OCI's OKE automatically with Terraform
Lastly, I have been exploring OKE a little bit. Mostly for testing purposes. I was planning to deploy some simple web containers there. You know me well, right? I am a real fan of Infrastructure as a code paradigm. So, as always, I was trying to encapsulate my deployment into the HCL code. Frankly speaking, my goal was simple – minimal usage of the Cloud Console and maximum usage of Terraform for automation.
The final effect of my work can be found in this Github repo. If you have ever tried to use OKE, you have probably noticed that policies need to be granted on the tenancy level. It has been documented here in the official documentation. I was sure I could encapsulate it in Terraform code as well with oci_indentity_policy resources. The code looked like this:
resource "oci_identity_policy" "FoggyKitchenOKEPolicy1" { name = "FoggyKitchenOKEPolicy1" description = "FoggyKitchenOKEPolicy1" compartment_id = var.tenancy_ocid statements = ["allow service OKE to manage all-resources in tenancy"] }
But it was not working during the terraform plan phase. I have been hit by the error as follows:
Yes… I need to do it manually in OCI Console (in the repo resource has been hashed):
Then everything went fine with terraform apply:
Here is OCI Console OKE related information:
That is all for today. Hope it will be useful for you.
Bon Appetit,
Martin, The Cook.