OCI’s OKE automatically with Terraform

Lastly, I have been exploring OKE a little bit. Mostly for testing purposes. I was planning to deploy some simple web containers there. You know me well, right? I am a real fan of Infrastructure as a code paradigm. So, as always, I was trying to encapsulate my deployment into the HCL code. Frankly speaking, my goal was simple – minimal usage of the Cloud Console and maximum usage of Terraform for automation.

The final effect of my work can be found in this Github repo. If you have ever tried to use OKE, you have probably noticed that policies need to be granted on the tenancy level. It has been documented here in the official documentation. I was sure I could encapsulate it in Terraform code as well with oci_indentity_policy resources. The code looked like this:

resource "oci_identity_policy" "FoggyKitchenOKEPolicy1" {
name = "FoggyKitchenOKEPolicy1"
description = "FoggyKitchenOKEPolicy1"
compartment_id = var.tenancy_ocid
statements = ["allow service OKE to manage all-resources in tenancy"]
}

But it was not working during the terraform plan phase. I have been hit by the error as follows:

OKE_error

Yes… I need to do it manually in OCI Console (in the repo resource has been hashed):

OKE_policy

Then everything went fine with terraform apply:

OKE_terraform_apply_success

Here is OCI Console OKE related information:

OKE_Provisioning

OKE_ready

That is all for today. Hope it will be useful for you.

Bon Appetit,

Martin, The Cook.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s