OCI's OKE automatically with Terraform

Lastly, I have been exploring OKE a little bit. Mostly for testing purposes. I was planning to deploy some simple web containers there. You know me well, right? I am a real fan of Infrastructure as a code paradigm. So, as always, I was trying to encapsulate my deployment into the HCL code. Frankly speaking, my goal was simple – minimal usage of the Cloud Console and maximum usage of Terraform for automation.
The final effect of my work can be found in this Github repo. If you have ever tried to use OKE, you have probably noticed that policies need to be granted on the tenancy level. It has been documented here in the official documentation. I was sure I could encapsulate it in Terraform code as well with oci_indentity_policy resources. The code looked like this:

resource "oci_identity_policy" "FoggyKitchenOKEPolicy1" {
name = "FoggyKitchenOKEPolicy1"
description = "FoggyKitchenOKEPolicy1"
compartment_id = var.tenancy_ocid
statements = ["allow service OKE to manage all-resources in tenancy"]
}

But it was not working during the terraform plan phase. I have been hit by the error as follows:
OKE_error
Yes… I need to do it manually in OCI Console (in the repo resource has been hashed):
OKE_policy
Then everything went fine with terraform apply:
OKE_terraform_apply_success
Here is OCI Console OKE related information:
OKE_Provisioning
OKE_ready
That is all for today. Hope it will be useful for you.
Bon Appetit,
Martin, The Cook.

Leave a Reply