rancher
diff --git a/‎docs/resources/cluster.md‎
Lines changed: 6 additions & 0 deletions b/‎docs/resources/cluster.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎rancher2/schema_cluster_oke_config.go‎
Lines changed: 131 additions & 101 deletions b/‎rancher2/schema_cluster_oke_config.go‎
Lines changed: 131 additions & 101 deletions
@@ -1779,14 +1779,20 @@ The following arguments are supported:
 
 The following arguments are supported:
 
+* `cluster_type` - (Optional) Choose basic or enhanced cluster. Default `basic` (string)
 * `compartment_id` - (Required) The OCID of the compartment in which to create resources OKE cluster and related resources (string)
 * `custom_boot_volume_size` - (Optional) Optional custom boot volume size (GB) for all nodes. If you specify 0, it will apply the default according to the `node_image` specified. Default `0` (int)
 * `description` - (Optional) An optional description of this cluster (string)
 * `enable_private_control_plane` - (Optional) Specifies whether Kubernetes API endpoint is a private IP only accessible from within the VCN. Default `false` for Rancher v2.5.10 and above (bool)
 * `enable_kubernetes_dashboard` - (Optional) Specifies whether to enable the Kubernetes dashboard. Default `false` (bool)
 * `enable_private_nodes` - (Optional) Specifies whether worker nodes will be deployed into a new, private, subnet. Default `false` (bool)
+* `eviction_grace_duration` - (Optional) Specifies the grace period in minutes to allow cordon and drain to complete. Default `\"5\"` (string)
 * `fingerprint` - (Required) The fingerprint corresponding to the specified user's private API Key (string)
 * `flex_ocpus` - (Optional) Specifies number of OCPUs for nodes (requires flexible shape specified with `node_shape`) (int)
+* `flex_memory_in_gbs` - (Optional) Specifies number amount of memory in GB for nodes (requires flexible shape specified with `node_shape`) (int)
+* `fingerprint` - (Required) The fingerprint corresponding to the specified user's private API Key (string)
+* `force_delete_after_grace_duration` - (Optional) Specifies whether to send a SIGKILL signal if a pod does not terminate within the specified grace period. See also `eviction_grace_duration`. Default `false` (bool)
+* `image_verification_kms_key_id` - (Optional) Comma separated list of OCID(s) of the KMS key to verify the image signatures (string)
 * `kms_key_id` - (Optional) The OCID of a KMS vault master key used to encrypt secrets at rest. See [here](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengencryptingdata.htm) for help creating a vault and master encryption key. For Rancher v2.5.9 and above (string)
 * `kubernetes_version` - (Required) The Kubernetes version that will be used for your master *and* OKE worker nodes (string)
 * `limit_node_count` - (Optional) The maximum number of worker nodes. Can limit `quantity_per_subnet`. Default `0` (no limit) (int)
 
@@ -14,49 +14,59 @@ const (
 //Types
 
 type OracleKubernetesEngineConfig struct {
-	CompartmentID               string `json:"compartmentId,omitempty" yaml:"compartmentId,omitempty"`
-	CustomBootVolumeSize        int64  `json:"customBootVolumeSize,omitempty" yaml:"customBootVolumeSize,omitempty"`
-	Description                 string `json:"description,omitempty" yaml:"description,omitempty"`
-	DisplayName                 string `json:"displayName,omitempty" yaml:"displayName,omitempty"`
-	EnableKubernetesDashboard   bool   `json:"enableKubernetesDashboard,omitempty" yaml:"enableKubernetesDashboard,omitempty"`
-	Fingerprint                 string `json:"fingerprint,omitempty" yaml:"fingerprint,omitempty"`
-	FlexOCPUs                   int64  `json:"flexOcpus,omitempty" yaml:"flexOcpus,omitempty"`
-	KubernetesVersion           string `json:"kubernetesVersion,omitempty" yaml:"kubernetesVersion,omitempty"`
-	DriverName                  string `json:"driverName,omitempty" yaml:"driverName,omitempty"`
-	KMSKeyID                    string `json:"kmsKeyId" yaml:"kmsKeyId"`
-	LimitNodeCount              int64  `json:"limitNodeCount,omitempty" yaml:"limitNodeCount,omitempty"`
-	Name                        string `json:"name,omitempty" yaml:"name,omitempty"`
-	NodeImage                   string `json:"nodeImage,omitempty" yaml:"nodeImage,omitempty"`
-	NodePoolSubnetDNSDomainName string `json:"nodePoolDnsDomainName,omitempty" yaml:"nodePoolDnsDomainName,omitempty"`
-	NodePoolSubnetName          string `json:"nodePoolSubnetName,omitempty" yaml:"nodePoolSubnetName,omitempty"`
-	NodePublicSSHKeyContents    string `json:"nodePublicKeyContents,omitempty" yaml:"nodePublicKeyContents,omitempty"`
-	NodeShape                   string `json:"nodeShape,omitempty" yaml:"nodeShape,omitempty"`
-	NodeUserDataContents        string `json:"nodeUserDataContents,omitempty" yaml:"nodeUserDataContents,omitempty"`
-	PrivateControlPlane         bool   `json:"enablePrivateControlPlane,omitempty" yaml:"enablePrivateControlPlane,omitempty"`
-	PrivateKeyContents          string `json:"privateKeyContents,omitempty" yaml:"privateKeyContents,omitempty"`
-	PrivateKeyPassphrase        string `json:"privateKeyPassphrase,omitempty" yaml:"privateKeyPassphrase,omitempty"`
-	PrivateNodes                bool   `json:"enablePrivateNodes,omitempty" yaml:"enablePrivateNodes,omitempty"`
-	PodCidr                     string `json:"podCidr,omitempty" yaml:"podCidr,omitempty"`
-	QuantityOfSubnets           int64  `json:"quantityOfNodeSubnets,omitempty" yaml:"quantityOfNodeSubnets,omitempty"`
-	QuantityPerSubnet           int64  `json:"quantityPerSubnet,omitempty" yaml:"quantityPerSubnet,omitempty"`
-	Region                      string `json:"region,omitempty" yaml:"region,omitempty"`
-	ServiceCidr                 string `json:"serviceCidr,omitempty" yaml:"serviceCidr,omitempty"`
-	ServiceLBSubnet1Name        string `json:"loadBalancerSubnetName1,omitempty" yaml:"loadBalancerSubnetName1,omitempty"`
-	ServiceLBSubnet2Name        string `json:"loadBalancerSubnetName2,omitempty" yaml:"loadBalancerSubnetName2,omitempty"`
-	ServiceSubnetDNSDomainName  string `json:"serviceDnsDomainName,omitempty" yaml:"serviceDnsDomainName,omitempty"`
-	SkipVCNDelete               bool   `json:"skipVcnDelete,omitempty" yaml:"skipVcnDelete,omitempty"`
-	TenancyID                   string `json:"tenancyId,omitempty" yaml:"tenancyId,omitempty"`
-	UserOCID                    string `json:"userOcid,omitempty" yaml:"userOcid,omitempty"`
-	VCNName                     string `json:"vcnName,omitempty" yaml:"vcnName,omitempty"`
-	VcnCompartmentID            string `json:"vcnCompartmentId,omitempty" yaml:"vcnCompartmentId,omitempty"`
-	WorkerNodeIngressCidr       string `json:"workerNodeIngressCidr,omitempty" yaml:"workerNodeIngressCidr,omitempty"`
+	ClusterType                   string `json:"clusterType,omitempty" yaml:"clusterType,omitempty"`
+	CompartmentID                 string `json:"compartmentId,omitempty" yaml:"compartmentId,omitempty"`
+	CustomBootVolumeSize          int64  `json:"customBootVolumeSize,omitempty" yaml:"customBootVolumeSize,omitempty"`
+	Description                   string `json:"description,omitempty" yaml:"description,omitempty"`
+	DisplayName                   string `json:"displayName,omitempty" yaml:"displayName,omitempty"`
+	DriverName                    string `json:"driverName,omitempty" yaml:"driverName,omitempty"`
+	EnableKubernetesDashboard     bool   `json:"enableKubernetesDashboard,omitempty" yaml:"enableKubernetesDashboard,omitempty"`
+	EvictionGraceDuration         string `json:"evictionGraceDuration,omitempty" yaml:"evictionGraceDuration,omitempty"`
+	Fingerprint                   string `json:"fingerprint,omitempty" yaml:"fingerprint,omitempty"`
+	FlexMemoryInGBs               int64  `json:"flexMemoryInGBs,omitempty" yaml:"flexMemoryInGBs,omitempty"`
+	FlexOCPUs                     int64  `json:"flexOcpus,omitempty" yaml:"flexOcpus,omitempty"`
+	ForceDeleteAfterGraceDuration bool   `json:"forceDeleteAfterGraceDuration,omitempty" yaml:"forceDeleteAfterGraceDuration,omitempty"`
+	ImageVerificationKmsKeyID     string `json:"imageVerificationKmsKeyID,omitempty" yaml:"imageVerificationKmsKeyID,omitempty"`
+	KMSKeyID                      string `json:"kmsKeyId" yaml:"kmsKeyId"`
+	KubernetesVersion             string `json:"kubernetesVersion,omitempty" yaml:"kubernetesVersion,omitempty"`
+	LimitNodeCount                int64  `json:"limitNodeCount,omitempty" yaml:"limitNodeCount,omitempty"`
+	Name                          string `json:"name,omitempty" yaml:"name,omitempty"`
+	NodeImage                     string `json:"nodeImage,omitempty" yaml:"nodeImage,omitempty"`
+	NodePoolSubnetDNSDomainName   string `json:"nodePoolDnsDomainName,omitempty" yaml:"nodePoolDnsDomainName,omitempty"`
+	NodePoolSubnetName            string `json:"nodePoolSubnetName,omitempty" yaml:"nodePoolSubnetName,omitempty"`
+	NodePublicSSHKeyContents      string `json:"nodePublicKeyContents,omitempty" yaml:"nodePublicKeyContents,omitempty"`
+	NodeShape                     string `json:"nodeShape,omitempty" yaml:"nodeShape,omitempty"`
+	NodeUserDataContents          string `json:"nodeUserDataContents,omitempty" yaml:"nodeUserDataContents,omitempty"`
+	PodCidr                       string `json:"podCidr,omitempty" yaml:"podCidr,omitempty"`
+	PrivateControlPlane           bool   `json:"enablePrivateControlPlane,omitempty" yaml:"enablePrivateControlPlane,omitempty"`
+	PrivateKeyContents            string `json:"privateKeyContents,omitempty" yaml:"privateKeyContents,omitempty"`
+	PrivateKeyPassphrase          string `json:"privateKeyPassphrase,omitempty" yaml:"privateKeyPassphrase,omitempty"`
+	PrivateNodes                  bool   `json:"enablePrivateNodes,omitempty" yaml:"enablePrivateNodes,omitempty"`
+	QuantityOfSubnets             int64  `json:"quantityOfNodeSubnets,omitempty" yaml:"quantityOfNodeSubnets,omitempty"`
+	QuantityPerSubnet             int64  `json:"quantityPerSubnet,omitempty" yaml:"quantityPerSubnet,omitempty"`
+	Region                        string `json:"region,omitempty" yaml:"region,omitempty"`
+	ServiceCidr                   string `json:"serviceCidr,omitempty" yaml:"serviceCidr,omitempty"`
+	ServiceLBSubnet1Name          string `json:"loadBalancerSubnetName1,omitempty" yaml:"loadBalancerSubnetName1,omitempty"`
+	ServiceLBSubnet2Name          string `json:"loadBalancerSubnetName2,omitempty" yaml:"loadBalancerSubnetName2,omitempty"`
+	ServiceSubnetDNSDomainName    string `json:"serviceDnsDomainName,omitempty" yaml:"serviceDnsDomainName,omitempty"`
+	SkipVCNDelete                 bool   `json:"skipVcnDelete,omitempty" yaml:"skipVcnDelete,omitempty"`
+	TenancyID                     string `json:"tenancyId,omitempty" yaml:"tenancyId,omitempty"`
+	UserOCID                      string `json:"userOcid,omitempty" yaml:"userOcid,omitempty"`
+	VcnCompartmentID              string `json:"vcnCompartmentId,omitempty" yaml:"vcnCompartmentId,omitempty"`
+	VCNName                       string `json:"vcnName,omitempty" yaml:"vcnName,omitempty"`
+	WorkerNodeIngressCidr         string `json:"workerNodeIngressCidr,omitempty" yaml:"workerNodeIngressCidr,omitempty"`
 }
 
 //Schemas
 
 func clusterOKEConfigFields() map[string]*schema.Schema {
 	s := map[string]*schema.Schema{
 
+		"cluster_type": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "Optionally specify a cluster type of basic or enhanced",
+		},
 		"compartment_id": {
 			Type:        schema.TypeString,
 			Required:    true,
@@ -67,84 +77,73 @@ func clusterOKEConfigFields() map[string]*schema.Schema {
 			Optional:    true,
 			Description: "An optional custom boot volume size (in GB) for the nodes",
 		},
-		"fingerprint": {
+		"description": {
 			Type:        schema.TypeString,
-			Required:    true,
-			Description: "The fingerprint corresponding to the specified user's private API Key",
-		},
-		"flex_ocpus": {
-			Type:        schema.TypeInt,
 			Optional:    true,
-			Description: "Optional number of OCPUs for nodes (requires flexible node_shape)",
+			Description: "An optional description of this cluster",
 		},
-		"kms_key_id": {
-			Type:        schema.TypeString,
+		"enable_kubernetes_dashboard": {
+			Type:        schema.TypeBool,
 			Optional:    true,
-			Sensitive:   true,
-			Description: "Optional specify the OCID of the KMS Vault master key",
-		},
-		"kubernetes_version": {
-			Type:        schema.TypeString,
-			Required:    true,
-			Description: "The Kubernetes version that will be used for your master *and* worker nodes e.g. v1.22.5",
+			Default:     false,
+			Description: "Enable the kubernetes dashboard",
 		},
-		"limit_node_count": {
-			Type:        schema.TypeInt,
+		"enable_private_control_plane": {
+			Type:        schema.TypeBool,
 			Optional:    true,
-			Description: "Optional limit on the total number of nodes in the pool",
+			Description: "Whether Kubernetes API endpoint is a private IP only accessible from within the VCN",
 		},
-		"node_image": {
-			Type:        schema.TypeString,
-			Required:    true,
-			Description: "The OS for the node image",
+		"enable_private_nodes": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Default:     false,
+			Description: "Whether worker nodes are deployed into a new private subnet",
 		},
-		"node_shape": {
+		"eviction_grace_duration": {
 			Type:        schema.TypeString,
-			Required:    true,
-			Description: "The shape of the node (determines number of CPUs and  amount of memory on each node)",
+			Optional:    true,
+			Description: "The optional grace period in minutes to allow cordon and drain to complete successfuly",
 		},
-		"private_key_contents": {
+		"fingerprint": {
 			Type:        schema.TypeString,
 			Required:    true,
-			Sensitive:   true,
-			Description: "The private API key file contents for the specified user, in PEM format",
+			Description: "The fingerprint corresponding to the specified user's private API Key",
 		},
-		"region": {
-			Type:        schema.TypeString,
-			Required:    true,
-			Description: "The availability domain within the region to host the OKE cluster",
+		"flex_memory_in_gbs": {
+			Type:        schema.TypeInt,
+			Optional:    true,
+			Description: "Optional amount of memory in GB for nodes (requires flexible node_shape)",
 		},
-		"tenancy_id": {
-			Type:        schema.TypeString,
-			Required:    true,
-			Description: "The OCID of the tenancy in which to create resources",
+		"flex_ocpus": {
+			Type:        schema.TypeInt,
+			Optional:    true,
+			Description: "Optional number of OCPUs for nodes (requires flexible node_shape)",
 		},
-		"user_ocid": {
-			Type:        schema.TypeString,
-			Required:    true,
-			Description: "The OCID of a user who has access to the tenancy/compartment",
+		"force_delete_after_grace_duration": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Default:     false,
+			Description: "Whether to send a SIGKILL signal if a pod does not terminate within the specified grace period",
 		},
-		"description": {
+		"image_verification_kms_key_id": {
 			Type:        schema.TypeString,
 			Optional:    true,
-			Description: "An optional description of this cluster",
+			Description: "Optional specify a comma separated list of master encryption key OCID(s) to verify images",
 		},
-		"enable_private_control_plane": {
-			Type:        schema.TypeBool,
+		"kms_key_id": {
+			Type:        schema.TypeString,
 			Optional:    true,
-			Description: "Whether Kubernetes API endpoint is a private IP only accessible from within the VCN",
+			Description: "Optional specify the OCID of the KMS Vault master key",
 		},
-		"enable_kubernetes_dashboard": {
-			Type:        schema.TypeBool,
-			Optional:    true,
-			Default:     false,
-			Description: "Enable the kubernetes dashboard",
+		"kubernetes_version": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "The Kubernetes version that will be used for your master *and* worker nodes e.g. v1.33.1",
 		},
-		"enable_private_nodes": {
-			Type:        schema.TypeBool,
+		"limit_node_count": {
+			Type:        schema.TypeInt,
 			Optional:    true,
-			Default:     false,
-			Description: "Whether worker nodes are deployed into a new private subnet",
+			Description: "Optional limit on the total number of nodes in the pool",
 		},
 		"load_balancer_subnet_name_1": {
 			Type:        schema.TypeString,
@@ -156,6 +155,11 @@ func clusterOKEConfigFields() map[string]*schema.Schema {
 			Optional:    true,
 			Description: "The (optional) name of a second existing subnet to use for Kubernetes services / LB",
 		},
+		"node_image": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "The OS for the node image",
+		},
 		"node_pool_dns_domain_name": {
 			Type:        schema.TypeString,
 			Optional:    true,
@@ -173,11 +177,27 @@ func clusterOKEConfigFields() map[string]*schema.Schema {
 			Optional:    true,
 			Description: "The contents of the SSH public key file to use for the nodes",
 		},
+		"node_shape": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "The shape of the node (determines number of CPUs and  amount of memory on each node)",
+		},
 		"node_user_data_contents": {
 			Type:        schema.TypeString,
 			Optional:    true,
 			Description: "The contents of custom cloud-init / user_data for the nodes - will be base64 encoded internally if it is not already",
 		},
+		"pod_cidr": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "Optional specify the pod CIDR, defaults to 10.244.0.0/16",
+		},
+		"private_key_contents": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Sensitive:   true,
+			Description: "The private API key file contents for the specified user, in PEM format",
+		},
 		"private_key_passphrase": {
 			Type:        schema.TypeString,
 			Optional:    true,
@@ -195,6 +215,16 @@ func clusterOKEConfigFields() map[string]*schema.Schema {
 			Default:     1,
 			Description: "Number of worker nodes in each subnet / availability domain",
 		},
+		"region": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "The availability domain within the region to host the OKE cluster",
+		},
+		"service_cidr": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "Optional specify the service CIDR, defaults to 10.96.0.0/16",
+		},
 		"service_dns_domain_name": {
 			Type:        schema.TypeString,
 			Optional:    true,
@@ -207,6 +237,16 @@ func clusterOKEConfigFields() map[string]*schema.Schema {
 			Default:     false,
 			Description: "Whether to skip deleting VCN",
 		},
+		"tenancy_id": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "The OCID of the tenancy in which to create resources",
+		},
+		"user_ocid": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "The OCID of a user who has access to the tenancy/compartment",
+		},
 		"vcn_compartment_id": {
 			Type:        schema.TypeString,
 			Optional:    true,
@@ -222,16 +262,6 @@ func clusterOKEConfigFields() map[string]*schema.Schema {
 			Optional:    true,
 			Description: "Additional CIDR from which to allow ingress to worker nodes",
 		},
-		"pod_cidr": {
-			Type:        schema.TypeString,
-			Optional:    true,
-			Description: "Optional specify the pod CIDR, defaults to 10.244.0.0/16",
-		},
-		"service_cidr": {
-			Type:        schema.TypeString,
-			Optional:    true,
-			Description: "Optional specify the service CIDR, defaults to 10.96.0.0/16",
-		},
 	}
 
 	return s