Skip to content

Latest commit

 

History

History
110 lines (94 loc) · 3.45 KB

README.md

File metadata and controls

110 lines (94 loc) · 3.45 KB

Load Balancer Network set-up (optional)

Table of Contents

 

1. Summary
NAME Load Balancer set-up (optional)
OBJECTIVE Provision Load Balancer subnet for OCVS
TARGET RESOURCES VCN, Load Balancer

This is an optional post deployment operation to provision a Load Balancer Subnet for the OCVS service with a predefined routing and security rules. Load Balancer subnet can be used for creating Load Balancer for exposing parts of the OCVS either internally or externally.

 

2. Compartments

Provision ocvs-lb compartment by modifying the identity.auto.tfvars.json file to add following in the OCVS children:

"CMP-P-PLATFORM-OCVS-LB-KEY": {
    "name": "cmp-p-platform-ocvs-lb",
    "description": "oci-oneoe-customer Production environment, Platform OCVS, LB layer",
    "freeform_tags": {
        "oci-open-lz": "oci-oneoe-lzp",
        "oci-open-lz-cmp": "cmp-p-platform-ocvs-lb"
    }
}

 

3. Network

Provision LB subnet, routes, security lists by modifing the network.auto.tfvars.json file to add following parts of configuration.

Route table to path network_configuration.network_configuration_categories["VCN-FRA-P-OCVS-KEY"].route_tables

"RT-01-P-OCVS-VCN-LB-KEY": {
    "display_name": "rt-01-p-ocvs-vcn-lb",
    "route_rules": {
        "sgw_route": {
            "description": "Route for sgw",
            "destination": "all-services",
            "destination_type": "SERVICE_CIDR_BLOCK",
            "network_entity_key": "SG-FRA-P-OVCS-KEY"
        },
        "drg_route": {
            "description": "Route to DRG",
            "destination": "0.0.0.0/0",
            "destination_type": "CIDR_BLOCK",
            "network_entity_id": "<OCID-DRG-HUB>"
        }
    }
}

Security list to path network_configuration.network_configuration_categories["VCN-FRA-P-OCVS-KEY"].security_lists

"SL-01-P-OCVS-VCN-LB-KEY": {
    "display_name": "sl-01-p-ocvs-vcn-lb",
    "egress_rules": [
        {
            "description": "egress to 0.0.0.0/0 over ALL protocols",
            "dst": "0.0.0.0/0",
            "dst_type": "CIDR_BLOCK",
            "protocol": "ALL",
            "stateless": false
        }
    ],
    "ingress_rules": [
        {
            "description": "ingress from 0.0.0.0/0 ALL ports",
            "protocol": "ALL",
            "src": "0.0.0.0/0",
            "src_type": "CIDR_BLOCK",
            "stateless": false
        }
    ]
}

Subnets to path network_configuration.network_configuration_categories["VCN-FRA-P-OCVS-KEY"].subnets

"SN-FRA-P-LB-KEY": {
    "cidr_block": "10.1.28.0/24",
    "dhcp_options_key": "default_dhcp_options",
    "display_name": "sn-fra-p-ocvs-lb",
    "dns_label": "snfrapocvslb",
    "prohibit_internet_ingress": true,
    "prohibit_public_ip_on_vnic": true,
    "route_table_key": "RT-01-P-OCVS-VCN-LB-KEY",
    "security_list_keys": [
        "SL-01-P-OCVS-VCN-LB-KEY"
    ]
}

   

License

Copyright (c) 2025 Oracle and/or its affiliates.

Licensed under the Universal Permissive License (UPL), Version 1.0.

See LICENSE for more details.