Option to add NSG #115
Description
Hello, we are currently working on how to add NSG configuration to OKE cluster and deployment of the ingress controllers:
We have found the following:
Terraform - Changes applied to Terraform files
In cluster_creation_terraform/oke.tf:
resource "oci_containerengine_cluster" "oke_cluster" {
...
endpoint_config {
is_public_ip_enabled = false
subnet_id = local.endpoint_subnet_id
nsg_ids = ["<OCID_NSG_API>"]
}
...
}
resource "oci_containerengine_node_pool" "oke_node_pool" {
...
node_config_details {
nsg_ids = ["<OCID_NSG_NODES>"]
dynamic "placement_configs" {
for_each = data.oci_identity_availability_domains.ADs.availability_domains
...
}
}
}
Then, in oci-ai-blueprints/oci_ai_blueprints_terraform/modules/corrino/modules/cluster-tools/ingress-nginx.tf:
In "helm_release" "ingress_nginx", add:
set {
name = "controller.service.annotations.oci\.oraclecloud\.com/oci-network-security-groups"
value = "<ocid_NSG_LB>"
type = "string"
}
In oci_ai_blueprints_terraform/helm.tf:
In "helm_release" "kong", add:
set {
name = "proxy.annotations.oci\.oraclecloud\.com/oci-network-security-groups"
value = "<ocid_NSG_LB>"
type = "string"
}