommended one
 
-[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.3.2/infra.zip)
+[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.3.3/infra.zip)
 
 ## Step 2: Create the OKE control plane
 
 This stack is used to create the OKE control plane ONLY.
 
-[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.3.2/oke.zip)
+[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/oke-rm-1.3.3/oke.zip)
 
 Also note that if the network infrastructure is located in a different compartment than the OKE cluster AND you are planning to use the OCI_VCN_NATIVE CNI,
 you must add these policies:
diff --git a/app-dev/devops-and-containers/oke/oke-rm/images/architecture.png b/app-dev/devops-and-containers/oke/oke-rm/images/architecture.png
diff --git a/app-dev/devops-and-containers/oke/oke-rm/infra/infra.zip b/app-dev/devops-and-containers/oke/oke-rm/infra/infra.zip
diff --git a/app-dev/devops-and-containers/oke/oke-rm/infra/local.tf b/app-dev/devops-and-containers/oke/oke-rm/infra/local.tf
@@ -4,18 +4,64 @@ locals {
   vcn_cidr_blocks = [var.vcn_cidr_block]
   tag_value       = var.tag_value == null ? { "freeformTags" = {}, "definedTags" = {} } : var.tag_value
   db_service_list = var.db_service_list == null ? [] : var.db_service_list
-  subnets = {
-    cidr = {
-      pod         = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 1, 0) : null     # e.g., "10.0.0.0/17"
-      worker      = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 3, 4) : null     # e.g., "10.0.128.0/19"
-      lb_external = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 160) : null   # e.g., "10.0.160.0/24"
-      lb_internal = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 161) : null   # e.g., "10.0.161.0/24"
-      fss         = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 162) : null   # e.g., "10.0.162.0/24"
-      db          = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 164) : null   # e.g., "10.0.164.0/24"
-      msg         = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 8, 165) : null   # e.g., "10.0.165.0/24"
-      bastion     = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 13, 5216) : null # e.g., "10.0.163.0/29"
-      cp          = var.create_vcn ? cidrsubnet(var.vcn_cidr_block, 13, 5217) : null # e.g., "10.0.163.8/29"
+
+  vcn_cidr_prefix = tonumber(split("/", trimspace(var.vcn_cidr_block))[1])
+  subnet_profile_by_cidr = {
+    "16" = "large"
+    "18" = "medium"
+    "20" = "small"
+  }
+  subnet_profile = lookup(local.subnet_profile_by_cidr, tostring(local.vcn_cidr_prefix), "large")
+  is_large       = local.subnet_profile == "large"
+  is_medium      = local.subnet_profile == "medium"
+  is_small       = local.subnet_profile == "small"
+
+  subnet_profiles = {
+    large = {
+      # Assumes /16 base VCN (e.g., 10.0.0.0/16). Used IPs: 49936. Remaining free IPs: 15600.
+      cidr = {
+        pod         = var.create_vcn && local.is_large ? cidrsubnet(var.vcn_cidr_block, 1, 0) : null     # e.g., "10.0.0.0/17"
+        worker      = var.create_vcn && local.is_large ? cidrsubnet(var.vcn_cidr_block, 3, 4) : null     # e.g., "10.0.128.0/19"
+        lb_external = var.create_vcn && local.is_large ? cidrsubnet(var.vcn_cidr_block, 8, 160) : null   # e.g., "10.0.160.0/24"
+        lb_internal = var.create_vcn && local.is_large ? cidrsubnet(var.vcn_cidr_block, 8, 161) : null   # e.g., "10.0.161.0/24"
+        fss         = var.create_vcn && local.is_large ? cidrsubnet(var.vcn_cidr_block, 8, 162) : null   # e.g., "10.0.162.0/24"
+        db          = var.create_vcn && local.is_large ? cidrsubnet(var.vcn_cidr_block, 8, 164) : null   # e.g., "10.0.164.0/24"
+        msg         = var.create_vcn && local.is_large ? cidrsubnet(var.vcn_cidr_block, 8, 165) : null   # e.g., "10.0.165.0/24"
+        bastion     = var.create_vcn && local.is_large ? cidrsubnet(var.vcn_cidr_block, 13, 5216) : null # e.g., "10.0.163.0/29"
+        cp          = var.create_vcn && local.is_large ? cidrsubnet(var.vcn_cidr_block, 13, 5217) : null # e.g., "10.0.163.8/29"
+      }
+    }
+    medium = {
+      # Assumes /18 base VCN (e.g., 10.0.0.0/18). Used IPs: 9872. Remaining free IPs: 6512.
+      cidr = {
+        pod         = var.create_vcn && local.is_medium ? cidrsubnet(var.vcn_cidr_block, 1, 0) : null     # e.g., "10.0.0.0/19"
+        worker      = var.create_vcn && local.is_medium ? cidrsubnet(var.vcn_cidr_block, 4, 8) : null     # e.g., "10.0.32.0/22"
+        lb_external = var.create_vcn && local.is_medium ? cidrsubnet(var.vcn_cidr_block, 7, 72) : null    # e.g., "10.0.36.0/25"
+        lb_internal = var.create_vcn && local.is_medium ? cidrsubnet(var.vcn_cidr_block, 7, 73) : null    # e.g., "10.0.36.128/25"
+        fss         = var.create_vcn && local.is_medium ? cidrsubnet(var.vcn_cidr_block, 7, 74) : null    # e.g., "10.0.37.0/25"
+        db          = var.create_vcn && local.is_medium ? cidrsubnet(var.vcn_cidr_block, 7, 75) : null    # e.g., "10.0.37.128/25"
+        msg         = var.create_vcn && local.is_medium ? cidrsubnet(var.vcn_cidr_block, 7, 76) : null    # e.g., "10.0.38.0/25"
+        bastion     = var.create_vcn && local.is_medium ? cidrsubnet(var.vcn_cidr_block, 11, 1248) : null # e.g., "10.0.39.0/29"
+        cp          = var.create_vcn && local.is_medium ? cidrsubnet(var.vcn_cidr_block, 11, 1249) : null # e.g., "10.0.39.8/29"
+      }
     }
+    small = {
+      # Assumes /20 base VCN (e.g., 10.0.0.0/20). Used IPs: 2896. Remaining free IPs: 1200.
+      cidr = {
+        pod         = var.create_vcn && local.is_small ? cidrsubnet(var.vcn_cidr_block, 1, 0) : null   # e.g., "10.0.0.0/21"
+        worker      = var.create_vcn && local.is_small ? cidrsubnet(var.vcn_cidr_block, 3, 4) : null   # e.g., "10.0.8.0/23"
+        lb_external = var.create_vcn && local.is_small ? cidrsubnet(var.vcn_cidr_block, 6, 40) : null  # e.g., "10.0.10.0/26"
+        lb_internal = var.create_vcn && local.is_small ? cidrsubnet(var.vcn_cidr_block, 6, 41) : null  # e.g., "10.0.10.64/26"
+        fss         = var.create_vcn && local.is_small ? cidrsubnet(var.vcn_cidr_block, 6, 42) : null  # e.g., "10.0.10.128/26"
+        db          = var.create_vcn && local.is_small ? cidrsubnet(var.vcn_cidr_block, 6, 43) : null  # e.g., "10.0.10.192/26"
+        msg         = var.create_vcn && local.is_small ? cidrsubnet(var.vcn_cidr_block, 6, 44) : null  # e.g., "10.0.11.0/26"
+        bastion     = var.create_vcn && local.is_small ? cidrsubnet(var.vcn_cidr_block, 9, 360) : null # e.g., "10.0.11.64/29"
+        cp          = var.create_vcn && local.is_small ? cidrsubnet(var.vcn_cidr_block, 9, 361) : null # e.g., "10.0.11.72/29"
+      }
+    }
+  }
+  subnets = {
+    cidr = local.subnet_profiles[local.subnet_profile].cidr
     dns = {
       pod         = "pod"
       worker      = "worker"
diff --git a/app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/dhcp.tf b/app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/dhcp.tf
@@ -8,6 +8,10 @@ resource "oci_core_dhcp_options" "external_lb_dhcp" {
     type        = "DomainNameServer"
     server_type = "VcnLocalPlusInternet"
   }
+  options {
+    type                = "SearchDomain"
+    search_domain_names = [local.vcn_search_domain]
+  }
   count = local.create_external_lb_subnet ? 1 : 0
 }
 
@@ -21,6 +25,10 @@ resource "oci_core_dhcp_options" "internal_lb_dhcp" {
     type        = "DomainNameServer"
     server_type = "VcnLocalPlusInternet"
   }
+  options {
+    type                = "SearchDomain"
+    search_domain_names = [local.vcn_search_domain]
+  }
   count = local.create_internal_lb_subnet ? 1 : 0
 }
 
@@ -34,6 +42,10 @@ resource "oci_core_dhcp_options" "oke_cp_dhcp" {
     type        = "DomainNameServer"
     server_type = "VcnLocalPlusInternet"
   }
+  options {
+    type                = "SearchDomain"
+    search_domain_names = [local.vcn_search_domain]
+  }
   count = local.create_cp_subnet ? 1 : 0
 }
 
@@ -47,6 +59,10 @@ resource "oci_core_dhcp_options" "worker_dhcp" {
     type        = "DomainNameServer"
     server_type = "VcnLocalPlusInternet"
   }
+  options {
+    type                = "SearchDomain"
+    search_domain_names = [local.vcn_search_domain]
+  }
   count = local.create_worker_subnet ? 1 : 0
 }
 
@@ -60,6 +76,10 @@ resource "oci_core_dhcp_options" "pods_dhcp" {
     type        = "DomainNameServer"
     server_type = "VcnLocalPlusInternet"
   }
+  options {
+    type                = "SearchDomain"
+    search_domain_names = [local.vcn_search_domain]
+  }
   count = local.create_pod_subnet ? 1 : 0
 }
 
@@ -73,6 +93,10 @@ resource "oci_core_dhcp_options" "bastion_dhcp" {
     type        = "DomainNameServer"
     server_type = "VcnLocalPlusInternet"
   }
+  options {
+    type                = "SearchDomain"
+    search_domain_names = [local.vcn_search_domain]
+  }
   count = local.create_bastion_subnet ? 1 : 0
 }
 
@@ -86,6 +110,10 @@ resource "oci_core_dhcp_options" "fss_dhcp" {
     type        = "DomainNameServer"
     server_type = "VcnLocalPlusInternet"
   }
+  options {
+    type                = "SearchDomain"
+    search_domain_names = [local.vcn_search_domain]
+  }
   count = local.create_fss_subnet ? 1 : 0
 }
 
@@ -99,6 +127,10 @@ resource "oci_core_dhcp_options" "db_dhcp" {
     type        = "DomainNameServer"
     server_type = "VcnLocalPlusInternet"
   }
+  options {
+    type                = "SearchDomain"
+    search_domain_names = [local.vcn_search_domain]
+  }
   count = local.create_db_subnet ? 1 : 0
 }
 
@@ -112,5 +144,9 @@ resource "oci_core_dhcp_options" "msg_dhcp" {
     type        = "DomainNameServer"
     server_type = "VcnLocalPlusInternet"
   }
+  options {
+    type                = "SearchDomain"
+    search_domain_names = [local.vcn_search_domain]
+  }
   count = local.create_msg_subnet ? 1 : 0
 }
diff --git a/app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/local.tf b/app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/local.tf
@@ -9,6 +9,7 @@ locals {
   create_internal_lb_subnet       = var.create_internal_lb_subnet && var.create_vcn
   all_subnet_private              = (var.cp_subnet_private || !local.create_cp_subnet) && (!local.create_external_lb_subnet) && (var.bastion_subnet_private || !var.create_bastion_subnet)
   vcn_id                          = var.create_vcn ? oci_core_vcn.spoke_vcn.0.id : var.vcn_id
+  vcn_search_domain               = var.create_vcn ? oci_core_vcn.spoke_vcn.0.vcn_domain_name : null
   cp_nat_mode                     = local.create_cp_subnet && var.cp_subnet_private && var.cp_external_nat
   create_cp_external_traffic_rule = var.allow_external_cp_traffic && (!var.create_cp_subnet || (!var.cp_subnet_private || var.cp_external_nat))
 
diff --git a/app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/peering-nsg.tf b/app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/peering-nsg.tf
@@ -0,0 +1,35 @@
+locals {
+  # Only used when NSG exists
+  peer_vcns_set = local.create_drg_attachment ? toset(var.peer_vcns) : []
+}
+
+resource "oci_core_network_security_group" "peering" {
+  compartment_id = var.network_compartment_id
+  vcn_id         = local.vcn_id
+  freeform_tags  = var.tag_value.freeformTags
+  defined_tags   = var.tag_value.definedTags
+  display_name   = "peering"
+  count          = local.create_drg_attachment && length(var.peer_vcns) > 0 ? 1 : 0
+}
+
+resource "oci_core_network_security_group_security_rule" "peering_egress" {
+  for_each                  = local.peer_vcns_set
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.peering.0.id
+  protocol                  = "all"
+  destination_type          = "CIDR_BLOCK"
+  destination               = each.value
+  stateless                 = true
+  description               = "Allow egress traffic to peered VCN ${each.value}"
+}
+
+resource "oci_core_network_security_group_security_rule" "peering_ingress" {
+  for_each                  = local.peer_vcns_set
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.peering.0.id
+  protocol                  = "all"
+  source_type               = "CIDR_BLOCK"
+  source                    = each.value
+  stateless                 = true
+  description               = "Allow ingress traffic from peered VCN ${each.value}"
+}
diff --git a/app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/routing.tf b/app-dev/devops-and-containers/oke/oke-rm/infra/modules/network/routing.tf
@@ -22,15 +22,6 @@ resource "oci_core_route_table" "bastion_route_table" {
       description       = "Route to reach external Internet through the Internet gateway"
     }
   }
-  dynamic "route_rules" {
-    for_each = var.enable_drg ? var.peer_vcns : []
-    content {
-      network_entity_id = local.drg_id
-      destination_type  = "CIDR_BLOCK"
-      destination       = route_rules.value
-      description       = "Route to ${route_rules.value} through the DRG"
-    }
-  }
   count = local.create_bastion_subnet ? 1 : 0
 }
 
@@ -68,7 +59,7 @@ resource "oci_core_route_table" "cp_route_table" {
     }
   }
   dynamic "route_rules" {
-    for_each = var.enable_drg ? var.peer_vcns : []
+    for_each = local.create_drg_attachment ? var.peer_vcns : []
     content {
       network_entity_id = local.drg_id
       destination_type  = "CIDR_BLOCK"
@@ -91,15 +82,6 @@ resource "oci_core_route_table" "lb_ext_route_table" {
     destination       = "0.0.0.0/0"
     description       = "Route to reach external Internet through the Internet gateway"
   }
-  dynamic "route_rules" {
-    for_each = var.enable_drg ? var.peer_vcns : []
-    content {
-      network_entity_id = local.drg_id
-      destination_type  = "CIDR_BLOCK"
-      destination       = route_rules.value
-      description       = "Route to ${route_rules.value} through the DRG"
-    }
-  }
   count = local.create_external_lb_subnet ? 1 : 0
 }
 
@@ -116,7 +98,7 @@ resource "oci_core_route_table" "lb_int_route_table" {
     description       = "Route for all internal OCI services in the region"
   }
   dynamic "route_rules" {
-    for_each = var.enable_drg ? var.peer_vcns : []
+    for_each = local.create_drg_attachment ? var.peer_vcns : []
     content {
       network_entity_id = local.drg_id
       destination_type  = "CIDR_BLOCK"
@@ -149,7 +131,7 @@ resource "oci_core_route_table" "worker_route_table" {
     }
   }
   dynamic "route_rules" {
-    for_each = var.enable_drg ? var.peer_vcns : []
+    for_each = local.create_drg_attachment ? var.peer_vcns : []
     content {
       network_entity_id = local.drg_id
       destination_type  = "CIDR_BLOCK"
@@ -182,7 +164,7 @@ resource "oci_core_route_table" "pod_route_table" {
     }
   }
   dynamic "route_rules" {
-    for_each = var.enable_drg ? var.peer_vcns : []
+    for_each = local.create_drg_attachment ? var.peer_vcns : []
     content {
       network_entity_id = local.drg_id
       destination_type  = "CIDR_BLOCK"
diff --git a/app-dev/devops-and-containers/oke/oke-rm/infra/schema.yaml b/app-dev/devops-and-containers/oke/oke-rm/infra/schema.yaml
@@ -138,10 +138,10 @@ variables:
 
   vcn_cidr_block:
     title: "VCN CIDR block"
-    description: "CIDR blocks to be allocated for the VCN. MUST BE A /16 VCN"
+    description: "CIDR blocks to be allocated for the VCN. MUST BE (x.y.0.0/16) OR (x.y.(0|64|128|192).0/18) OR (x.y.(multiple of 16).0/20)"
     type: string
     required: true
-    pattern: "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){2}0.0\/16$"
+    pattern: "^(?:(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){2}0\\.0\\/(?:16)|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){2}(?:0|64|128|192)\\.0\\/(?:18)|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){2}(?:0|16|32|48|64|80|96|112|128|144|160|176|192|208|224|240)\\.0\\/(?:20))$"
     visible: ${create_vcn}
 
   vcn_dns_label:
diff --git a/app-dev/devops-and-containers/oke/oke-rm/oke/addons.tf b/app-dev/devops-and-containers/oke/oke-rm/oke/addons.tf
@@ -140,4 +140,16 @@ resource "oci_containerengine_addon" "oke_cluster_autoscaler" {
   }
   depends_on = [module.oke]
   count      = local.enable_cluster_autoscaler ? 1 : 0
+}
+
+resource "oci_containerengine_addon" "oke_nodeProblemDetector" {
+  addon_name                       = "NodeProblemDetector"
+  cluster_id                       = module.oke.cluster_id
+  remove_addon_resources_on_delete = false
+  override_existing                = true
+  configurations {
+    key   = "enableKubernetesExporter"
+    value = "true"
+  }
+  depends_on = [module.oke]
 }
diff --git a/app-dev/devops-and-containers/oke/oke-rm/oke/cloud-init/oca.yml b/app-dev/devops-and-containers/oke/oke-rm/oke/cloud-init/oca.yml
@@ -1,17 +1,22 @@
-# This cloud init will configure Oracle Cloud Agent on the managed nodes created by OKE
+runcmd:
+### Install oci-fss-utils if you want to use in-transit encryption for OCI FSS
+  - "sudo yum-config-manager --enable ol8_developer"
+  - "sudo dnf install -y oci-fss-utils"
+###
+
+# Install oci cli and enable Block Volume Management if you want to use Ultra High Performance Block Volumes
 # There are some prerequisites in order to use this:
-# 1. A custom image containing the Oracle CLI preinstalled must be used. You can create it by using the Packer solution: https://github.com/oracle-devrel/technology-engineering/tree/main/app-dev/devops-and-containers/oke/oke-node-packer
-# 2. A dynamic group "oke-instances" representing all the instances in the compartment must be created:
+# 1. A dynamic group "oke-instances" representing all the instances in the compartment must be created:
 # instance.compartment.id = '<node-pool-compartment-ocid>'
-# 3. Create this policy:
+# 2. Create this policy:
 # Allow dynamic-group oke-instances to use instances in compartment <node-pool-compartment-ocid>
 
-runcmd:
+  - "sudo dnf install -y python36-oci-cli"
   - "instance_id=$(curl -H \"Authorization: Bearer Oracle\" -L http://169.254.169.254/opc/v2/instance/id)"
   - "oci compute instance update --instance-id $instance_id --force --agent-config '{
       \"is-agent-disabled\": false,
       \"plugins-config\": [
-        {\"name\": \"Vulnerability Scanning\", \"desiredState\": \"ENABLED\" },
         {\"name\": \"Block Volume Management\", \"desiredState\": \"ENABLED\" }
       ]
     }' --auth instance_principal"
+###
diff --git a/app-dev/devops-and-containers/oke/oke-rm/oke/oke.tf b/app-dev/devops-and-containers/oke/oke-rm/oke/oke.tf
@@ -100,14 +100,19 @@ module "oke" {
   #workers_defined_tags = {}
 
   # GLOBAL NODE POOL LABELS TO BE APPLIED ON ALL NODES (Kubernetes labels)
-  #worker_node_labels = {}
+  worker_node_labels = {
+    "oci.oraclecloud.com/oke-node-problem-detector-enabled" : "true"
+  }
 
   # Additional NSGs to ba attached to all pods
   # pod_nsg_ids = []
 
   # Additional NSGs to be attached to all workers
   #worker_nsg_ids = []
 
+  # Additional NSGs to be attached to the control plane API server
+  #control_plane_nsg_ids = []
+
   # When using VCN_NATIVE_CNI, set the maximum number of pods for all nodes, must be between 1 and 110
   #max_pods_per_node = 31
 
diff --git a/app-dev/devops-and-containers/oke/oke-rm/oke/oke.zip b/app-dev/devops-and-containers/oke/oke-rm/oke/oke.zip

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,10 @@ resource "oci_core_dhcp_options" "external_lb_dhcp" {`
`8`	`8`	`type = "DomainNameServer"`
`9`	`9`	`server_type = "VcnLocalPlusInternet"`
`10`	`10`	`}`
	`11`	`+ options {`
	`12`	`+ type = "SearchDomain"`
	`13`	`+ search_domain_names = [local.vcn_search_domain]`
	`14`	`+ }`
`11`	`15`	`count = local.create_external_lb_subnet ? 1 : 0`
`12`	`16`	`}`
`13`	`17`
`@@ -21,6 +25,10 @@ resource "oci_core_dhcp_options" "internal_lb_dhcp" {`
`21`	`25`	`type = "DomainNameServer"`
`22`	`26`	`server_type = "VcnLocalPlusInternet"`
`23`	`27`	`}`
	`28`	`+ options {`
	`29`	`+ type = "SearchDomain"`
	`30`	`+ search_domain_names = [local.vcn_search_domain]`
	`31`	`+ }`
`24`	`32`	`count = local.create_internal_lb_subnet ? 1 : 0`
`25`	`33`	`}`
`26`	`34`
`@@ -34,6 +42,10 @@ resource "oci_core_dhcp_options" "oke_cp_dhcp" {`
`34`	`42`	`type = "DomainNameServer"`
`35`	`43`	`server_type = "VcnLocalPlusInternet"`
`36`	`44`	`}`
	`45`	`+ options {`
	`46`	`+ type = "SearchDomain"`
	`47`	`+ search_domain_names = [local.vcn_search_domain]`
	`48`	`+ }`
`37`	`49`	`count = local.create_cp_subnet ? 1 : 0`
`38`	`50`	`}`
`39`	`51`
`@@ -47,6 +59,10 @@ resource "oci_core_dhcp_options" "worker_dhcp" {`
`47`	`59`	`type = "DomainNameServer"`
`48`	`60`	`server_type = "VcnLocalPlusInternet"`
`49`	`61`	`}`
	`62`	`+ options {`
	`63`	`+ type = "SearchDomain"`
	`64`	`+ search_domain_names = [local.vcn_search_domain]`
	`65`	`+ }`
`50`	`66`	`count = local.create_worker_subnet ? 1 : 0`
`51`	`67`	`}`
`52`	`68`
`@@ -60,6 +76,10 @@ resource "oci_core_dhcp_options" "pods_dhcp" {`
`60`	`76`	`type = "DomainNameServer"`
`61`	`77`	`server_type = "VcnLocalPlusInternet"`
`62`	`78`	`}`
	`79`	`+ options {`
	`80`	`+ type = "SearchDomain"`
	`81`	`+ search_domain_names = [local.vcn_search_domain]`
	`82`	`+ }`
`63`	`83`	`count = local.create_pod_subnet ? 1 : 0`
`64`	`84`	`}`
`65`	`85`
`@@ -73,6 +93,10 @@ resource "oci_core_dhcp_options" "bastion_dhcp" {`
`73`	`93`	`type = "DomainNameServer"`
`74`	`94`	`server_type = "VcnLocalPlusInternet"`
`75`	`95`	`}`
	`96`	`+ options {`
	`97`	`+ type = "SearchDomain"`
	`98`	`+ search_domain_names = [local.vcn_search_domain]`
	`99`	`+ }`
`76`	`100`	`count = local.create_bastion_subnet ? 1 : 0`
`77`	`101`	`}`
`78`	`102`
`@@ -86,6 +110,10 @@ resource "oci_core_dhcp_options" "fss_dhcp" {`
`86`	`110`	`type = "DomainNameServer"`
`87`	`111`	`server_type = "VcnLocalPlusInternet"`
`88`	`112`	`}`
	`113`	`+ options {`
	`114`	`+ type = "SearchDomain"`
	`115`	`+ search_domain_names = [local.vcn_search_domain]`
	`116`	`+ }`
`89`	`117`	`count = local.create_fss_subnet ? 1 : 0`
`90`	`118`	`}`
`91`	`119`
`@@ -99,6 +127,10 @@ resource "oci_core_dhcp_options" "db_dhcp" {`
`99`	`127`	`type = "DomainNameServer"`
`100`	`128`	`server_type = "VcnLocalPlusInternet"`
`101`	`129`	`}`
	`130`	`+ options {`
	`131`	`+ type = "SearchDomain"`
	`132`	`+ search_domain_names = [local.vcn_search_domain]`
	`133`	`+ }`
`102`	`134`	`count = local.create_db_subnet ? 1 : 0`
`103`	`135`	`}`
`104`	`136`
`@@ -112,5 +144,9 @@ resource "oci_core_dhcp_options" "msg_dhcp" {`
`112`	`144`	`type = "DomainNameServer"`
`113`	`145`	`server_type = "VcnLocalPlusInternet"`
`114`	`146`	`}`
	`147`	`+ options {`
	`148`	`+ type = "SearchDomain"`
	`149`	`+ search_domain_names = [local.vcn_search_domain]`
	`150`	`+ }`
`115`	`151`	`count = local.create_msg_subnet ? 1 : 0`
`116`	`152`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,15 +22,6 @@ resource "oci_core_route_table" "bastion_route_table" {`
`22`	`22`	`description = "Route to reach external Internet through the Internet gateway"`
`23`	`23`	`}`
`24`	`24`	`}`
`25`		`- dynamic "route_rules" {`
`26`		`- for_each = var.enable_drg ? var.peer_vcns : []`
`27`		`- content {`
`28`		`- network_entity_id = local.drg_id`
`29`		`- destination_type = "CIDR_BLOCK"`
`30`		`- destination = route_rules.value`
`31`		`- description = "Route to ${route_rules.value} through the DRG"`
`32`		`- }`
`33`		`- }`
`34`	`25`	`count = local.create_bastion_subnet ? 1 : 0`
`35`	`26`	`}`
`36`	`27`
`@@ -68,7 +59,7 @@ resource "oci_core_route_table" "cp_route_table" {`
`68`	`59`	`}`
`69`	`60`	`}`
`70`	`61`	`dynamic "route_rules" {`
`71`		`- for_each = var.enable_drg ? var.peer_vcns : []`
	`62`	`+ for_each = local.create_drg_attachment ? var.peer_vcns : []`
`72`	`63`	`content {`
`73`	`64`	`network_entity_id = local.drg_id`
`74`	`65`	`destination_type = "CIDR_BLOCK"`
`@@ -91,15 +82,6 @@ resource "oci_core_route_table" "lb_ext_route_table" {`
`91`	`82`	`destination = "0.0.0.0/0"`
`92`	`83`	`description = "Route to reach external Internet through the Internet gateway"`
`93`	`84`	`}`
`94`		`- dynamic "route_rules" {`
`95`		`- for_each = var.enable_drg ? var.peer_vcns : []`
`96`		`- content {`
`97`		`- network_entity_id = local.drg_id`
`98`		`- destination_type = "CIDR_BLOCK"`
`99`		`- destination = route_rules.value`
`100`		`- description = "Route to ${route_rules.value} through the DRG"`
`101`		`- }`
`102`		`- }`
`103`	`85`	`count = local.create_external_lb_subnet ? 1 : 0`
`104`	`86`	`}`
`105`	`87`
`@@ -116,7 +98,7 @@ resource "oci_core_route_table" "lb_int_route_table" {`
`116`	`98`	`description = "Route for all internal OCI services in the region"`
`117`	`99`	`}`
`118`	`100`	`dynamic "route_rules" {`
`119`		`- for_each = var.enable_drg ? var.peer_vcns : []`
	`101`	`+ for_each = local.create_drg_attachment ? var.peer_vcns : []`
`120`	`102`	`content {`
`121`	`103`	`network_entity_id = local.drg_id`
`122`	`104`	`destination_type = "CIDR_BLOCK"`
`@@ -149,7 +131,7 @@ resource "oci_core_route_table" "worker_route_table" {`
`149`	`131`	`}`
`150`	`132`	`}`
`151`	`133`	`dynamic "route_rules" {`
`152`		`- for_each = var.enable_drg ? var.peer_vcns : []`
	`134`	`+ for_each = local.create_drg_attachment ? var.peer_vcns : []`
`153`	`135`	`content {`
`154`	`136`	`network_entity_id = local.drg_id`
`155`	`137`	`destination_type = "CIDR_BLOCK"`
`@@ -182,7 +164,7 @@ resource "oci_core_route_table" "pod_route_table" {`
`182`	`164`	`}`
`183`	`165`	`}`
`184`	`166`	`dynamic "route_rules" {`
`185`		`- for_each = var.enable_drg ? var.peer_vcns : []`
	`167`	`+ for_each = local.create_drg_attachment ? var.peer_vcns : []`
`186`	`168`	`content {`
`187`	`169`	`network_entity_id = local.drg_id`
`188`	`170`	`destination_type = "CIDR_BLOCK"`