From 965a2f849d45691ed74ac0b5ff7d8184f4293246 Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Tue, 20 Mar 2018 14:21:04 +0000
Subject: [PATCH 01/10] Allow overriding of the DNS labels for the subnets

---
 k8s-oci.tf               |  1 +
 network/vcn/subnets.tf   | 26 +++++++++++++-------------
 network/vcn/variables.tf | 20 ++++++++++++++++++++
 variables.tf             | 20 ++++++++++++++++++++
 4 files changed, 54 insertions(+), 13 deletions(-)

diff --git a/k8s-oci.tf b/k8s-oci.tf
index 4560e86..fe84708 100644
--- a/k8s-oci.tf
+++ b/k8s-oci.tf
@@ -61,6 +61,7 @@ module "vcn" {
   master_nodeport_ingress                 = "${var.master_nodeport_ingress}"
   external_icmp_ingress                   = "${var.external_icmp_ingress}"
   internal_icmp_ingress                   = "${var.internal_icmp_ingress}"
+  network_subnet_dns                      = "${var.network_subnet_dns}"
 }
 
 module "oci-cloud-controller" {
diff --git a/network/vcn/subnets.tf b/network/vcn/subnets.tf
index 27ba6d6..37674b5 100644
--- a/network/vcn/subnets.tf
+++ b/network/vcn/subnets.tf
@@ -79,7 +79,7 @@ resource "oci_core_subnet" "etcdSubnetAD1" {
   cidr_block          = "${lookup(var.network_cidrs, "etcdSubnetAD1")}"
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD1"
-  dns_label           = "etcdsubnet1"
+  dns_label           = "${lookup(var.network_subnet_dns, "etcdSubnetAD1")}"
   vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
 
   # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD1 first pick)
@@ -98,7 +98,7 @@ resource "oci_core_subnet" "etcdSubnetAD2" {
   cidr_block          = "${lookup(var.network_cidrs, "etcdSubnetAD2")}"
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD2"
-  dns_label           = "etcdsubnet2"
+  dns_label           = "${lookup(var.network_subnet_dns, "etcdSubnetAD2")}"
   vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
 
   # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD2 first pick)
@@ -117,7 +117,7 @@ resource "oci_core_subnet" "etcdSubnetAD3" {
   cidr_block          = "${lookup(var.network_cidrs, "etcdSubnetAD3")}"
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD3"
-  dns_label           = "etcdsubnet3"
+  dns_label           = "${lookup(var.network_subnet_dns, "etcdSubnetAD3")}"
   vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
 
   # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD3 first pick)
@@ -136,7 +136,7 @@ resource "oci_core_subnet" "k8sMasterSubnetAD1" {
   cidr_block                 = "${lookup(var.network_cidrs, "masterSubnetAD1")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD1"
-  dns_label                  = "k8smasterad1"
+  dns_label                  = "${lookup(var.network_subnet_dns, "masterSubnetAD1")}"
   vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
   dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
@@ -153,7 +153,7 @@ resource "oci_core_subnet" "k8sMasterSubnetAD2" {
   cidr_block                 = "${lookup(var.network_cidrs, "masterSubnetAD2")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD2"
-  dns_label                  = "k8smasterad2"
+  dns_label                  = "${lookup(var.network_subnet_dns, "masterSubnetAD2")}"
   vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
   dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
@@ -170,7 +170,7 @@ resource "oci_core_subnet" "k8sMasterSubnetAD3" {
   cidr_block                 = "${lookup(var.network_cidrs, "masterSubnetAD3")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD3"
-  dns_label                  = "k8smasterad3"
+  dns_label                  = "${lookup(var.network_subnet_dns, "masterSubnetAD3")}"
   vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
   dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
@@ -187,7 +187,7 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD1" {
   cidr_block                 = "${lookup(var.network_cidrs, "workerSubnetAD1")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD1"
-  dns_label                  = "k8sworkerad1"
+  dns_label                  = "${lookup(var.network_subnet_dns, "workerSubnetAD1")}"
   vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
   dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
@@ -204,7 +204,7 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD2" {
   cidr_block                 = "${lookup(var.network_cidrs, "workerSubnetAD2")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD2"
-  dns_label                  = "k8sworkerad2"
+  dns_label                  = "${lookup(var.network_subnet_dns, "workerSubnetAD2")}"
   vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
   dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
@@ -221,7 +221,7 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD3" {
   cidr_block                 = "${lookup(var.network_cidrs, "workerSubnetAD3")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD3"
-  dns_label                  = "k8sworkerad3"
+  dns_label                  = "${lookup(var.network_subnet_dns, "workerSubnetAD3")}"
   vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
   dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
@@ -241,7 +241,7 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD1" {
   cidr_block                 = "${lookup(var.network_cidrs, "k8sCCMLBSubnetAD1")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}PublicK8SCCMLBSubnetAD1"
-  dns_label                  = "k8sccmlbad1"
+  dns_label                  = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD1")}"
   vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
   route_table_id             = "${oci_core_route_table.PublicRouteTable.id}"
   dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
@@ -258,7 +258,7 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD2" {
   cidr_block                 = "${lookup(var.network_cidrs, "k8sCCMLBSubnetAD2")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}PublicK8SCCMLBSubnetAD2"
-  dns_label                  = "k8sccmlbad2"
+  dns_label                  = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD2")}"
   vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
   route_table_id             = "${oci_core_route_table.PublicRouteTable.id}"
   dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
@@ -275,11 +275,11 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD3" {
   cidr_block                 = "${lookup(var.network_cidrs, "k8sCCMLBSubnetAD3")}"
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}PublicK8SCCMLBSubnetAD3"
-  dns_label                  = "k8sccmlbad3"
+  dns_label                  = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD3")}"
   vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
   route_table_id             = "${oci_core_route_table.PublicRouteTable.id}"
   dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
-  security_list_ids          = ["${oci_core_security_list.K8SCCMLBSubnet.id}"]  
+  security_list_ids          = ["${oci_core_security_list.K8SCCMLBSubnet.id}"]
   prohibit_public_ip_on_vnic = "false"
 
   provisioner "local-exec" {
diff --git a/network/vcn/variables.tf b/network/vcn/variables.tf
index 4a7cfaa..67b64c9 100644
--- a/network/vcn/variables.tf
+++ b/network/vcn/variables.tf
@@ -24,6 +24,26 @@ variable "network_cidrs" {
   }
 }
 
+variable "network_subnet_dns" {
+  type = "map"
+
+  default = {
+    etcdSubnetAD1     = "etcdsubnet1"
+    etcdSubnetAD2     = "etcdsubnet2"
+    etcdSubnetAD3     = "etcdsubnet3"
+    masterSubnetAD1   = "k8smasterad1"
+    masterSubnetAD2   = "k8smasterad2"
+    masterSubnetAD3   = "k8smasterad3"
+    workerSubnetAD1   = "k8sworkerad1"
+    workerSubnetAD2   = "k8sworkerad2"
+    workerSubnetAD3   = "k8sworkerad3"
+    k8sCCMLBSubnetAD1 = "k8sccmlbad1"
+    k8sCCMLBSubnetAD2 = "k8sccmlbad2"
+    k8sCCMLBSubnetAD3 = "k8sccmlbad3"
+  }
+}
+
+
 variable "tenancy_ocid" {}
 
 variable "control_plane_subnet_access" {
diff --git a/variables.tf b/variables.tf
index 39d9177..4f3a3a8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -29,6 +29,26 @@ variable "network_cidrs" {
   }
 }
 
+variable "network_subnet_dns" {
+  type = "map"
+
+  default = {
+    etcdSubnetAD1     = "etcdsubnet1"
+    etcdSubnetAD2     = "etcdsubnet2"
+    etcdSubnetAD3     = "etcdsubnet3"
+    masterSubnetAD1   = "k8smasterad1"
+    masterSubnetAD2   = "k8smasterad2"
+    masterSubnetAD3   = "k8smasterad3"
+    workerSubnetAD1   = "k8sworkerad1"
+    workerSubnetAD2   = "k8sworkerad2"
+    workerSubnetAD3   = "k8sworkerad3"
+    k8sCCMLBSubnetAD1 = "k8sccmlbad1"
+    k8sCCMLBSubnetAD2 = "k8sccmlbad2"
+    k8sCCMLBSubnetAD3 = "k8sccmlbad3"
+  }
+}
+
+
 variable "domain_name" {
   default = "k8sbmcs.oraclevcn.com"
 }

From eef22a8729169bb303ed13409fab5595266968fe Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Tue, 20 Mar 2018 14:23:21 +0000
Subject: [PATCH 02/10] Add Documentation

---
 docs/input-variables.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/input-variables.md b/docs/input-variables.md
index cf6f81e..8b412c3 100644
--- a/docs/input-variables.md
+++ b/docs/input-variables.md
@@ -112,6 +112,7 @@ The following input variables are used to configure the inbound security rules o
 name                                | default                 | description
 ------------------------------------|-------------------------|------------
 network_cidrs                       | See map in variables.tf | A CIDR notation IP range of the VCN and its subnets.
+network_subnet_dns                  | See map in variables.tf | A DNS label for each of the subnet in the VCN (Max 15 characters)
 etcd_cluster_ingress                | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access the etcd cluster. Must be a subset of the VCN CIDR.
 etcd_ssh_ingress                    | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to SSH to etcd nodes. Must be a subset of the VCN CIDR.
 master_ssh_ingress                  | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access the master(s). Must be a subset of the VCN CIDR.

From 2c59b467078ef884df7351932de2dc8a33d0ac65 Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Tue, 20 Mar 2018 11:09:23 +0000
Subject: [PATCH 03/10] Use the correct path

---
 bashsource.tf | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/bashsource.tf b/bashsource.tf
index e669e00..a6db27b 100644
--- a/bashsource.tf
+++ b/bashsource.tf
@@ -1,6 +1,6 @@
 resource null_resource "build_source" {
   provisioner "local-exec" {
-    command = "echo \"export KUBECONFIG=${path.module}/generated/kubeconfig\" > source.sh "
+    command = "echo \"export KUBECONFIG=${path.root}/generated/kubeconfig\" > source.sh "
   }
 }
 
@@ -17,7 +17,7 @@ resource null_resource "etcd-ad1" {
   }
   
   provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}etcdad1-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad1.instance_public_ips, count.index)}\"' >> source.sh"
+    command = "echo 'alias ${var.label_prefix}etcdad1-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad1.instance_public_ips, count.index)}\"' >> source.sh"
   }
 }
 
@@ -34,7 +34,7 @@ resource null_resource "etcd-ad2" {
   }
 
   provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}etcdad2-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad2.instance_public_ips, count.index)}\"' >> source.sh"
+    command = "echo 'alias ${var.label_prefix}etcdad2-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad2.instance_public_ips, count.index)}\"' >> source.sh"
   }
 }
 
@@ -51,7 +51,7 @@ resource null_resource "etcd-ad3" {
   }
 
   provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}etcad3-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad3.instance_public_ips, count.index)}\"' >> source.sh"
+    command = "echo 'alias ${var.label_prefix}etcad3-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad3.instance_public_ips, count.index)}\"' >> source.sh"
   }
 }
 
@@ -71,7 +71,7 @@ resource null_resource "k8smaster-ad1" {
   }
 
   provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}masterad1-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad1.public_ips, count.index)}\"' >> source.sh"
+    command = "echo 'alias ${var.label_prefix}masterad1-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad1.public_ips, count.index)}\"' >> source.sh"
   }
 }
 
@@ -87,7 +87,7 @@ resource null_resource "k8smaster-ad2" {
   }
 
   provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}masterad2-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad2.public_ips, count.index)}\"' >> source.sh"
+    command = "echo 'alias ${var.label_prefix}masterad2-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad2.public_ips, count.index)}\"' >> source.sh"
   }
 }
 
@@ -104,7 +104,7 @@ resource null_resource "k8smaster-ad3" {
   }
 
   provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}masterad3-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad3.public_ips, count.index)}\"' >> source.sh"
+    command = "echo 'alias ${var.label_prefix}masterad3-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8smaster-ad3.public_ips, count.index)}\"' >> source.sh"
   }
 }
 
@@ -112,7 +112,7 @@ resource null_resource "k8sworker-ad1" {
   count = "${var.k8sWorkerAd1Count}"
   depends_on = [
     "module.instances-k8sworker-ad1",
-  ] 
+  ]
 
   triggers {
     worker_id = "${element(module.instances-k8sworker-ad1.ids, count.index)}"
@@ -120,7 +120,7 @@ resource null_resource "k8sworker-ad1" {
   }
 
   provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}workerad1-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad1.public_ips, count.index)}\"' >> source.sh"
+    command = "echo 'alias ${var.label_prefix}workerad1-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad1.public_ips, count.index)}\"' >> source.sh"
   }
 }
 
@@ -136,7 +136,7 @@ resource null_resource "k8sworker-ad2" {
   }
 
   provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}workerad2-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad2.public_ips, count.index)}\"' >> source.sh"
+    command = "echo 'alias ${var.label_prefix}workerad2-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad2.public_ips, count.index)}\"' >> source.sh"
   }
 }
 
@@ -153,7 +153,7 @@ resource null_resource "k8sworker-ad3" {
   }
 
   provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}workerad3-${count.index}=\"ssh -i ${path.module}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad3.public_ips, count.index)}\"' >> source.sh"
+    command = "echo 'alias ${var.label_prefix}workerad3-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-k8sworker-ad3.public_ips, count.index)}\"' >> source.sh"
   }
 }
 

From d01a12dbf9a2df86178afef6e746c2aa6897f4f4 Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Tue, 20 Mar 2018 11:22:37 +0000
Subject: [PATCH 04/10] Add prefix to bash source

---
 bashsource.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bashsource.tf b/bashsource.tf
index a6db27b..8a9c4b7 100644
--- a/bashsource.tf
+++ b/bashsource.tf
@@ -1,6 +1,6 @@
 resource null_resource "build_source" {
   provisioner "local-exec" {
-    command = "echo \"export KUBECONFIG=${path.root}/generated/kubeconfig\" > source.sh "
+    command = "echo \"export KUBECONFIG=${path.root}/generated/kubeconfig\" > ${var.label_prefix}source.sh"
   }
 }
 

From 24b396f54fe248306c133826ea9ab8a570c8e388 Mon Sep 17 00:00:00 2001
From: "jesse.millan" <jesse.millan@oracle.com>
Date: Tue, 20 Mar 2018 14:44:46 -0700
Subject: [PATCH 05/10] Temporarily disable master LB in test cluster.

---
 tests/resources/configs/public-cluster.tfvars | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/resources/configs/public-cluster.tfvars b/tests/resources/configs/public-cluster.tfvars
index 7fcb4d8..5efde5c 100755
--- a/tests/resources/configs/public-cluster.tfvars
+++ b/tests/resources/configs/public-cluster.tfvars
@@ -7,6 +7,7 @@ vcn_dns_name = "k8soci"
 domain_name = "k8soci.oraclevcn.com"
 control_plane_subnet_access = "public"
 k8s_master_lb_access = "public"
+master_oci_lb_enabled = "false"
 etcd_lb_enabled = "false"
 etcdShape = "VM.Standard1.8"
 k8sMasterShape = "VM.Standard1.8"

From 0d860d803ceadeb6aeb33b0519da5cace3805b31 Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Wed, 21 Mar 2018 12:02:29 +0000
Subject: [PATCH 06/10] Allow passing in VCN instead of creating

---
 k8s-oci.tf                                    |  83 +++++---
 .../cloud_init/bootstrap.template.yaml        |   0
 network/{vcn => subnets}/datasources.tf       |   0
 network/{vcn => subnets}/natinstance.tf       |   0
 network/{vcn => subnets}/outputs.tf           |   9 +-
 network/subnets/routes.tf                     |  47 +++++
 network/{vcn => subnets}/securitylists.tf     |  12 +-
 network/{vcn => subnets}/subnets.tf           | 109 +++++------
 network/subnets/variables.tf                  | 179 ++++++++++++++++++
 network/vcn/output.tf                         |  12 ++
 network/vcn/variables.tf                      | 170 +----------------
 network/vcn/vcn.tf                            |  52 +----
 outputs.tf                                    |  20 +-
 variables.tf                                  |  20 +-
 14 files changed, 391 insertions(+), 322 deletions(-)
 rename network/{vcn => subnets}/cloud_init/bootstrap.template.yaml (100%)
 rename network/{vcn => subnets}/datasources.tf (100%)
 rename network/{vcn => subnets}/natinstance.tf (100%)
 rename network/{vcn => subnets}/outputs.tf (90%)
 create mode 100644 network/subnets/routes.tf
 rename network/{vcn => subnets}/securitylists.tf (95%)
 rename network/{vcn => subnets}/subnets.tf (76%)
 create mode 100644 network/subnets/variables.tf
 create mode 100644 network/vcn/output.tf

diff --git a/k8s-oci.tf b/k8s-oci.tf
index fe84708..d8bc2ec 100644
--- a/k8s-oci.tf
+++ b/k8s-oci.tf
@@ -1,19 +1,4 @@
 
-locals {
-  master_lb_ip      = "${var.master_oci_lb_enabled == "true" ? element(concat(flatten(module.k8smaster-public-lb.ip_addresses), list("")), 0) : "127.0.0.1"}"
-  master_lb_address = "${format("https://%s:%s", local.master_lb_ip, var.master_oci_lb_enabled == "true" ? "443" : "6443")}"
-
-  reverse_proxy_clount_init = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.clount_init}"
-  reverse_proxy_setup       = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.setup}"
-
-  etcd_endpoints = "${var.etcd_lb_enabled == "true" ?
-    join(",",formatlist("http://%s:2379", module.etcd-lb.ip_addresses)) :
-    join(",",formatlist("http://%s:2379", compact(concat(
-      module.instances-etcd-ad1.private_ips, 
-      module.instances-etcd-ad2.private_ips, 
-      module.instances-etcd-ad3.private_ips)))) }"
-}
-
 ### CA and Cluster Certificates
 
 module "k8s-tls" {
@@ -31,10 +16,29 @@ module "k8s-tls" {
 ### Virtual Cloud Network
 
 module "vcn" {
+  create_vcn                              = "${var.vcn_id == "" ? 1 : 0}"
   source                                  = "./network/vcn"
   compartment_ocid                        = "${var.compartment_ocid}"
   label_prefix                            = "${var.label_prefix}"
+  vcn_dns_name                            = "${var.vcn_dns_name}"
+  vcn_cidr                                = "${var.vcn_cidr}"
+}
+
+
+module "subnets" {
+  source                                  = "./network/subnets"
+  compartment_ocid                        = "${var.compartment_ocid}"
+  label_prefix                            = "${var.label_prefix}"
   tenancy_ocid                            = "${var.tenancy_ocid}"
+
+  # Use a existing VCN and public route table and dhcp options
+  vcn_id                                  = "${var.vcn_id == "" ? join(" ",module.vcn.vcn_id) : var.vcn_id}"
+  dhcp_options_id                         = "${var.vcn_id == "" ? join(" ",module.vcn.dhcp_options_id) : var.dhcp_options_id}"
+  public_routetable_id                    = "${var.vcn_id == "" ? join(" ",module.vcn.public_routetable_id) : var.public_routetable_id}"
+  #vcn_id                                  = "${module.vcn.vcn_id}"
+  #dhcp_options_id                         = "${module.vcn.dhcp_options_id}"
+  #public_routetable_id                    = "${module.vcn.public_routetable_id}"
+  
   vcn_dns_name                            = "${var.vcn_dns_name}"
   additional_etcd_security_lists_ids      = "${var.additional_etcd_security_lists_ids}"
   additional_k8smaster_security_lists_ids = "${var.additional_k8s_master_security_lists_ids}"
@@ -78,14 +82,14 @@ module "oci-cloud-controller" {
   // var.cloud_controller_user_private_key_path has been provided but has an empty password
   cloud_controller_user_private_key_password = "${var.cloud_controller_user_private_key_path == "" ? var.private_key_password : var.cloud_controller_user_private_key_password}"
 
-  subnet1 = "${element(module.vcn.ccmlb_subnet_ad1_id,0)}"
-  subnet2 = "${element(module.vcn.ccmlb_subnet_ad2_id,0)}"
+  subnet1 = "${element(module.subnets.ccmlb_subnet_ad1_id,0)}"
+  subnet2 = "${element(module.subnets.ccmlb_subnet_ad2_id,0)}"
 }
 
 module "oci-flexvolume-driver" {
   source  = "./kubernetes/oci-flexvolume-driver"
   tenancy = "${var.tenancy_ocid}"
-  vcn     = "${module.vcn.id}"
+  vcn     = "${module.subnets.id}"
 
   flexvolume_driver_user_ocid             = "${var.flexvolume_driver_user_ocid == "" ? var.user_ocid : var.flexvolume_driver_user_ocid}"
   flexvolume_driver_user_fingerprint      = "${var.flexvolume_driver_user_fingerprint == "" ? var.fingerprint : var.flexvolume_driver_user_fingerprint}"
@@ -129,7 +133,7 @@ module "instances-etcd-ad1" {
   shape                       = "${var.etcdShape}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
   network_cidrs               = "${var.network_cidrs}"
-  subnet_id                   = "${module.vcn.etcd_subnet_ad1_id}"
+  subnet_id                   = "${module.subnets.etcd_subnet_ad1_id}"
   subnet_name                 = "etcdSubnetAD1"
   tenancy_ocid                = "${var.compartment_ocid}"
   etcd_docker_max_log_size    = "${var.etcd_docker_max_log_size}"
@@ -157,7 +161,7 @@ module "instances-etcd-ad2" {
   shape                       = "${var.etcdShape}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
   network_cidrs               = "${var.network_cidrs}"
-  subnet_id                   = "${module.vcn.etcd_subnet_ad2_id}"
+  subnet_id                   = "${module.subnets.etcd_subnet_ad2_id}"
   subnet_name                 = "etcdSubnetAD2"
   tenancy_ocid                = "${var.compartment_ocid}"
   etcd_docker_max_log_size    = "${var.etcd_docker_max_log_size}"
@@ -187,7 +191,7 @@ module "instances-etcd-ad3" {
   shape                       = "${var.etcdShape}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
   network_cidrs               = "${var.network_cidrs}"
-  subnet_id                   = "${module.vcn.etcd_subnet_ad3_id}"
+  subnet_id                   = "${module.subnets.etcd_subnet_ad3_id}"
   subnet_name                 = "etcdSubnetAD3"
   tenancy_ocid                = "${var.compartment_ocid}"
   etcd_docker_max_log_size    = "${var.etcd_docker_max_log_size}"
@@ -226,7 +230,7 @@ module "instances-k8smaster-ad1" {
   ssh_private_key             = "${module.k8s-tls.ssh_private_key}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
   network_cidrs               = "${var.network_cidrs}"
-  subnet_id                   = "${module.vcn.k8smaster_subnet_ad1_id}"
+  subnet_id                   = "${module.subnets.k8smaster_subnet_ad1_id}"
   subnet_name                 = "masterSubnetAD1"
   tenancy_ocid                = "${var.compartment_ocid}"
   cloud_controller_version    = "${var.cloud_controller_version}"
@@ -268,7 +272,7 @@ module "instances-k8smaster-ad2" {
   ssh_private_key             = "${module.k8s-tls.ssh_private_key}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
   network_cidrs               = "${var.network_cidrs}"
-  subnet_id                   = "${module.vcn.k8smaster_subnet_ad2_id}"
+  subnet_id                   = "${module.subnets.k8smaster_subnet_ad2_id}"
   subnet_name                 = "masterSubnetAD2"
   tenancy_ocid                = "${var.compartment_ocid}"
   cloud_controller_version    = "${var.cloud_controller_version}"
@@ -310,7 +314,7 @@ module "instances-k8smaster-ad3" {
   ssh_private_key             = "${module.k8s-tls.ssh_private_key}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
   network_cidrs               = "${var.network_cidrs}"
-  subnet_id                   = "${module.vcn.k8smaster_subnet_ad3_id}"
+  subnet_id                   = "${module.subnets.k8smaster_subnet_ad3_id}"
   subnet_name                 = "masterSubnetAD3"
   tenancy_ocid                = "${var.compartment_ocid}"
   cloud_controller_version    = "${var.cloud_controller_version}"
@@ -351,7 +355,7 @@ module "instances-k8sworker-ad1" {
   shape                       = "${var.k8sWorkerShape}"
   ssh_private_key             = "${module.k8s-tls.ssh_private_key}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
-  subnet_id                   = "${module.vcn.k8worker_subnet_ad1_id}"
+  subnet_id                   = "${module.subnets.k8worker_subnet_ad1_id}"
   tenancy_ocid                = "${var.compartment_ocid}"
   flexvolume_driver_version   = "${var.flexvolume_driver_version}"
   etcd_endpoints              = "${local.etcd_endpoints}"
@@ -388,7 +392,7 @@ module "instances-k8sworker-ad2" {
   shape                       = "${var.k8sWorkerShape}"
   ssh_private_key             = "${module.k8s-tls.ssh_private_key}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
-  subnet_id                   = "${module.vcn.k8worker_subnet_ad2_id}"
+  subnet_id                   = "${module.subnets.k8worker_subnet_ad2_id}"
   tenancy_ocid                = "${var.compartment_ocid}"
   flexvolume_driver_version   = "${var.flexvolume_driver_version}"
   etcd_endpoints              = "${local.etcd_endpoints}"
@@ -425,7 +429,7 @@ module "instances-k8sworker-ad3" {
   shape                       = "${var.k8sWorkerShape}"
   ssh_private_key             = "${module.k8s-tls.ssh_private_key}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
-  subnet_id                   = "${module.vcn.k8worker_subnet_ad3_id}"
+  subnet_id                   = "${module.subnets.k8worker_subnet_ad3_id}"
   tenancy_ocid                = "${var.compartment_ocid}"
   flexvolume_driver_version   = "${var.flexvolume_driver_version}"
   etcd_endpoints              = "${local.etcd_endpoints}"
@@ -443,8 +447,8 @@ module "etcd-lb" {
   is_private       = "${var.etcd_lb_access == "private" ? "true": "false"}"
 
   # Handle case where var.etcd_lb_access=public, but var.control_plane_subnet_access=private
-  etcd_subnet_0_id     = "${var.etcd_lb_access == "private" ? module.vcn.etcd_subnet_ad1_id: coalesce(join(" ", module.vcn.public_subnet_ad1_id), join(" ", list(module.vcn.etcd_subnet_ad1_id)))}"
-  etcd_subnet_1_id     = "${var.etcd_lb_access == "private" ? "": coalesce(join(" ", module.vcn.public_subnet_ad2_id), join(" ", list(module.vcn.etcd_subnet_ad2_id)))}"
+  etcd_subnet_0_id     = "${var.etcd_lb_access == "private" ? module.subnets.etcd_subnet_ad1_id: coalesce(join(" ", module.subnets.public_subnet_ad1_id), join(" ", list(module.subnets.etcd_subnet_ad1_id)))}"
+  etcd_subnet_1_id     = "${var.etcd_lb_access == "private" ? "": coalesce(join(" ", module.subnets.public_subnet_ad2_id), join(" ", list(module.subnets.etcd_subnet_ad2_id)))}"
   etcd_ad1_private_ips = "${module.instances-etcd-ad1.private_ips}"
   etcd_ad2_private_ips = "${module.instances-etcd-ad2.private_ips}"
   etcd_ad3_private_ips = "${module.instances-etcd-ad3.private_ips}"
@@ -462,8 +466,8 @@ module "k8smaster-public-lb" {
   is_private            = "${var.k8s_master_lb_access == "private" ? "true": "false"}"
 
   # Handle case where var.k8s_master_lb_access=public, but var.control_plane_subnet_access=private
-  k8smaster_subnet_0_id     = "${var.k8s_master_lb_access == "private" ? module.vcn.k8smaster_subnet_ad1_id: coalesce(join(" ", module.vcn.public_subnet_ad1_id), join(" ", list(module.vcn.k8smaster_subnet_ad1_id)))}"
-  k8smaster_subnet_1_id     = "${var.k8s_master_lb_access == "private" ? "": coalesce(join(" ", module.vcn.public_subnet_ad2_id), join(" ", list(module.vcn.k8smaster_subnet_ad2_id)))}"
+  k8smaster_subnet_0_id     = "${var.k8s_master_lb_access == "private" ? module.subnets.k8smaster_subnet_ad1_id: coalesce(join(" ", module.subnets.public_subnet_ad1_id), join(" ", list(module.subnets.k8smaster_subnet_ad1_id)))}"
+  k8smaster_subnet_1_id     = "${var.k8s_master_lb_access == "private" ? "": coalesce(join(" ", module.subnets.public_subnet_ad2_id), join(" ", list(module.subnets.k8smaster_subnet_ad2_id)))}"
   k8smaster_ad1_private_ips = "${module.instances-k8smaster-ad1.private_ips}"
   k8smaster_ad2_private_ips = "${module.instances-k8smaster-ad2.private_ips}"
   k8smaster_ad3_private_ips = "${module.instances-k8smaster-ad3.private_ips}"
@@ -485,3 +489,20 @@ module "kubeconfig" {
   api_server_cert_pem        = "${module.k8s-tls.api_server_cert_pem}"
   k8s_master                 = "${var.master_oci_lb_enabled == "true" ? local.master_lb_address : format("https://%s:%s", element(coalescelist(module.instances-k8smaster-ad1.public_ips, module.instances-k8smaster-ad2.public_ips, module.instances-k8smaster-ad3.public_ips), 0), "443")}"
 }
+
+
+
+locals {
+  master_lb_ip      = "${var.master_oci_lb_enabled == "true" ? element(concat(flatten(module.k8smaster-public-lb.ip_addresses), list("")), 0) : "127.0.0.1"}"
+  master_lb_address = "${format("https://%s:%s", local.master_lb_ip, var.master_oci_lb_enabled == "true" ? "443" : "6443")}"
+
+  reverse_proxy_clount_init = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.clount_init}"
+  reverse_proxy_setup       = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.setup}"
+
+  etcd_endpoints = "${var.etcd_lb_enabled == "true" ?
+    join(",",formatlist("http://%s:2379", module.etcd-lb.ip_addresses)) :
+    join(",",formatlist("http://%s:2379", compact(concat(
+      module.instances-etcd-ad1.private_ips, 
+      module.instances-etcd-ad2.private_ips, 
+      module.instances-etcd-ad3.private_ips)))) }"
+}
diff --git a/network/vcn/cloud_init/bootstrap.template.yaml b/network/subnets/cloud_init/bootstrap.template.yaml
similarity index 100%
rename from network/vcn/cloud_init/bootstrap.template.yaml
rename to network/subnets/cloud_init/bootstrap.template.yaml
diff --git a/network/vcn/datasources.tf b/network/subnets/datasources.tf
similarity index 100%
rename from network/vcn/datasources.tf
rename to network/subnets/datasources.tf
diff --git a/network/vcn/natinstance.tf b/network/subnets/natinstance.tf
similarity index 100%
rename from network/vcn/natinstance.tf
rename to network/subnets/natinstance.tf
diff --git a/network/vcn/outputs.tf b/network/subnets/outputs.tf
similarity index 90%
rename from network/vcn/outputs.tf
rename to network/subnets/outputs.tf
index 0eb970b..c5c4c2a 100644
--- a/network/vcn/outputs.tf
+++ b/network/subnets/outputs.tf
@@ -1,5 +1,5 @@
 output "id" {
-  value = "${oci_core_virtual_network.CompleteVCN.id}"
+  value = "${var.vcn_id}"
 }
 
 output "etcd_subnet_ad1_id" {
@@ -104,10 +104,3 @@ output "control_plane_subnet_access" {
   value = "${var.control_plane_subnet_access}"
 }
 
-output "route_for_complete_id" {
-  value = "${oci_core_route_table.PublicRouteTable.id}"
-}
-
-output "dhcp_options_id" {
-  value = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
-}
diff --git a/network/subnets/routes.tf b/network/subnets/routes.tf
new file mode 100644
index 0000000..e1c0363
--- /dev/null
+++ b/network/subnets/routes.tf
@@ -0,0 +1,47 @@
+resource "oci_core_route_table" "NATInstanceAD1RouteTable" {
+  # Provisioned only when k8s instances in AD1 are in private subnets
+  count          = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad1_enabled == "true") ? "1" : "0"}"
+  compartment_id = "${var.compartment_ocid}"
+  vcn_id         = "${var.vcn_id}"
+  display_name   = "NATInstanceAD1RouteTable"
+
+  route_rules {
+    # All traffic leaving the subnet needs to go to route target.
+    cidr_block = "0.0.0.0/0"
+
+    # Private IP route target for instances on private AD1 subnets
+    network_entity_id = "${data.oci_core_private_ips.NATInstanceAD1PrivateIPDatasource.private_ips.0.id}"
+  }
+}
+
+resource "oci_core_route_table" "NATInstanceAD2RouteTable" {
+  # Provisioned only when k8s instances in AD2 are in private subnets
+  count          = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad2_enabled == "true") ? "1" : "0"}"
+  compartment_id = "${var.compartment_ocid}"
+  vcn_id         = "${var.vcn_id}"
+  display_name   = "NATInstanceAD2RouteTable"
+
+  route_rules {
+    # All traffic leaving the subnet needs to go to route target.
+    cidr_block = "0.0.0.0/0"
+
+    # Private IP route target for instances on private AD2 subnets
+    network_entity_id = "${data.oci_core_private_ips.NATInstanceAD2PrivateIPDatasource.private_ips.0.id}"
+  }
+}
+
+resource "oci_core_route_table" "NATInstanceAD3RouteTable" {
+  # Provisioned only when k8s instances in AD3 are in private subnets
+  count          = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad3_enabled == "true") ? "1" : "0"}"
+  compartment_id = "${var.compartment_ocid}"
+  vcn_id         = "${var.vcn_id}"
+  display_name   = "NATInstanceAD3RouteTable"
+
+  route_rules {
+    # All traffic leaving the subnet needs to go to route target.
+    cidr_block = "0.0.0.0/0"
+
+    # Private IP route target for instances on private AD3 subnets
+    network_entity_id = "${data.oci_core_private_ips.NATInstanceAD3PrivateIPDatasource.private_ips.0.id}"
+  }
+}
diff --git a/network/vcn/securitylists.tf b/network/subnets/securitylists.tf
similarity index 95%
rename from network/vcn/securitylists.tf
rename to network/subnets/securitylists.tf
index fe67405..372a043 100644
--- a/network/vcn/securitylists.tf
+++ b/network/subnets/securitylists.tf
@@ -1,7 +1,7 @@
 resource "oci_core_security_list" "EtcdSubnet" {
   compartment_id = "${var.compartment_ocid}"
   display_name   = "${var.label_prefix}etcd_security_list"
-  vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
+  vcn_id         = "${var.vcn_id}"
 
   egress_security_rules = [
     {
@@ -70,7 +70,7 @@ resource "oci_core_security_list" "EtcdSubnet" {
 resource "oci_core_security_list" "K8SMasterSubnet" {
   compartment_id = "${var.compartment_ocid}"
   display_name   = "${var.label_prefix}k8sMaster_security_list"
-  vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
+  vcn_id         = "${var.vcn_id}"
 
   egress_security_rules = [
     {
@@ -157,7 +157,7 @@ resource "oci_core_security_list" "K8SMasterSubnet" {
 resource "oci_core_security_list" "K8SWorkerSubnet" {
   compartment_id = "${var.compartment_ocid}"
   display_name   = "${var.label_prefix}k8sWorker_security_list"
-  vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
+  vcn_id         = "${var.vcn_id}"
 
   egress_security_rules = [
     {
@@ -228,7 +228,7 @@ resource "oci_core_security_list" "PublicSecurityList" {
   count          = "${var.control_plane_subnet_access == "private" ? "1" : "0"}"
   compartment_id = "${var.compartment_ocid}"
   display_name   = "public_security_list"
-  vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
+  vcn_id         = "${var.vcn_id}"
 
   egress_security_rules = [{
     protocol    = "all"
@@ -313,7 +313,7 @@ resource "oci_core_security_list" "NatSecurityList" {
   count          = "${(var.control_plane_subnet_access == "private") && (var.dedicated_nat_subnets == "true") ? "1" : "0"}"
   compartment_id = "${var.compartment_ocid}"
   display_name   = "nat_security_list"
-  vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
+  vcn_id         = "${var.vcn_id}"
 
   egress_security_rules = [{
     protocol    = "all"
@@ -397,7 +397,7 @@ resource "oci_core_security_list" "NatSecurityList" {
 resource "oci_core_security_list" "K8SCCMLBSubnet" {
   compartment_id = "${var.compartment_ocid}"
   display_name   = "${var.label_prefix}k8sCCM_security_list"
-  vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
+  vcn_id         = "${var.vcn_id}"
   egress_security_rules = [{
     protocol    = "all"
     destination = "0.0.0.0/0"
diff --git a/network/vcn/subnets.tf b/network/subnets/subnets.tf
similarity index 76%
rename from network/vcn/subnets.tf
rename to network/subnets/subnets.tf
index 37674b5..73f6cb7 100644
--- a/network/vcn/subnets.tf
+++ b/network/subnets/subnets.tf
@@ -7,10 +7,10 @@ resource "oci_core_subnet" "PublicSubnetAD1" {
   cidr_block          = "${lookup(var.network_cidrs, "PublicSubnetAD1")}"
   display_name        = "${var.label_prefix}publicSubnetAD1"
   compartment_id      = "${var.compartment_ocid}"
-  vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id      = "${oci_core_route_table.PublicRouteTable.id}"
+  vcn_id              = "${var.vcn_id}"
+  route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.PublicSecurityList.id), var.additional_public_security_lists_ids)}"]
-  dhcp_options_id     = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "PublicSubnetAD2" {
@@ -19,10 +19,10 @@ resource "oci_core_subnet" "PublicSubnetAD2" {
   cidr_block          = "${lookup(var.network_cidrs, "PublicSubnetAD2")}"
   display_name        = "${var.label_prefix}publicSubnetAD2"
   compartment_id      = "${var.compartment_ocid}"
-  vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id      = "${oci_core_route_table.PublicRouteTable.id}"
+  vcn_id              = "${var.vcn_id}"
+  route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.PublicSecurityList.id), var.additional_public_security_lists_ids)}"]
-  dhcp_options_id     = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "PublicSubnetAD3" {
@@ -31,10 +31,10 @@ resource "oci_core_subnet" "PublicSubnetAD3" {
   cidr_block          = "${lookup(var.network_cidrs, "PublicSubnetAD3")}"
   display_name        = "${var.label_prefix}publicSubnetAD3"
   compartment_id      = "${var.compartment_ocid}"
-  vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id      = "${oci_core_route_table.PublicRouteTable.id}"
+  vcn_id              = "${var.vcn_id}"
+  route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.PublicSecurityList.id), var.additional_public_security_lists_ids)}"]
-  dhcp_options_id     = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "NATSubnetAD1" {
@@ -44,10 +44,10 @@ resource "oci_core_subnet" "NATSubnetAD1" {
   cidr_block          = "${lookup(var.network_cidrs, "natSubnetAD1")}"
   display_name        = "${var.label_prefix}publicNATSubnetAD1"
   compartment_id      = "${var.compartment_ocid}"
-  vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id      = "${oci_core_route_table.PublicRouteTable.id}"
+  vcn_id              = "${var.vcn_id}"
+  route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.NatSecurityList.id), var.additional_nat_security_lists_ids)}"]
-  dhcp_options_id     = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "NATSubnetAD2" {
@@ -56,10 +56,10 @@ resource "oci_core_subnet" "NATSubnetAD2" {
   cidr_block          = "${lookup(var.network_cidrs, "natSubnetAD2")}"
   display_name        = "${var.label_prefix}publicNATSubnetAD2"
   compartment_id      = "${var.compartment_ocid}"
-  vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id      = "${oci_core_route_table.PublicRouteTable.id}"
+  vcn_id              = "${var.vcn_id}"
+  route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.NatSecurityList.id), var.additional_nat_security_lists_ids)}"]
-  dhcp_options_id     = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "NATSubnetAD3" {
@@ -68,10 +68,10 @@ resource "oci_core_subnet" "NATSubnetAD3" {
   cidr_block          = "${lookup(var.network_cidrs, "natSubnetAD3")}"
   display_name        = "${var.label_prefix}publicNATSubnetAD3"
   compartment_id      = "${var.compartment_ocid}"
-  vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id      = "${oci_core_route_table.PublicRouteTable.id}"
+  vcn_id              = "${var.vcn_id}"
+  route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.NatSecurityList.id), var.additional_nat_security_lists_ids)}"]
-  dhcp_options_id     = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "etcdSubnetAD1" {
@@ -80,11 +80,11 @@ resource "oci_core_subnet" "etcdSubnetAD1" {
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD1"
   dns_label           = "${lookup(var.network_subnet_dns, "etcdSubnetAD1")}"
-  vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
+  vcn_id              = "${var.vcn_id}"
 
   # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD1 first pick)
-  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.EtcdSubnet.id), var.additional_etcd_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -99,11 +99,12 @@ resource "oci_core_subnet" "etcdSubnetAD2" {
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD2"
   dns_label           = "${lookup(var.network_subnet_dns, "etcdSubnetAD2")}"
-  vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
+  vcn_id              = "${var.vcn_id}"
+
 
   # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD2 first pick)
-  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.EtcdSubnet.id), var.additional_etcd_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -118,11 +119,11 @@ resource "oci_core_subnet" "etcdSubnetAD3" {
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "${var.label_prefix}${var.control_plane_subnet_access}ETCDSubnetAD3"
   dns_label           = "${lookup(var.network_subnet_dns, "etcdSubnetAD3")}"
-  vcn_id              = "${oci_core_virtual_network.CompleteVCN.id}"
+  vcn_id              = "${var.vcn_id}"
 
   # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD3 first pick)
-  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.EtcdSubnet.id), var.additional_etcd_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -137,9 +138,9 @@ resource "oci_core_subnet" "k8sMasterSubnetAD1" {
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD1"
   dns_label                  = "${lookup(var.network_subnet_dns, "masterSubnetAD1")}"
-  vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  vcn_id                     = "${var.vcn_id}"
+  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SMasterSubnet.id), var.additional_k8smaster_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -154,9 +155,9 @@ resource "oci_core_subnet" "k8sMasterSubnetAD2" {
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD2"
   dns_label                  = "${lookup(var.network_subnet_dns, "masterSubnetAD2")}"
-  vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  vcn_id                     = "${var.vcn_id}"
+  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SMasterSubnet.id), var.additional_k8smaster_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -171,9 +172,9 @@ resource "oci_core_subnet" "k8sMasterSubnetAD3" {
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SMasterSubnetAD3"
   dns_label                  = "${lookup(var.network_subnet_dns, "masterSubnetAD3")}"
-  vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  vcn_id                     = "${var.vcn_id}"
+  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SMasterSubnet.id), var.additional_k8smaster_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -188,9 +189,9 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD1" {
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD1"
   dns_label                  = "${lookup(var.network_subnet_dns, "workerSubnetAD1")}"
-  vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  vcn_id                     = "${var.vcn_id}"
+  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SWorkerSubnet.id), var.additional_k8sworker_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -205,9 +206,9 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD2" {
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD2"
   dns_label                  = "${lookup(var.network_subnet_dns, "workerSubnetAD2")}"
-  vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  vcn_id                     = "${var.vcn_id}"
+  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SWorkerSubnet.id), var.additional_k8sworker_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -222,9 +223,9 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD3" {
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}${var.control_plane_subnet_access}K8SWorkerSubnetAD3"
   dns_label                  = "${lookup(var.network_subnet_dns, "workerSubnetAD3")}"
-  vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), oci_core_route_table.PublicRouteTable.id) : oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  vcn_id                     = "${var.vcn_id}"
+  route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SWorkerSubnet.id), var.additional_k8sworker_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -242,9 +243,9 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD1" {
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}PublicK8SCCMLBSubnetAD1"
   dns_label                  = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD1")}"
-  vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id             = "${oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  vcn_id                     = "${var.vcn_id}"
+  route_table_id             = "${var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${oci_core_security_list.K8SCCMLBSubnet.id}"]
   prohibit_public_ip_on_vnic = "false"
 
@@ -259,9 +260,9 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD2" {
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}PublicK8SCCMLBSubnetAD2"
   dns_label                  = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD2")}"
-  vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id             = "${oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  vcn_id                     = "${var.vcn_id}"
+  route_table_id             = "${var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${oci_core_security_list.K8SCCMLBSubnet.id}"]
   prohibit_public_ip_on_vnic = "false"
 
@@ -276,9 +277,9 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD3" {
   compartment_id             = "${var.compartment_ocid}"
   display_name               = "${var.label_prefix}PublicK8SCCMLBSubnetAD3"
   dns_label                  = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD3")}"
-  vcn_id                     = "${oci_core_virtual_network.CompleteVCN.id}"
-  route_table_id             = "${oci_core_route_table.PublicRouteTable.id}"
-  dhcp_options_id            = "${oci_core_virtual_network.CompleteVCN.default_dhcp_options_id}"
+  vcn_id                     = "${var.vcn_id}"
+  route_table_id             = "${var.public_routetable_id}"
+  dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${oci_core_security_list.K8SCCMLBSubnet.id}"]
   prohibit_public_ip_on_vnic = "false"
 
diff --git a/network/subnets/variables.tf b/network/subnets/variables.tf
new file mode 100644
index 0000000..8a66833
--- /dev/null
+++ b/network/subnets/variables.tf
@@ -0,0 +1,179 @@
+variable "vcn_id" {}
+
+variable "public_routetable_id" {}
+
+variable "dhcp_options_id" {}
+
+variable "network_cidrs" {
+  type = "map"
+
+  default = {
+    PublicSubnetAD1   = "10.0.10.0/24"
+    PublicSubnetAD2   = "10.0.11.0/24"
+    PublicSubnetAD3   = "10.0.12.0/24"
+    natSubnetAD1      = "10.0.13.0/24"
+    natSubnetAD2      = "10.0.14.0/24"
+    natSubnetAD3      = "10.0.15.0/24"
+    etcdSubnetAD1     = "10.0.20.0/24"
+    etcdSubnetAD2     = "10.0.21.0/24"
+    etcdSubnetAD3     = "10.0.22.0/24"
+    masterSubnetAD1   = "10.0.30.0/24"
+    masterSubnetAD2   = "10.0.31.0/24"
+    masterSubnetAD3   = "10.0.32.0/24"
+    workerSubnetAD1   = "10.0.40.0/24"
+    workerSubnetAD2   = "10.0.41.0/24"
+    workerSubnetAD3   = "10.0.42.0/24"
+    k8sCCMLBSubnetAD1 = "10.0.50.0/24"
+    k8sCCMLBSubnetAD2 = "10.0.51.0/24"
+    k8sCCMLBSubnetAD3 = "10.0.52.0/24"
+  }
+}
+
+variable "network_subnet_dns" {
+  type = "map"
+
+  default = {
+    etcdSubnetAD1     = "etcdsubnet1"
+    etcdSubnetAD2     = "etcdsubnet2"
+    etcdSubnetAD3     = "etcdsubnet3"
+    masterSubnetAD1   = "k8smasterad1"
+    masterSubnetAD2   = "k8smasterad2"
+    masterSubnetAD3   = "k8smasterad3"
+    workerSubnetAD1   = "k8sworkerad1"
+    workerSubnetAD2   = "k8sworkerad2"
+    workerSubnetAD3   = "k8sworkerad3"
+    k8sCCMLBSubnetAD1 = "k8sccmlbad1"
+    k8sCCMLBSubnetAD2 = "k8sccmlbad2"
+    k8sCCMLBSubnetAD3 = "k8sccmlbad3"
+  }
+}
+
+
+variable "tenancy_ocid" {}
+
+variable "control_plane_subnet_access" {
+  default = "public"
+}
+
+variable "additional_etcd_security_lists_ids" {
+  type    = "list"
+  default = []
+}
+
+variable "additional_k8smaster_security_lists_ids" {
+  type    = "list"
+  default = []
+}
+
+variable "additional_k8sworker_security_lists_ids" {
+  type    = "list"
+  default = []
+}
+
+variable "additional_public_security_lists_ids" {
+  type    = "list"
+  default = []
+}
+
+variable "additional_nat_security_lists_ids" {
+  type    = "list"
+  default = []
+}
+
+# VCN
+
+variable "label_prefix" {
+  type    = "string"
+  default = ""
+}
+
+variable "compartment_ocid" {}
+variable "vcn_dns_name" {}
+
+# Security lists
+
+variable "bmc_ingress_cidrs" {
+  type = "map"
+
+  default = {
+    LBAAS-PHOENIX-1-CIDR = "129.144.0.0/12"
+    LBAAS-ASHBURN-1-CIDR = "129.213.0.0/16"
+    VCN-CIDR             = "10.0.0.0/16"
+  }
+}
+
+variable "etcd_ssh_ingress" {
+  default = "10.0.0.0/16"
+}
+
+variable "etcd_cluster_ingress" {
+  default = "10.0.0.0/16"
+}
+
+variable "master_ssh_ingress" {
+  default = "10.0.0.0/16"
+}
+
+variable "master_https_ingress" {
+  default = "10.0.0.0/16"
+}
+
+variable "worker_ssh_ingress" {
+  default = "10.0.0.0/16"
+}
+
+variable "worker_nodeport_ingress" {
+  default = "10.0.0.0/16"
+}
+
+variable "master_nodeport_ingress" {
+  default = "10.0.0.0/16"
+}
+
+# For optional NAT instance (when control_plane_subnet_access = "private")
+
+variable "public_subnet_ssh_ingress" {
+  default = "0.0.0.0/0"
+}
+
+variable "public_subnet_http_ingress" {
+  default = "0.0.0.0/0"
+}
+
+variable "public_subnet_https_ingress" {
+  default = "0.0.0.0/0"
+}
+
+variable "external_icmp_ingress" {
+  default = "0.0.0.0/0"
+}
+
+variable "internal_icmp_ingress" {
+  default = "10.0.0.0/16"
+}
+
+variable "nat_instance_ssh_public_key_openssh" {}
+
+variable "nat_instance_oracle_linux_image_name" {
+  default = "Oracle-Linux-7.4-2018.01.20-0"
+}
+
+variable "nat_instance_shape" {
+  default = "VM.Standard1.2"
+}
+
+variable nat_instance_ad1_enabled {
+  default = "false"
+}
+
+variable nat_instance_ad2_enabled {
+  default = "true"
+}
+
+variable nat_instance_ad3_enabled {
+  default = "false"
+}
+
+variable dedicated_nat_subnets {
+  default = "false"
+}
diff --git a/network/vcn/output.tf b/network/vcn/output.tf
new file mode 100644
index 0000000..45eba0f
--- /dev/null
+++ b/network/vcn/output.tf
@@ -0,0 +1,12 @@
+output "vcn_id" {
+  value = "${oci_core_virtual_network.CompleteVCN.*.id}"
+}
+
+output "public_routetable_id" {
+  value ="${oci_core_route_table.PublicRouteTable.*.id}"
+}
+
+output "dhcp_options_id" {
+  value ="${oci_core_virtual_network.CompleteVCN.*.default_dhcp_options_id}"
+}
+
diff --git a/network/vcn/variables.tf b/network/vcn/variables.tf
index 67b64c9..6e8828c 100644
--- a/network/vcn/variables.tf
+++ b/network/vcn/variables.tf
@@ -1,174 +1,16 @@
-variable "network_cidrs" {
-  type = "map"
+variable "vcn_dns_name" {
+  default = "k8sbmcs"
 
-  default = {
-    VCN-CIDR          = "10.0.0.0/16"
-    PublicSubnetAD1   = "10.0.10.0/24"
-    PublicSubnetAD2   = "10.0.11.0/24"
-    PublicSubnetAD3   = "10.0.12.0/24"
-    natSubnetAD1      = "10.0.13.0/24"
-    natSubnetAD2      = "10.0.14.0/24"
-    natSubnetAD3      = "10.0.15.0/24"
-    etcdSubnetAD1     = "10.0.20.0/24"
-    etcdSubnetAD2     = "10.0.21.0/24"
-    etcdSubnetAD3     = "10.0.22.0/24"
-    masterSubnetAD1   = "10.0.30.0/24"
-    masterSubnetAD2   = "10.0.31.0/24"
-    masterSubnetAD3   = "10.0.32.0/24"
-    workerSubnetAD1   = "10.0.40.0/24"
-    workerSubnetAD2   = "10.0.41.0/24"
-    workerSubnetAD3   = "10.0.42.0/24"
-    k8sCCMLBSubnetAD1 = "10.0.50.0/24"
-    k8sCCMLBSubnetAD2 = "10.0.51.0/24"
-    k8sCCMLBSubnetAD3 = "10.0.52.0/24"
-  }
 }
 
-variable "network_subnet_dns" {
-  type = "map"
+variable "create_vcn" {
 
-  default = {
-    etcdSubnetAD1     = "etcdsubnet1"
-    etcdSubnetAD2     = "etcdsubnet2"
-    etcdSubnetAD3     = "etcdsubnet3"
-    masterSubnetAD1   = "k8smasterad1"
-    masterSubnetAD2   = "k8smasterad2"
-    masterSubnetAD3   = "k8smasterad3"
-    workerSubnetAD1   = "k8sworkerad1"
-    workerSubnetAD2   = "k8sworkerad2"
-    workerSubnetAD3   = "k8sworkerad3"
-    k8sCCMLBSubnetAD1 = "k8sccmlbad1"
-    k8sCCMLBSubnetAD2 = "k8sccmlbad2"
-    k8sCCMLBSubnetAD3 = "k8sccmlbad3"
-  }
 }
 
-
-variable "tenancy_ocid" {}
-
-variable "control_plane_subnet_access" {
-  default = "public"
-}
-
-variable "additional_etcd_security_lists_ids" {
-  type    = "list"
-  default = []
-}
-
-variable "additional_k8smaster_security_lists_ids" {
-  type    = "list"
-  default = []
-}
-
-variable "additional_k8sworker_security_lists_ids" {
-  type    = "list"
-  default = []
-}
-
-variable "additional_public_security_lists_ids" {
-  type    = "list"
-  default = []
-}
-
-variable "additional_nat_security_lists_ids" {
-  type    = "list"
-  default = []
-}
-
-# VCN
-
-variable "label_prefix" {
-  type    = "string"
-  default = ""
-}
-
-variable "compartment_ocid" {}
-variable "vcn_dns_name" {}
-
-# Security lists
-
-variable "bmc_ingress_cidrs" {
-  type = "map"
-
-  default = {
-    LBAAS-PHOENIX-1-CIDR = "129.144.0.0/12"
-    LBAAS-ASHBURN-1-CIDR = "129.213.0.0/16"
-    VCN-CIDR             = "10.0.0.0/16"
-  }
-}
-
-variable "etcd_ssh_ingress" {
-  default = "10.0.0.0/16"
-}
-
-variable "etcd_cluster_ingress" {
-  default = "10.0.0.0/16"
-}
-
-variable "master_ssh_ingress" {
+variable "vcn_cidr" {
   default = "10.0.0.0/16"
 }
 
-variable "master_https_ingress" {
-  default = "10.0.0.0/16"
-}
-
-variable "worker_ssh_ingress" {
-  default = "10.0.0.0/16"
-}
-
-variable "worker_nodeport_ingress" {
-  default = "10.0.0.0/16"
-}
-
-variable "master_nodeport_ingress" {
-  default = "10.0.0.0/16"
-}
-
-# For optional NAT instance (when control_plane_subnet_access = "private")
-
-variable "public_subnet_ssh_ingress" {
-  default = "0.0.0.0/0"
-}
-
-variable "public_subnet_http_ingress" {
-  default = "0.0.0.0/0"
-}
-
-variable "public_subnet_https_ingress" {
-  default = "0.0.0.0/0"
-}
-
-variable "external_icmp_ingress" {
-  default = "0.0.0.0/0"
-}
-
-variable "internal_icmp_ingress" {
-  default = "10.0.0.0/16"
-}
-
-variable "nat_instance_ssh_public_key_openssh" {}
-
-variable "nat_instance_oracle_linux_image_name" {
-  default = "Oracle-Linux-7.4-2018.01.20-0"
-}
-
-variable "nat_instance_shape" {
-  default = "VM.Standard1.2"
-}
-
-variable nat_instance_ad1_enabled {
-  default = "false"
-}
-
-variable nat_instance_ad2_enabled {
-  default = "true"
-}
-
-variable nat_instance_ad3_enabled {
-  default = "false"
-}
+variable "compartment_ocid" {}
 
-variable dedicated_nat_subnets {
-  default = "false"
-}
+variable "label_prefix" {}
diff --git a/network/vcn/vcn.tf b/network/vcn/vcn.tf
index 47278b9..41d482a 100644
--- a/network/vcn/vcn.tf
+++ b/network/vcn/vcn.tf
@@ -1,17 +1,20 @@
 resource "oci_core_virtual_network" "CompleteVCN" {
-  cidr_block     = "${lookup(var.network_cidrs, "VCN-CIDR")}"
+  count          = "${var.create_vcn}"
+  cidr_block     = "${var.vcn_cidr}"
   compartment_id = "${var.compartment_ocid}"
   display_name   = "${var.label_prefix}${var.vcn_dns_name}"
   dns_label      = "${var.vcn_dns_name}"
 }
 
 resource "oci_core_internet_gateway" "PublicIG" {
+  count          = "${var.create_vcn}"
   compartment_id = "${var.compartment_ocid}"
   display_name   = "${var.label_prefix}PublicIG"
   vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
 }
 
 resource "oci_core_route_table" "PublicRouteTable" {
+  count          = "${var.create_vcn}"
   compartment_id = "${var.compartment_ocid}"
   vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
   display_name   = "${var.label_prefix}RouteTableForComplete"
@@ -24,50 +27,3 @@ resource "oci_core_route_table" "PublicRouteTable" {
   }
 }
 
-resource "oci_core_route_table" "NATInstanceAD1RouteTable" {
-  # Provisioned only when k8s instances in AD1 are in private subnets
-  count          = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad1_enabled == "true") ? "1" : "0"}"
-  compartment_id = "${var.compartment_ocid}"
-  vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
-  display_name   = "NATInstanceAD1RouteTable"
-
-  route_rules {
-    # All traffic leaving the subnet needs to go to route target.
-    cidr_block = "0.0.0.0/0"
-
-    # Private IP route target for instances on private AD1 subnets
-    network_entity_id = "${data.oci_core_private_ips.NATInstanceAD1PrivateIPDatasource.private_ips.0.id}"
-  }
-}
-
-resource "oci_core_route_table" "NATInstanceAD2RouteTable" {
-  # Provisioned only when k8s instances in AD2 are in private subnets
-  count          = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad2_enabled == "true") ? "1" : "0"}"
-  compartment_id = "${var.compartment_ocid}"
-  vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
-  display_name   = "NATInstanceAD2RouteTable"
-
-  route_rules {
-    # All traffic leaving the subnet needs to go to route target.
-    cidr_block = "0.0.0.0/0"
-
-    # Private IP route target for instances on private AD2 subnets
-    network_entity_id = "${data.oci_core_private_ips.NATInstanceAD2PrivateIPDatasource.private_ips.0.id}"
-  }
-}
-
-resource "oci_core_route_table" "NATInstanceAD3RouteTable" {
-  # Provisioned only when k8s instances in AD3 are in private subnets
-  count          = "${(var.control_plane_subnet_access == "private") && (var.nat_instance_ad3_enabled == "true") ? "1" : "0"}"
-  compartment_id = "${var.compartment_ocid}"
-  vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
-  display_name   = "NATInstanceAD3RouteTable"
-
-  route_rules {
-    # All traffic leaving the subnet needs to go to route target.
-    cidr_block = "0.0.0.0/0"
-
-    # Private IP route target for instances on private AD3 subnets
-    network_entity_id = "${data.oci_core_private_ips.NATInstanceAD3PrivateIPDatasource.private_ips.0.id}"
-  }
-}
diff --git a/outputs.tf b/outputs.tf
index 87baaea..fdd7725 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -27,11 +27,11 @@ output "etcd_lb_backendset_2380_name" {
 }
 
 output "vcn_id" {
-  value = "${module.vcn.id}"
+  value = "${module.vcn.vcn_id}"
 }
 
 output "vcn_route_for_complete_id" {
-  value = "${module.vcn.route_for_complete_id}"
+  value = "${module.vcn.public_routetable_id}"
 }
 
 output "vcn_dhcp_options_id" {
@@ -39,23 +39,23 @@ output "vcn_dhcp_options_id" {
 }
 
 output "etcd_subnet_ids" {
-  value = ["${module.vcn.etcd_subnet_ad1_id}", "${module.vcn.etcd_subnet_ad2_id}", "${module.vcn.etcd_subnet_ad3_id}"]
+  value = ["${module.subnets.etcd_subnet_ad1_id}", "${module.subnets.etcd_subnet_ad2_id}", "${module.subnets.etcd_subnet_ad3_id}"]
 }
 
 output "worker_subnet_ids" {
-  value = ["${module.vcn.k8worker_subnet_ad1_id}", "${module.vcn.k8worker_subnet_ad2_id}", "${module.vcn.k8worker_subnet_ad3_id}"]
+  value = ["${module.subnets.k8worker_subnet_ad1_id}", "${module.subnets.k8worker_subnet_ad2_id}", "${module.subnets.k8worker_subnet_ad3_id}"]
 }
 
 output "master_subnet_ids" {
-  value = ["${module.vcn.k8smaster_subnet_ad1_id}", "${module.vcn.k8smaster_subnet_ad2_id}", "${module.vcn.k8smaster_subnet_ad3_id}"]
+  value = ["${module.subnets.k8smaster_subnet_ad1_id}", "${module.subnets.k8smaster_subnet_ad2_id}", "${module.subnets.k8smaster_subnet_ad3_id}"]
 }
 
 output "public_subnet_ids" {
-  value = ["${module.vcn.public_subnet_ad1_id}", "${module.vcn.public_subnet_ad2_id}", "${module.vcn.public_subnet_ad3_id}", ""]
+  value = ["${module.subnets.public_subnet_ad1_id}", "${module.subnets.public_subnet_ad2_id}", "${module.subnets.public_subnet_ad3_id}", ""]
 }
 
 output "nat_subnet_ids" {
-  value = ["${module.vcn.nat_subnet_ad1_id}", "${module.vcn.nat_subnet_ad2_id}", "${module.vcn.nat_subnet_ad3_id}", ""]
+  value = ["${module.subnets.nat_subnet_ad1_id}", "${module.subnets.nat_subnet_ad2_id}", "${module.subnets.nat_subnet_ad3_id}", ""]
 }
 
 output "worker_ssh_ingress_cidr" {
@@ -146,15 +146,15 @@ output "worker_private_ips" {
 }
 
 output "nat_instance_public_ips" {
-  value = "${compact(concat(module.vcn.nat_instance_ad1_public_ips,module.vcn.nat_instance_ad2_public_ips,module.vcn.nat_instance_ad3_public_ips))}"
+  value = "${compact(concat(module.subnets.nat_instance_ad1_public_ips,module.subnets.nat_instance_ad2_public_ips,module.subnets.nat_instance_ad3_public_ips))}"
 }
 
 output "nat_instance_private_ips" {
-  value = "${compact(concat(module.vcn.nat_instance_ad1_private_ips,module.vcn.nat_instance_ad2_private_ips,module.vcn.nat_instance_ad3_private_ips))}"
+  value = "${compact(concat(module.subnets.nat_instance_ad1_private_ips,module.subnets.nat_instance_ad2_private_ips,module.subnets.nat_instance_ad3_private_ips))}"
 }
 
 output "control_plane_subnet_access" {
-  value = "${module.vcn.control_plane_subnet_access}"
+  value = "${module.subnets.control_plane_subnet_access}"
 }
 
 output "kubeconfig" {
diff --git a/variables.tf b/variables.tf
index 4f3a3a8..b36696f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -3,11 +3,25 @@ variable "tenancy_ocid" {}
 
 variable "compartment_ocid" {}
 
+# VCN config if this is set the no VCN is created and instead these 3 varables are use
+variable "vcn_id" {
+  default = ""
+}
+
+variable "public_routetable_id" {
+  default = ""
+}
+
+variable "dhcp_options_id" {
+  default = ""
+}
+
+
+
 variable "network_cidrs" {
   type = "map"
 
   default = {
-    VCN-CIDR          = "10.0.0.0/16"
     PublicSubnetAD1   = "10.0.10.0/24"
     PublicSubnetAD2   = "10.0.11.0/24"
     PublicSubnetAD3   = "10.0.12.0/24"
@@ -65,6 +79,10 @@ variable "vcn_dns_name" {
   default = "k8sbmcs"
 }
 
+variable "vcn_cidr" {
+  default = "10.0.0.0/16"
+}
+
 variable "disable_auto_retries" {
   default = "false"
 }

From 851917051154688eae731fafa268541305128905 Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Wed, 21 Mar 2018 12:04:46 +0000
Subject: [PATCH 07/10] Add example

---
 terraform.example.tfvars | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/terraform.example.tfvars b/terraform.example.tfvars
index 87f0fa5..5fc562d 100644
--- a/terraform.example.tfvars
+++ b/terraform.example.tfvars
@@ -5,6 +5,11 @@
 #private_key_path = "/tmp/bmcs_api_key.pem"
 #user_ocid = "ocid1.user.oc1..aaaaaaaa5fy2l5aki6z2bzff5yrrmlahiif44vzodeetygxmpulq3mbnckya"
 
+# VCN
+#vcn_id = "ocid1.vcn.oc1.phx.aaaaaaaa545hjqe26s77xpiiuyznb6baxym5ff6lnx5asgggnptwfcg3t7na"
+#dhcp_options_id = "ocid1.dhcpoptions.oc1.phx.aaaaaaaat27e4e6li545u4tnymwk7452gpxvqcszg6jbflpfqvtr7vkxjqnq"
+#public_routetable_id = "ocid1.routetable.oc1.phx.aaaaaaaab5obbsciewyf73r4ggm26uvmykqbyhwphwqiuvqpune3bosoyey
+
 # CCM user
 #cloud_controller_user_ocid = "ocid1.tenancy.oc1..aaaaaaaa763cu5f3m7qpzwnvr2shs3o26ftrn7fkgz55cpzgxmglgtui3v7q"
 #cloud_controller_user_fingerprint = "ed:51:83:3b:d2:04:f4:af:9d:7b:17:96:dd:8a:99:bc"

From c357277bf72af2ec26716a135c49dda41f9acaac Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Wed, 21 Mar 2018 14:12:09 +0000
Subject: [PATCH 08/10] Document VCN input variables

---
 docs/input-variables.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/input-variables.md b/docs/input-variables.md
index 8b412c3..dc08f01 100644
--- a/docs/input-variables.md
+++ b/docs/input-variables.md
@@ -15,6 +15,16 @@ region                              | us-phoenix-1            | String value of
 
 ## Optional Input Variables:
 
+### VNC Configuration
+
+By deafult a VCN, an Internet Gateway and a public route table out this gatewat will be created and used. If you wish to use an existing VCN then set the following variables
+
+name                                | default                 |
+------------------------------------|-------------------------|------------
+vcn_id                              | "" (Optional)           | The VCN OCID to use to configure all subnets with
+dhcp_options_id                     | "" (Optional)   	      | The DCHP options of the VCN to use when creating subnets
+public_routetable_id                | "" (Optional)           | The routetable OCID that has access to the public internet via a Internet Gateway
+
 ### Compute Instance Configuration
 name                                | default                 | description
 ------------------------------------|-------------------------|------------
@@ -101,6 +111,7 @@ control_plane_subnet_access         | public      | Whether instances in the con
 k8s_master_lb_access                | public      | Whether the Kubernetes Master Load Balancer is launched in a public or private subnets
 etcd_lb_access                	    | private	  | Whether the etcd Load Balancer is launched in a public or private subnets
 
+
 #### _Public_ Network Access (default)
 
 ![](./images/public_cp_subnet_access.jpg)

From 428f84a515d227e48919530012fd0fc13f198b14 Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Thu, 22 Mar 2018 16:50:13 +0000
Subject: [PATCH 09/10] Update docs with review comments and make outputs
 consistant

---
 docs/input-variables.md    | 11 ++++++-----
 k8s-oci.tf                 |  8 ++------
 network/subnets/subnets.tf | 36 ++++++++++++++++++------------------
 network/vcn/output.tf      |  2 +-
 network/vcn/variables.tf   |  5 +----
 network/vcn/vcn.tf         |  6 +++---
 outputs.tf                 | 12 +++++++++---
 variables.tf               |  2 +-
 8 files changed, 41 insertions(+), 41 deletions(-)

diff --git a/docs/input-variables.md b/docs/input-variables.md
index dc08f01..ebf4515 100644
--- a/docs/input-variables.md
+++ b/docs/input-variables.md
@@ -15,14 +15,14 @@ region                              | us-phoenix-1            | String value of
 
 ## Optional Input Variables:
 
-### VNC Configuration
+### VCN Configuration
 
-By deafult a VCN, an Internet Gateway and a public route table out this gatewat will be created and used. If you wish to use an existing VCN then set the following variables
+By deafult a VCN, an Internet Gateway and a public route table out this gatewat will be created and used. If you wish to use an existing VCN then set the following variables. When using an existing VCN you need to make sure that the subnet ranges and DNS labels specified in the variables 'network_cidrs' and 'network_subnet_dns' do not overlap with existing values.
 
 name                                | default                 |
 ------------------------------------|-------------------------|------------
 vcn_id                              | "" (Optional)           | The VCN OCID to use to configure all subnets with
-dhcp_options_id                     | "" (Optional)   	      | The DCHP options of the VCN to use when creating subnets
+vcn_dhcp_options_id                 | "" (Optional)   	      | The DCHP options of the VCN to use when creating subnets
 public_routetable_id                | "" (Optional)           | The routetable OCID that has access to the public internet via a Internet Gateway
 
 ### Compute Instance Configuration
@@ -122,8 +122,9 @@ The following input variables are used to configure the inbound security rules o
 
 name                                | default                 | description
 ------------------------------------|-------------------------|------------
-network_cidrs                       | See map in variables.tf | A CIDR notation IP range of the VCN and its subnets.
-network_subnet_dns                  | See map in variables.tf | A DNS label for each of the subnet in the VCN (Max 15 characters)
+vcn_cidr                            | 10.0.0.0/16             | The A CIDR notation IP range of the VCN 
+network_cidrs                       | See map in variables.tf | A CIDR notation IP range of the subnets within the VCN.
+network_subnet_dns                  | See map in variables.tf | A DNS label for each of the subnets in the VCN (Max 15 characters)
 etcd_cluster_ingress                | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access the etcd cluster. Must be a subset of the VCN CIDR.
 etcd_ssh_ingress                    | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to SSH to etcd nodes. Must be a subset of the VCN CIDR.
 master_ssh_ingress                  | 10.0.0.0/16 (VCN only)  | A CIDR notation IP range that is allowed to access the master(s). Must be a subset of the VCN CIDR.
diff --git a/k8s-oci.tf b/k8s-oci.tf
index d8bc2ec..22e37ab 100644
--- a/k8s-oci.tf
+++ b/k8s-oci.tf
@@ -16,7 +16,7 @@ module "k8s-tls" {
 ### Virtual Cloud Network
 
 module "vcn" {
-  create_vcn                              = "${var.vcn_id == "" ? 1 : 0}"
+  create_vcn                              = "${var.vcn_id == "" ? "true" : "false"}"
   source                                  = "./network/vcn"
   compartment_ocid                        = "${var.compartment_ocid}"
   label_prefix                            = "${var.label_prefix}"
@@ -33,12 +33,8 @@ module "subnets" {
 
   # Use a existing VCN and public route table and dhcp options
   vcn_id                                  = "${var.vcn_id == "" ? join(" ",module.vcn.vcn_id) : var.vcn_id}"
-  dhcp_options_id                         = "${var.vcn_id == "" ? join(" ",module.vcn.dhcp_options_id) : var.dhcp_options_id}"
+  dhcp_options_id                         = "${var.vcn_id == "" ? join(" ",module.vcn.vcn_dhcp_options_id) : var.vcn_dhcp_options_id}"
   public_routetable_id                    = "${var.vcn_id == "" ? join(" ",module.vcn.public_routetable_id) : var.public_routetable_id}"
-  #vcn_id                                  = "${module.vcn.vcn_id}"
-  #dhcp_options_id                         = "${module.vcn.dhcp_options_id}"
-  #public_routetable_id                    = "${module.vcn.public_routetable_id}"
-  
   vcn_dns_name                            = "${var.vcn_dns_name}"
   additional_etcd_security_lists_ids      = "${var.additional_etcd_security_lists_ids}"
   additional_k8smaster_security_lists_ids = "${var.additional_k8s_master_security_lists_ids}"
diff --git a/network/subnets/subnets.tf b/network/subnets/subnets.tf
index 73f6cb7..bc4d819 100644
--- a/network/subnets/subnets.tf
+++ b/network/subnets/subnets.tf
@@ -10,7 +10,7 @@ resource "oci_core_subnet" "PublicSubnetAD1" {
   vcn_id              = "${var.vcn_id}"
   route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.PublicSecurityList.id), var.additional_public_security_lists_ids)}"]
-  dhcp_options_id     = "${var.dhcp_options_id}"
+ dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "PublicSubnetAD2" {
@@ -22,7 +22,7 @@ resource "oci_core_subnet" "PublicSubnetAD2" {
   vcn_id              = "${var.vcn_id}"
   route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.PublicSecurityList.id), var.additional_public_security_lists_ids)}"]
-  dhcp_options_id     = "${var.dhcp_options_id}"
+ dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "PublicSubnetAD3" {
@@ -34,7 +34,7 @@ resource "oci_core_subnet" "PublicSubnetAD3" {
   vcn_id              = "${var.vcn_id}"
   route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.PublicSecurityList.id), var.additional_public_security_lists_ids)}"]
-  dhcp_options_id     = "${var.dhcp_options_id}"
+ dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "NATSubnetAD1" {
@@ -47,7 +47,7 @@ resource "oci_core_subnet" "NATSubnetAD1" {
   vcn_id              = "${var.vcn_id}"
   route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.NatSecurityList.id), var.additional_nat_security_lists_ids)}"]
-  dhcp_options_id     = "${var.dhcp_options_id}"
+ dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "NATSubnetAD2" {
@@ -59,7 +59,7 @@ resource "oci_core_subnet" "NATSubnetAD2" {
   vcn_id              = "${var.vcn_id}"
   route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.NatSecurityList.id), var.additional_nat_security_lists_ids)}"]
-  dhcp_options_id     = "${var.dhcp_options_id}"
+ dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "NATSubnetAD3" {
@@ -71,7 +71,7 @@ resource "oci_core_subnet" "NATSubnetAD3" {
   vcn_id              = "${var.vcn_id}"
   route_table_id      = "${var.public_routetable_id}"
   security_list_ids   = ["${concat(list(oci_core_security_list.NatSecurityList.id), var.additional_nat_security_lists_ids)}"]
-  dhcp_options_id     = "${var.dhcp_options_id}"
+ dhcp_options_id     = "${var.dhcp_options_id}"
 }
 
 resource "oci_core_subnet" "etcdSubnetAD1" {
@@ -84,7 +84,7 @@ resource "oci_core_subnet" "etcdSubnetAD1" {
 
   # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD1 first pick)
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.EtcdSubnet.id), var.additional_etcd_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -104,7 +104,7 @@ resource "oci_core_subnet" "etcdSubnetAD2" {
 
   # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD2 first pick)
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.EtcdSubnet.id), var.additional_etcd_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -123,7 +123,7 @@ resource "oci_core_subnet" "etcdSubnetAD3" {
 
   # Work around HIL issue #50 using join and use coalesce to pick the first route that is not empty (AD3 first pick)
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.EtcdSubnet.id), var.additional_etcd_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -140,7 +140,7 @@ resource "oci_core_subnet" "k8sMasterSubnetAD1" {
   dns_label                  = "${lookup(var.network_subnet_dns, "masterSubnetAD1")}"
   vcn_id                     = "${var.vcn_id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SMasterSubnet.id), var.additional_k8smaster_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -157,7 +157,7 @@ resource "oci_core_subnet" "k8sMasterSubnetAD2" {
   dns_label                  = "${lookup(var.network_subnet_dns, "masterSubnetAD2")}"
   vcn_id                     = "${var.vcn_id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SMasterSubnet.id), var.additional_k8smaster_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -174,7 +174,7 @@ resource "oci_core_subnet" "k8sMasterSubnetAD3" {
   dns_label                  = "${lookup(var.network_subnet_dns, "masterSubnetAD3")}"
   vcn_id                     = "${var.vcn_id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SMasterSubnet.id), var.additional_k8smaster_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -191,7 +191,7 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD1" {
   dns_label                  = "${lookup(var.network_subnet_dns, "workerSubnetAD1")}"
   vcn_id                     = "${var.vcn_id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SWorkerSubnet.id), var.additional_k8sworker_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -208,7 +208,7 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD2" {
   dns_label                  = "${lookup(var.network_subnet_dns, "workerSubnetAD2")}"
   vcn_id                     = "${var.vcn_id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SWorkerSubnet.id), var.additional_k8sworker_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -225,7 +225,7 @@ resource "oci_core_subnet" "k8sWorkerSubnetAD3" {
   dns_label                  = "${lookup(var.network_subnet_dns, "workerSubnetAD3")}"
   vcn_id                     = "${var.vcn_id}"
   route_table_id             = "${var.control_plane_subnet_access == "private" ? coalesce(join(" ", oci_core_route_table.NATInstanceAD3RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD1RouteTable.*.id), join(" ", oci_core_route_table.NATInstanceAD2RouteTable.*.id), var.public_routetable_id) : var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${concat(list(oci_core_security_list.K8SWorkerSubnet.id), var.additional_k8sworker_security_lists_ids)}"]
   prohibit_public_ip_on_vnic = "${var.control_plane_subnet_access == "private" ? "true" : "false"}"
 
@@ -245,7 +245,7 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD1" {
   dns_label                  = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD1")}"
   vcn_id                     = "${var.vcn_id}"
   route_table_id             = "${var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${oci_core_security_list.K8SCCMLBSubnet.id}"]
   prohibit_public_ip_on_vnic = "false"
 
@@ -262,7 +262,7 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD2" {
   dns_label                  = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD2")}"
   vcn_id                     = "${var.vcn_id}"
   route_table_id             = "${var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${oci_core_security_list.K8SCCMLBSubnet.id}"]
   prohibit_public_ip_on_vnic = "false"
 
@@ -279,7 +279,7 @@ resource "oci_core_subnet" "k8sCCMLBSubnetAD3" {
   dns_label                  = "${lookup(var.network_subnet_dns, "k8sCCMLBSubnetAD3")}"
   vcn_id                     = "${var.vcn_id}"
   route_table_id             = "${var.public_routetable_id}"
-  dhcp_options_id            = "${var.dhcp_options_id}"
+ dhcp_options_id            = "${var.dhcp_options_id}"
   security_list_ids          = ["${oci_core_security_list.K8SCCMLBSubnet.id}"]
   prohibit_public_ip_on_vnic = "false"
 
diff --git a/network/vcn/output.tf b/network/vcn/output.tf
index 45eba0f..c9e8153 100644
--- a/network/vcn/output.tf
+++ b/network/vcn/output.tf
@@ -6,7 +6,7 @@ output "public_routetable_id" {
   value ="${oci_core_route_table.PublicRouteTable.*.id}"
 }
 
-output "dhcp_options_id" {
+output "vcn_dhcp_options_id" {
   value ="${oci_core_virtual_network.CompleteVCN.*.default_dhcp_options_id}"
 }
 
diff --git a/network/vcn/variables.tf b/network/vcn/variables.tf
index 6e8828c..e8fe2e7 100644
--- a/network/vcn/variables.tf
+++ b/network/vcn/variables.tf
@@ -1,11 +1,8 @@
 variable "vcn_dns_name" {
   default = "k8sbmcs"
-
 }
 
-variable "create_vcn" {
-
-}
+variable "create_vcn" {}
 
 variable "vcn_cidr" {
   default = "10.0.0.0/16"
diff --git a/network/vcn/vcn.tf b/network/vcn/vcn.tf
index 41d482a..6b6b64d 100644
--- a/network/vcn/vcn.tf
+++ b/network/vcn/vcn.tf
@@ -1,5 +1,5 @@
 resource "oci_core_virtual_network" "CompleteVCN" {
-  count          = "${var.create_vcn}"
+  count          = "${var.create_vcn == "true" ? 1 : 0}"
   cidr_block     = "${var.vcn_cidr}"
   compartment_id = "${var.compartment_ocid}"
   display_name   = "${var.label_prefix}${var.vcn_dns_name}"
@@ -7,14 +7,14 @@ resource "oci_core_virtual_network" "CompleteVCN" {
 }
 
 resource "oci_core_internet_gateway" "PublicIG" {
-  count          = "${var.create_vcn}"
+  count          = "${var.create_vcn == "true" ? 1 : 0}"
   compartment_id = "${var.compartment_ocid}"
   display_name   = "${var.label_prefix}PublicIG"
   vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
 }
 
 resource "oci_core_route_table" "PublicRouteTable" {
-  count          = "${var.create_vcn}"
+  count          = "${var.create_vcn == "true" ? 1 : 0}"
   compartment_id = "${var.compartment_ocid}"
   vcn_id         = "${oci_core_virtual_network.CompleteVCN.id}"
   display_name   = "${var.label_prefix}RouteTableForComplete"
diff --git a/outputs.tf b/outputs.tf
index fdd7725..d227730 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -27,15 +27,21 @@ output "etcd_lb_backendset_2380_name" {
 }
 
 output "vcn_id" {
-  value = "${module.vcn.vcn_id}"
+  value = "${var.vcn_id == "" ? join(" ",module.vcn.vcn_id) : var.vcn_id}"
 }
 
+# Same as below but kept for backwards compatability
 output "vcn_route_for_complete_id" {
-  value = "${module.vcn.public_routetable_id}"
+  value = "${var.vcn_id == "" ? join(" ",module.vcn.public_routetable_id) : var.public_routetable_id}"
 }
 
+output "public_routetable_id" {
+  value = "${var.vcn_id == "" ? join(" ",module.vcn.public_routetable_id) : var.public_routetable_id}"
+}
+
+
 output "vcn_dhcp_options_id" {
-  value = "${module.vcn.dhcp_options_id}"
+  value = "${var.vcn_id == "" ? join(" ",module.vcn.vcn_dhcp_options_id) : var.vcn_dhcp_options_id}"
 }
 
 output "etcd_subnet_ids" {
diff --git a/variables.tf b/variables.tf
index b36696f..8b1f00f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -12,7 +12,7 @@ variable "public_routetable_id" {
   default = ""
 }
 
-variable "dhcp_options_id" {
+variable "vcn_dhcp_options_id" {
   default = ""
 }
 

From bb494f1d4725b43db9fa86575913ea570d5dc721 Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Fri, 23 Mar 2018 13:49:39 +0000
Subject: [PATCH 10/10] Fix example to use correct name

---
 terraform.example.tfvars | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform.example.tfvars b/terraform.example.tfvars
index 5fc562d..3f27060 100644
--- a/terraform.example.tfvars
+++ b/terraform.example.tfvars
@@ -7,7 +7,7 @@
 
 # VCN
 #vcn_id = "ocid1.vcn.oc1.phx.aaaaaaaa545hjqe26s77xpiiuyznb6baxym5ff6lnx5asgggnptwfcg3t7na"
-#dhcp_options_id = "ocid1.dhcpoptions.oc1.phx.aaaaaaaat27e4e6li545u4tnymwk7452gpxvqcszg6jbflpfqvtr7vkxjqnq"
+#vcn_dhcp_options_id = "ocid1.dhcpoptions.oc1.phx.aaaaaaaat27e4e6li545u4tnymwk7452gpxvqcszg6jbflpfqvtr7vkxjqnq"
 #public_routetable_id = "ocid1.routetable.oc1.phx.aaaaaaaab5obbsciewyf73r4ggm26uvmykqbyhwphwqiuvqpune3bosoyey
 
 # CCM user