The Terraform OKE Module for Oracle Cloud Infrastructure (OCI) provides a Terraform module that provisions an OCI Kubernetes Engine (OKE) cluster with supporting infrastructure.
It creates the following resources:
- A Virtual Cloud Network (VCN) with public and private subnets, network security groups, and gateways (internet, NAT, service, DRG)
- An OKE cluster (basic or enhanced) with configurable CNI, Kubernetes version, and OIDC authentication
- Worker node pools in various modes: OKE-managed node pools, virtual node pools, self-managed instances, instance pools, cluster networks, and compute clusters
- A bastion host for SSH access into the VCN
- An operator host for cluster management with kubectl, Helm, and optional tools (k9s, istioctl, stern, k8sgpt)
- IAM dynamic groups, policies, and optional tag namespaces
- Kubernetes extensions deployed via Helm or YAML manifests
The module outputs the OKE cluster ID, endpoints, bastion and operator SSH commands, and network resource IDs. Detailed outputs such as kubeconfig are available when output_detail = true.
The default deployment creates a VCN with the following subnets:
| Subnet | Purpose | Access |
|---|---|---|
| bastion | Bastion host | Public |
| operator | Operator host | Private |
| cp | Kubernetes control plane | Private (or public) |
| workers | Worker nodes | Private |
| pods | Pod network (NPN CNI) | Private |
| int_lb | Internal load balancers | Private |
| pub_lb | Public load balancers | Public |
The module supports multiple worker management modes:
| Mode | Description | Use Case |
|---|---|---|
node-pool |
OKE-managed node pools | General purpose workloads |
virtual-node-pool |
OKE-managed virtual nodes | Serverless, burstable workloads |
instance |
Self-managed compute instances | Custom node configuration |
instance-pool |
Self-managed instance pools | Scalable self-managed nodes |
cluster-network |
Self-managed cluster networks | HPC/GPU with RDMA networking |
compute-cluster |
Shared compute clusters | Multi-nodepool HPC clusters |
The module can deploy the following Kubernetes extensions:
| Extension | Method | Purpose |
|---|---|---|
| Cilium | Helm | eBPF-based networking, security, and observability |
| Multus | Daemonset | Multi-network pod interfaces |
| SR-IOV Device Plugin | Daemonset | SR-IOV network device advertisement |
| SR-IOV CNI Plugin | Daemonset | SR-IOV network connections |
| RDMA CNI Plugin | Daemonset | RDMA network connections |
| Whereabouts | Daemonset | IP address management for Multus |
| Metrics Server | Helm | Kubernetes metrics API |
| Cluster Autoscaler | Helm | Automatic node pool scaling |
| Prometheus | Helm | Monitoring and alerting |
| DCGM Exporter | Helm | GPU metrics for NVIDIA GPUs |
| Gatekeeper | Helm | OPA policy enforcement |
| MPI Operator | Manifest | MPI/NCCL distributed training jobs |
| ArgoCD | Helm | GitOps continuous delivery |
- Oracle Cloud Infrastructure Documentation
- Terraform OCI Provider Documentation
- OCI Kubernetes Engine Documentation
- Terraform OCI Bastion Module
Code derived and adapted from Terraform OCI Examples and HashiCorp's Terraform 0.12 examples.
Learn how to contribute.
Copyright (c) 2017, 2025 Oracle Corporation and/or its affiliates. Licensed under the Universal Permissive License 1.0 as shown at https://oss.oracle.com/licenses/upl.