Now that terraform-oci-oke 3.0 has been released, I want to explore running a “cloud native” CI on OKE. My criteria are relatively simple:

  1. Able to build and test applications using a number of tools e.g. maven/gradle/npm
  2. Able to build containers and push them to a secure registry
  3. Eventually use Infrastructure As Code for CD

I settled on Tekton. This is what the workflow will look like:

CI Workflow

Given that Tekton runs on a Kubernetes cluster, I’ve provisioned one using terraform-oci-oke. One thing I’ve done is enable the use of both public and private load balancers and set the preferred load balancer…

We recently released version 3.0.0 of the terraform-oci-oke module. I’ll do a brief break down of the changes here.

Terraform 0.13

The biggest motivation for releasing a major version was compatibility with Terraform 0.13. Besides a couple of deprecation warnings, the rest of the code base was ready for 0.13. However, since the OKE module also uses a few remote submodules (base, vcn, bastion, operator), we upgraded those as well.

New Features

In terms of new features, the major addition is the support for using Flex Shapes for worker node pools. …

Until recently, the OCI Load Balancer shapes were fairly restricted to a handful:

  • 100 Mbps
  • 400 Mbps
  • 8000 Mbps

What’s more, if you had to change the shape, that would involve recreating the load balancer. Not anymore.

There’s now a couple of new load balancer shapes:

Load balancer shapes are also now updatable without having to destroy and recreate them.

So let’s see how we can create them with OKE.

First, let’s see what load balancer shapes are available in our tenancy

oci lb shape list --compartment-id ocid1.compartment.oc1…

We’ve recently published a number of reusable Terraform modules for OCI on GitHub and the Terraform registry. You can find them here.

In this post, I’ll walk you through those I’m working on, their purpose and how you can use them in your projects.


terraform-oci-vcn is a module for creating a VCN. Creating a VCN is simple right, so what’s the big deal with this module? Well, it also optionally allows you to create Internet, NAT and Service gateways and create routing tables accordingly.

Let’s first see how to reuse the VCN module. …

HashiCorp Vault is a fantastic piece of software. You can use it to manage your secrets, to keep your application data secure or to manage access to different systems using identities.

In this article, we will:

  • deploy a Vault instance on OCI
  • integrate it with OCI KMS
  • use OCI Object Storage as Vault’s storage backend
  • use the OCI Auth method to authenticate using both user and instance principals

Ready? Let’s roll.

Create the base infrastructure and networking

Let’s create the base infrastructure using the terraform-oci-base module. You can also now obtain the base module from the Terraform registry.

#base module
module "base" {
source =…

Image source:

I was quite thrilled to learn that the Argo Project has recently been accepted as incubator-level project in CNCF’s stack.

As a brief introduction, the Argo Project has 4 main components:

  • Argo Workflows: a native workflow engine to orchestrate parallel jobs on Kubernetes
  • Argo CD: a declarative, GitOps continuous delivery tool for Kubernetes
  • Argo Rollouts: provides additional deployment strategies such as Blue-Green and Canary to Kubernetes
  • Argo Events: provides an event-based dependency manager for Kubernetes

So, without wasting any time, let’s give them a try and I’ll be your Huckleberry.

Creating a test OKE cluster for Argo

Clone the terraform-oci-oke repo or use the published terraform OKE…

We want to create an active-passive Oracle RAC database deployment between 2 OCI regions with the following objectives:

  1. Create an Oracle RAC Cluster in 2 regions (Phoenix and Asburn)
  2. 1 region is designated as primary (Phoenix) and the other is secondary (Ashburn)
  3. Achieve replication using Data Guard
  4. Database backup using Object Storage

More importantly, we want all cross-region network traffic achieved using OCI’s backbone instead of the public internet.

To achieve this, we need to set up the following:

  1. 2 VCNs, 1 in each region
  2. 2 RAC Clusters, 1 in each region
  3. Data Guard replication between the 2 RAC Clusters

In a previous post, I went through a list of things to do when upgrading to Terraform 0.12. These consisted of:

  1. fixing breaking changes
  2. using first-class expressions
  3. using improved conditionals
  4. Using dynamic blocks to reduce code repetition
  5. Upgrading self-contained modules

In this post, I’ll mainly concentrate on using rich types and type constraints.

Primitive types

A primitive type is, as the definition says, a simple type that is not made from any other types. Primitive types are string, number and bool.

Terraform automatically converts numbers and boolean values to string and vice-versa when needed. …

Using multiple controllers and load balancers with OKE

In Part 1, I briefly described what Ingress and Ingress Controllers are. We also took on a spin on OKE some of the most popular Ingress Controllers for Kubernetes, namely:

In this post, we’ll look at Ingress class and how they can be used to deploy multiple instances of Ingress Controllers concurrently. We’ll also briefly look at a different type of Kubernetes service (ExternalName) and one of the ways you would use it. Finally, we look at how they can be used with public and internal load balancers.

All the yamls in the exercises below can…

Terraform 0.12 has recently been released and is a major update providing a significant number of improvement and features.

While you may want to rush and use the new features, I’ll walk you through some of the lessons we learnt while upgrading the terraform-oci-oke project.

This is by no means an exhaustive list. I’ll be updating this as we understand and use more and more new 0.12 features.

  1. Read the blog series
  2. Fix breaking changes first
  3. Start using first class expressions
  4. Keep interpolation syntax for string concatenation
  5. Use improved conditionals
  6. Introduce dynamic blocks to reduce code repetition
  7. Upgrade self-contained modules

Ali Mukadam

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store