diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
new file mode 100644
index 0000000..57720c6
--- /dev/null
+++ b/terraform/.terraform.lock.hcl
@@ -0,0 +1,149 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version     = "2.6.0"
+  constraints = "~> 2.6.0"
+  hashes = [
+    "h1:BPCVkd80+iJiI6z2M1R1+0rI0h6Q2vNGdQG3uNsTtts=",
+    "h1:QZcB0CGaRloxrq1JjHF4ZLauaoJ8fHF2MsXFezR0COw=",
+    "h1:i+fbwv8Vk8n5kQc+spEtzvCNF4yo2exzSAZhL0ipFuo=",
+    "h1:rGVucCeYAqklKupwoLVG5VPQTIkUhO7WGcw3WuHYrm8=",
+    "h1:tjCJvA66J9SPd4Y8K034/E3jIBjPJYPqsmdWewNvuaI=",
+    "zh:0ac248c28acc1a4fd11bd26a85e48ab78dd6abf0f7ac842bf1cd7edd05ac6cf8",
+    "zh:3d32c8deae3740d8c5310136cc11c8afeffc350fbf88afaca0c34a223a5246f5",
+    "zh:4055a27489733d19ca7fa2dfce14d323fe99ae9dede7d0fea21ee6db0b9ca74b",
+    "zh:58a8ed39653fd4c874a2ecb128eccfa24c94266a00e349fd7fb13e22ad81f381",
+    "zh:6c81508044913f25083de132d0ff81d083732aba07c506cc2db05aa0cefcde2c",
+    "zh:7db5d18093047bfc4fe597f79610c0a281b21db0d61b0bacb3800585e976f814",
+    "zh:8269207b7422db99e7be80a5352d111966c3dfc7eb98511f11c8ff7b2e813456",
+    "zh:b1d7ababfb2374e72532308ff442cc906b79256b66b3fe7a98d42c68c4ddf9c5",
+    "zh:ca63e226cbdc964a5d63ef21189f059ce45c3fa4a5e972204d6916a9177d2b44",
+    "zh:d205a72d60e8cc362943d66f5bcdd6b6aaaa9aab2b89fd83bf6f1978ac0b1e4c",
+    "zh:db47dc579a0e68e5bfe3a61f2e950e6e2af82b1f388d1069de014a937962b56a",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version     = "2.12.1"
+  constraints = "~> 2.12.1"
+  hashes = [
+    "h1:5Ah5IKrQyHeaxPxCYYIJ6+SXTMTlbv6KUHshD0BRI1I=",
+    "h1:6ZgqegUao9WcfVzYg7taxCQOQldTmMVw0HqjG5S46OY=",
+    "h1:BLBcNgY3p4QnRKisknoCHJpa9+Zn423t17lpsSyeCIg=",
+    "h1:YdDA370JByM9HT5GdLpt34z3BvcVW4BnVXqdgB/vZ6I=",
+    "h1:iAS9NYD0DjjmKpge74+y6nRltWkF+jkEpavWOEgq4jY=",
+    "zh:1ecb2adff52754fb4680c7cfe6143d1d8c264b00bb0c44f07f5583b1c7f978b8",
+    "zh:1fbd155088cd5818ad5874e4d59ccf1801e4e1961ac0711442b963315f1967ab",
+    "zh:29e927c7c8f112ee0e8ab70e71b498f2f2ae6f47df1a14e6fd0fdb6f14b57c00",
+    "zh:42c2f421da6b5b7c997e42aa04ca1457fceb13dd66099a057057a0812b680836",
+    "zh:522a7bccd5cd7acbb4ec3ef077d47f4888df7e59ff9f3d598b717ad3ee4fe9c9",
+    "zh:b45d8dc5dcbc5e30ae570d0c2e198505f47d09098dfd5f004871be8262e6ec1e",
+    "zh:c3ea0943f2050001c7d6a7115b9b990f148b082ebfc4ff3c2ff3463a8affcc4a",
+    "zh:f111833a64e06659d2e21864de39b7b7dec462615294d02f04c777956742a930",
+    "zh:f182dba5707b90b0952d5984c23f7a2da3baa62b4d71e78df7759f16cc88d957",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "zh:f76655a68680887daceabd947b2f68e2103f5bbec49a2bc29530f82ab8e3bca3",
+    "zh:fadb77352caa570bd3259dfb59c31db614d55bc96df0ff15a3c0cd2e685678b9",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/local" {
+  version     = "2.2.3"
+  constraints = "~> 2.2.3"
+  hashes = [
+    "h1:3bH88Z7tlWvcoubm6hQUBk3s9bSIJC8bVHQz749B87E=",
+    "h1:FvRIEgCmAezgZUqb2F+PZ9WnSSnR5zbEM2ZI+GLmbMk=",
+    "h1:KmHz81iYgw9Xn2L3Carc2uAzvFZ1XsE7Js3qlVeC77k=",
+    "h1:Q3jfOfv6aoLDw/clZGDOaUqUtQjEgeK6Qi8HHMlFO7A=",
+    "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=",
+    "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0",
+    "zh:6484f1b3e9e3771eb7cc8e8bab8b35f939a55d550b3f4fb2ab141a24269ee6aa",
+    "zh:78a56d59a013cb0f7eb1c92815d6eb5cf07f8b5f0ae20b96d049e73db915b238",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:8aa9950f4c4db37239bcb62e19910c49e47043f6c8587e5b0396619923657797",
+    "zh:996beea85f9084a725ff0e6473a4594deb5266727c5f56e9c1c7c62ded6addbb",
+    "zh:9a7ef7a21f48fabfd145b2e2a4240ca57517ad155017e86a30860d7c0c109de3",
+    "zh:a63e70ac052aa25120113bcddd50c1f3cfe61f681a93a50cea5595a4b2cc3e1c",
+    "zh:a6e8d46f94108e049ad85dbed60354236dc0b9b5ec8eabe01c4580280a43d3b8",
+    "zh:bb112ce7efbfcfa0e65ed97fa245ef348e0fd5bfa5a7e4ab2091a9bd469f0a9e",
+    "zh:d7bec0da5c094c6955efed100f3fe22fca8866859f87c025be1760feb174d6d9",
+    "zh:fb9f271b72094d07cef8154cd3d50e9aa818a0ea39130bc193132ad7b23076fd",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+  version     = "3.3.2"
+  constraints = "~> 3.3.2"
+  hashes = [
+    "h1:BgC3HcQhraeo8opJqoLm07Jcs4otOu2XrY2ppVeRMpg=",
+    "h1:Fu0IKMy46WsO5Y6KfuH9IFkkuxZjE/gIcgtB7GWkTtc=",
+    "h1:H5V+7iXol/EHB2+BUMzGlpIiCOdV74H8YjzCxnSAWcg=",
+    "h1:YChjos7Hrvr2KgTc9GzQ+de/QE2VLAeRJgxFemnCltU=",
+    "h1:rGCyrtzi+H9apmpwzMSJ4xNra7veNM7y6JRkBhO68wM=",
+    "zh:038293aebfede983e45ee55c328e3fde82ae2e5719c9bd233c324cfacc437f9c",
+    "zh:07eaeab03a723d83ac1cc218f3a59fceb7bbf301b38e89a26807d1c93c81cef8",
+    "zh:427611a4ce9d856b1c73bea986d841a969e4c2799c8ac7c18798d0cc42b78d32",
+    "zh:49718d2da653c06a70ba81fd055e2b99dfd52dcb86820a6aeea620df22cd3b30",
+    "zh:5574828d90b19ab762604c6306337e6cd430e65868e13ef6ddb4e25ddb9ad4c0",
+    "zh:7222e16f7833199dabf1bc5401c56d708ec052b2a5870988bc89ff85b68a5388",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:b1b2d7d934784d2aee98b0f8f07a8ccfc0410de63493ae2bf2222c165becf938",
+    "zh:b8f85b6a20bd264fcd0814866f415f0a368d1123cd7879c8ebbf905d370babc8",
+    "zh:c3813133acc02bbebddf046d9942e8ba5c35fc99191e3eb057957dafc2929912",
+    "zh:e7a41dbc919d1de800689a81c240c27eec6b9395564630764ebb323ea82ac8a9",
+    "zh:ee6d23208449a8eaa6c4f203e33f5176fa795b4b9ecf32903dffe6e2574732c2",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/tls" {
+  version     = "4.0.1"
+  constraints = "~> 4.0.1"
+  hashes = [
+    "h1:2FRq1ouYZYwK6VpukGeox81bniVDbObUE2/SZanw1Dw=",
+    "h1:NUd1WMN8YPDlMrBbDuiuGDpPlAM6JtDd75qbN+6tw4Q=",
+    "h1:oyckFNWXgZtgUanWHbNyz3txRgXYkDpCsTLSv5JSD1I=",
+    "h1:suLkTTvsuB5kqV5gc12PyGT4zY0J9G0RTyWMlZDwSVY=",
+    "h1:try2jk3QqLgGJH0V11y3uXt3EYRZG3dIKQXgNF0aP5w=",
+    "zh:1aa2e4c07ddf87f7bda65a4a0f3b45c3edfbe983768d49a105f7ab9f2e4f8320",
+    "zh:1b7993daaf659dec421043ccf2dea021972ebacf47e5da3387e1ef35a0ffecbe",
+    "zh:1c40b056af93fe792fd468a96f317a6ce918849799906cf619a1b8cf01e79ccb",
+    "zh:3874421e4c975e987ade5bdece6d1eacd41065841c82856cc12fde405ea2fe38",
+    "zh:4f27e1a90d779ac4bbdbd3db735b4777a90aefc8005905a8ed450bb517c323db",
+    "zh:b4eb5438dc4bfbed7223c0044b775a210d52b631a9f37d884d567a3eacc31b92",
+    "zh:b9808ee16fa06b7113a72c8d74f1cb322d0e7364fc34ba4bfdd0424ef7fd93d8",
+    "zh:bc5b1913fe841a0d40f28ff70d76e1c22fa3f469ae28011422d12c6001dcb954",
+    "zh:bdba092ae2939cb7e28380c5fd4a33ee96bead1abadbf9ec95d559cea8c04c3c",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "zh:f80791f95f0ea5b332913e533c79ed4820e8c9243c508d8c7d6240b212160aaa",
+    "zh:fe34ecc33c990f045ca5e3828e8aeb8ee86c9072e098e0ac0e4b47cbcb01edc0",
+  ]
+}
+
+provider "registry.terraform.io/oracle/oci" {
+  version     = "4.88.1"
+  constraints = ">= 4.88.1"
+  hashes = [
+    "h1:4378PUKQgToGn5AI+iwfnYeyKDe+Ue6O7TZRPlNYLiY=",
+    "h1:OGnVqFUckqpMqo8XZ6uE56xhi+EILKq8Lf2p/SrqETc=",
+    "h1:cCXcCKIKNY3c01oMlpjX5opG3xJ5/L2OKkPMQpBtI5s=",
+    "h1:m56AltEFI+r4dTZ8aEY9ApojYogCSOWpY238KhFaUMw=",
+    "h1:ygTETaxIw+a4MQZyFaDJ6R6Bj4cF0or5KspU54g4sNk=",
+    "zh:10d080d13b01d6e243945a151bf01a22f7e289df5abaaf9700dd51e6258c8752",
+    "zh:19604d3aa97b94e8f131bb6bea0dba767ea12937db7c1092cc1d9cf22a6c92c5",
+    "zh:1bb12b5253b824d0374852a2ddf61b08ef05a4b1a955fdc0716091eae3cd6801",
+    "zh:21a06b3def972c96dcda8936d50834dba2846e267cec82cd68c2a811fb03a692",
+    "zh:28ae7c8b28ead8a0a8c6d95bd724a00ad7dac9eca4023eb4c8d4d5ff82dc3046",
+    "zh:35a48fa91da25fc9be4db89844dfcb1e69827bc8d2e3162256f37b1329d859fd",
+    "zh:470b99ab0d52e05b3d27e0a6d4389408818ed21a08ec09db63f44e5b5302eeeb",
+    "zh:66a642486d94c0cd0ccd5bb5b280baa4159fe8977e327b22d127cf321a21c3c6",
+    "zh:6ad9d78c862404b8b75b173afb47170edbc6a033c85317f69934d4141526facf",
+    "zh:6b4343b7fece4264b5a8cfd796e31e17e41b00181d854066a34af6aaf3b6318a",
+    "zh:6f151341c35d294a0f79970cda6ddb96c93be4bc557cbea8f3b413a66150c5ed",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:b8c6fae7f66efc1a7a438269889763e42b323181e983e3936562207fa51187b5",
+    "zh:d85c4c0af11f3e317ffd886fdafd359e41ae577191b63e66b58c1e9ae80d9ed3",
+    "zh:ecaac469a4cbd089ce9cf4f23ed7a9454eef05e512447a472fb54de2438f65f8",
+  ]
+}
diff --git a/terraform/LICENSE b/terraform/LICENSE
new file mode 100644
index 0000000..5e6d632
--- /dev/null
+++ b/terraform/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2019 Oracle and/or its affiliates.  All rights reserved.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this
+software, associated documentation and/or data (collectively the "Software"), free of charge and under any and
+all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor
+hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or
+(ii) the Larger Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software
+(each a “Larger Work” to which the Software is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create derivative works of, display,
+perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have
+sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must
+be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.
diff --git a/terraform/README.md b/terraform/README.md
new file mode 100644
index 0000000..1e0ca6a
--- /dev/null
+++ b/terraform/README.md
@@ -0,0 +1 @@
+# 
diff --git a/terraform/VERSION b/terraform/VERSION
new file mode 100644
index 0000000..f477849
--- /dev/null
+++ b/terraform/VERSION
@@ -0,0 +1 @@
+0.2.2
\ No newline at end of file
diff --git a/terraform/datasources.tf b/terraform/datasources.tf
new file mode 100644
index 0000000..b0037ac
--- /dev/null
+++ b/terraform/datasources.tf
@@ -0,0 +1,19 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# Gets home and current regions
+data "oci_identity_tenancy" "tenant_details" {
+  tenancy_id = var.tenancy_ocid
+
+  provider = oci.current_region
+}
+
+data "oci_identity_regions" "home_region" {
+  filter {
+    name   = "key"
+    values = [data.oci_identity_tenancy.tenant_details.home_region_key]
+  }
+
+  provider = oci.current_region
+}
\ No newline at end of file
diff --git a/terraform/module-cluster-tools.tf b/terraform/module-cluster-tools.tf
new file mode 100644
index 0000000..6dfdaef
--- /dev/null
+++ b/terraform/module-cluster-tools.tf
@@ -0,0 +1,76 @@
+# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+module "cluster-tools" {
+  source = "./modules/cluster-tools"
+
+  # Oracle Cloud Infrastructure Tenancy and Compartment OCID
+  tenancy_ocid     = var.tenancy_ocid
+  compartment_ocid = var.compartment_ocid
+  region           = var.region
+
+  # Cluster Tools
+  ## Ingress
+  ingress_nginx_enabled                = var.ingress_nginx_enabled
+  ingress_load_balancer_shape          = var.ingress_load_balancer_shape
+  ingress_load_balancer_shape_flex_min = var.ingress_load_balancer_shape_flex_min
+  ingress_load_balancer_shape_flex_max = var.ingress_load_balancer_shape_flex_max
+
+  ## Cert Manager
+  cert_manager_enabled = var.cert_manager_enabled
+
+  ## Metrics Server
+  metrics_server_enabled = var.metrics_server_enabled
+
+  ## Prometheus
+  prometheus_enabled = var.prometheus_enabled
+
+  ## Grafana
+  grafana_enabled = var.grafana_enabled
+
+  depends_on = [module.oke]
+}
+
+# Kubernetes Cluster Tools
+## Ingress/LoadBalancer
+variable "ingress_nginx_enabled" {
+  default     = true
+  description = "Enable Ingress Nginx for Kubernetes Services (This option provision a Load Balancer)"
+}
+variable "ingress_load_balancer_shape" {
+  default     = "flexible" # Flexible, 10Mbps, 100Mbps, 400Mbps or 8000Mps
+  description = "Shape that will be included on the Ingress annotation for the OCI Load Balancer creation"
+}
+variable "ingress_load_balancer_shape_flex_min" {
+  default     = "10"
+  description = "Enter the minimum size of the flexible shape."
+}
+variable "ingress_load_balancer_shape_flex_max" {
+  default     = "100" # From 10 to 8000. Cannot be lower than flex_min
+  description = "Enter the maximum size of the flexible shape (Should be bigger than minimum size). The maximum service limit is set by your tenancy limits."
+}
+
+## Cert Manager
+variable "cert_manager_enabled" {
+  default     = false
+  description = "Enable x509 Certificate Management"
+}
+
+## Metrics Server
+variable "metrics_server_enabled" {
+  default     = true
+  description = "Enable Metrics Server for Metrics, HPA, VPA and Cluster Autoscaler"
+}
+
+## Prometheus
+variable "prometheus_enabled" {
+  default     = true
+  description = "Enable Prometheus"
+}
+
+## Grafana
+variable "grafana_enabled" {
+  default     = false
+  description = "Enable Grafana Dashboards. Includes example dashboards and Prometheus, OCI Logging and OCI Metrics datasources"
+}
diff --git a/terraform/module-oke.tf b/terraform/module-oke.tf
new file mode 100644
index 0000000..94e895b
--- /dev/null
+++ b/terraform/module-oke.tf
@@ -0,0 +1,273 @@
+# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+module "oke" {
+  source = "./modules/oke"
+
+  providers = {
+    oci             = oci
+    oci.home_region = oci.home_region
+  }
+
+  # Oracle Cloud Infrastructure Tenancy and Compartment OCID
+  tenancy_ocid     = var.tenancy_ocid
+  compartment_ocid = var.compartment_ocid
+  region           = var.region
+
+  # OKE Cluster
+  app_name                   = var.app_name
+  app_deployment_environment = var.app_deployment_environment
+  app_deployment_type        = var.app_deployment_type
+
+  ## create_new_oke_cluster
+  create_new_oke_cluster         = var.create_new_oke_cluster
+  existent_oke_cluster_id        = var.existent_oke_cluster_id
+  create_new_compartment_for_oke = var.create_new_compartment_for_oke
+  oke_compartment_description    = var.oke_compartment_description
+
+  ## Cluster Workers visibility
+  cluster_workers_visibility = var.cluster_workers_visibility
+
+  ## Cluster API Endpoint visibility
+  cluster_endpoint_visibility = var.cluster_endpoint_visibility
+
+  ## Create Dynamic group and Policies for Autoscaler and OCI Metrics and Logging
+  create_dynamic_group_for_nodes_in_compartment = var.create_dynamic_group_for_nodes_in_compartment
+  create_compartment_policies                   = var.create_compartment_policies
+
+  ## Encryption (OCI Vault/Key Management/KMS)
+  use_encryption_from_oci_vault = var.use_encryption_from_oci_vault
+  create_new_encryption_key     = var.create_new_encryption_key
+  existent_encryption_key_id    = var.existent_encryption_key_id
+
+  ## Enable Cluster Autoscaler
+  cluster_autoscaler_enabled              = var.cluster_autoscaler_enabled
+  cluster_autoscaler_min_nodes            = var.cluster_autoscaler_min_nodes
+  cluster_autoscaler_max_nodes            = var.cluster_autoscaler_max_nodes
+  existent_oke_nodepool_id_for_autoscaler = var.existent_oke_nodepool_id_for_autoscaler
+
+  ## OKE Worker Nodes (Compute)
+  num_pool_workers                          = var.num_pool_workers
+  node_pool_shape                           = var.node_pool_instance_shape.instanceShape
+  node_pool_node_shape_config_ocpus         = var.node_pool_instance_shape.ocpus
+  node_pool_node_shape_config_memory_in_gbs = var.node_pool_instance_shape.memory
+  generate_public_ssh_key                   = var.generate_public_ssh_key
+  public_ssh_key                            = var.public_ssh_key
+
+  # count = var.oke_provision ? 1 : 0
+}
+
+# OKE Variables
+# variable "oke_provision" {
+#   default     = false
+#   description = "Provision OCI Container Engine - OKE"
+# }
+## OKE Cluster Details
+variable "app_name" {
+  default     = "K8s App"
+  description = "Application name. Will be used as prefix to identify resources, such as OKE, VCN, ATP, and others"
+}
+variable "app_deployment_environment" {
+  default     = "generic" # e.g.: Development, QA, Stage, ...
+  description = "Deployment environment for the freeform tags"
+}
+variable "app_deployment_type" {
+  default     = "generic" # e.g.: App Type 1, App Type 2, Red, Purple, ...
+  description = "Deployment type for the freeform tags"
+}
+variable "create_new_oke_cluster" {
+  default     = true
+  description = "Creates a new OKE cluster, node pool and network resources"
+}
+variable "existent_oke_cluster_id" {
+  default     = ""
+  description = "Using existent OKE Cluster. Only the application and services will be provisioned. If select cluster autoscaler feature, you need to get the node pool id and enter when required"
+}
+variable "create_new_compartment_for_oke" {
+  default     = false
+  description = "Creates new compartment for OKE Nodes and OCI Services deployed.  NOTE: The creation of the compartment increases the deployment time by at least 3 minutes, and can increase by 15 minutes when destroying"
+}
+variable "oke_compartment_description" {
+  default = "Compartment for OKE, Nodes and Services"
+}
+
+## OKE Visibility (Workers and Endpoint)
+
+variable "cluster_workers_visibility" {
+  default     = "Private"
+  description = "The Kubernetes worker nodes that are created will be hosted in public or private subnet(s)"
+
+  validation {
+    condition     = var.cluster_workers_visibility == "Private" || var.cluster_workers_visibility == "Public"
+    error_message = "Sorry, but cluster visibility can only be Private or Public."
+  }
+}
+
+# NOTE: Private Endpoint is only supported when using OCI Resource Manager for deployment.
+variable "cluster_endpoint_visibility" {
+  default     = "Public"
+  description = "The Kubernetes cluster that is created will be hosted on a public subnet with a public IP address auto-assigned or on a private subnet. If Private, additional configuration will be necessary to run kubectl commands"
+
+  validation {
+    condition     = var.cluster_endpoint_visibility == "Private" || var.cluster_endpoint_visibility == "Public"
+    error_message = "Sorry, but cluster endpoint visibility can only be Private or Public."
+  }
+}
+
+## OKE Encryption details
+variable "use_encryption_from_oci_vault" {
+  default     = false
+  description = "By default, Oracle manages the keys that encrypts Kubernetes Secrets at Rest in Etcd, but you can choose a key from a vault that you have access to, if you want greater control over the key's lifecycle and how it's used"
+}
+variable "create_new_encryption_key" {
+  default     = false
+  description = "Creates new vault and key on OCI Vault/Key Management/KMS and assign to boot volume of the worker nodes"
+}
+variable "existent_encryption_key_id" {
+  default     = ""
+  description = "Use an existent master encryption key to encrypt boot volume and object storage bucket. NOTE: If the key resides in a different compartment or in a different tenancy, make sure you have the proper policies to access, or the provision of the worker nodes will fail"
+}
+variable "create_vault_policies_for_group" {
+  default     = false
+  description = "Creates policies to allow the user applying the stack to manage vault and keys. If you are on the Administrators group or already have the policies for a compartment, this policy is not needed. If you do not have access to allow the policy, ask your administrator to include it for you"
+}
+variable "user_admin_group_for_vault_policy" {
+  default     = "Administrators"
+  description = "User Identity Group to allow manage vault and keys. The user running the Terraform scripts or Applying the ORM Stack need to be on this group"
+}
+
+## OKE Autoscaler
+variable "cluster_autoscaler_enabled" {
+  default     = true
+  description = "Enables OKE cluster autoscaler. Node pools will auto scale based on the resources usage"
+}
+variable "cluster_autoscaler_min_nodes" {
+  default     = 3
+  description = "Minimum number of nodes on the node pool to be scheduled by the Kubernetes"
+}
+variable "cluster_autoscaler_max_nodes" {
+  default     = 10
+  description = "Maximum number of nodes on the node pool to be scheduled by the Kubernetes"
+}
+variable "existent_oke_nodepool_id_for_autoscaler" {
+  default     = ""
+  description = "Nodepool Id of the existent OKE to use with Cluster Autoscaler"
+}
+
+## OKE Node Pool Details
+variable "node_pool_name" {
+  default     = "pool1"
+  description = "Name of the node pool"
+}
+variable "k8s_version" {
+  default     = "Latest"
+  description = "Kubernetes version installed on your master and worker nodes. If not version select, will use the latest available."
+}
+variable "num_pool_workers" {
+  default     = 3
+  description = "The number of worker nodes in the node pool. If select Cluster Autoscaler, will assume the minimum number of nodes configured"
+}
+
+# ocpus and memory are only used if flex shape is selected
+variable "node_pool_instance_shape" {
+  type = map(any)
+  default = {
+    "instanceShape" = "VM.Standard.E4.Flex"
+    "ocpus"         = 2
+    "memory"        = 16
+  }
+  description = "A shape is a template that determines the number of OCPUs, amount of memory, and other resources allocated to a newly created instance for the Worker Node. Select at least 2 OCPUs and 16GB of memory if using Flex shapes"
+}
+# variable "node_pool_node_shape_config_ocpus" {
+#   default     = "1" # Only used if flex shape is selected
+#   description = "You can customize the number of OCPUs to a flexible shape"
+# }
+# variable "node_pool_node_shape_config_memory_in_gbs" {
+#   default     = "16" # Only used if flex shape is selected
+#   description = "You can customize the amount of memory allocated to a flexible shape"
+# }
+variable "node_pool_boot_volume_size_in_gbs" {
+  default     = "60"
+  description = "Specify a custom boot volume size (in GB)"
+}
+variable "image_operating_system" {
+  default     = "Oracle Linux"
+  description = "The OS/image installed on all nodes in the node pool."
+}
+variable "image_operating_system_version" {
+  default     = "8"
+  description = "The OS/image version installed on all nodes in the node pool."
+}
+variable "generate_public_ssh_key" {
+  default = true
+}
+variable "public_ssh_key" {
+  default     = ""
+  description = "In order to access your private nodes with a public SSH key you will need to set up a bastion host (a.k.a. jump box). If using public nodes, bastion is not needed. Left blank to not import keys."
+}
+
+# Create Dynamic Group and Policies
+variable "create_dynamic_group_for_nodes_in_compartment" {
+  default     = false # TODO: true 
+  description = "Creates dynamic group of Nodes in the compartment. Note: You need to have proper rights on the Tenancy. If you only have rights in a compartment, uncheck and ask you administrator to create the Dynamic Group for you"
+}
+variable "existent_dynamic_group_for_nodes_in_compartment" {
+  default     = ""
+  description = "Enter previous created Dynamic Group for the policies"
+}
+variable "create_compartment_policies" {
+  default     = false # TODO: true 
+  description = "Creates policies that will reside on the compartment. e.g.: Policies to support Cluster Autoscaler, OCI Logging datasource on Grafana"
+}
+
+# OKE Outputs
+
+output "comments" {
+  value = module.oke.comments
+}
+output "deploy_id" {
+  value = module.oke.deploy_id
+}
+output "deployed_oke_kubernetes_version" {
+  value = module.oke.deployed_oke_kubernetes_version
+}
+output "deployed_to_region" {
+  value = module.oke.deployed_to_region
+}
+output "kubeconfig" {
+  value = module.oke.kubeconfig
+}
+output "kubeconfig_for_kubectl" {
+  value       = module.oke.kubeconfig_for_kubectl
+  description = "If using Terraform locally, this command set KUBECONFIG environment variable to run kubectl locally"
+}
+output "dev" {
+  value = module.oke.dev
+}
+### Important Security Notice ###
+# The private key generated by this resource will be stored unencrypted in your Terraform state file. 
+# Use of this resource for production deployments is not recommended. 
+# Instead, generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run.
+output "generated_private_key_pem" {
+  value     = module.oke.generated_private_key_pem
+  sensitive = true
+}
+
+# output "oke_debug_oke_private_endpoint" {
+#   value = module.oke.oke_debug_oke_private_endpoint
+# }
+# output "oke_debug_orm_private_endpoint_reachable_ip" {
+#   value = module.oke.oke_debug_orm_private_endpoint_reachable_ip
+# }
+# output "oke_debug_oke_endpoints" {
+#   value = module.oke.oke_debug_oke_endpoints
+# }
+
+output "debug_k8s_version_calculated" {
+  value = module.oke.debug_k8s_version_calculated
+}
+
+output "debug_k8s_version_var" {
+  value = module.oke.debug_k8s_version_var
+}
\ No newline at end of file
diff --git a/terraform/modules/cluster-tools/cert-manager.tf b/terraform/modules/cluster-tools/cert-manager.tf
new file mode 100644
index 0000000..00cb769
--- /dev/null
+++ b/terraform/modules/cluster-tools/cert-manager.tf
@@ -0,0 +1,33 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# Cert Manager variables
+variable "cert_manager_enabled" {
+  default     = true
+  description = "Enable x509 Certificate Management"
+}
+
+# Cert Manager Helm chart
+## https://github.com/jetstack/cert-manager/blob/master/README.md
+## https://artifacthub.io/packages/helm/cert-manager/cert-manager
+resource "helm_release" "cert_manager" {
+  name       = "cert-manager"
+  repository = local.helm_repository.jetstack
+  chart      = "cert-manager"
+  version    = local.helm_repository.jetstack_version
+  namespace  = kubernetes_namespace.cluster_tools.id
+  wait       = true # wait to allow the webhook be properly configured
+
+  set {
+    name  = "installCRDs"
+    value = true
+  }
+
+  set {
+    name  = "webhook.timeoutSeconds"
+    value = "30"
+  }
+
+  count = var.cert_manager_enabled ? 1 : 0
+}
\ No newline at end of file
diff --git a/terraform/modules/cluster-tools/cluster-tools.tf b/terraform/modules/cluster-tools/cluster-tools.tf
new file mode 100644
index 0000000..12b74b1
--- /dev/null
+++ b/terraform/modules/cluster-tools/cluster-tools.tf
@@ -0,0 +1,31 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# Create namespace cluster-tools for supporting services
+resource "kubernetes_namespace" "cluster_tools" {
+  metadata {
+    name = "cluster-tools"
+  }
+}
+
+locals {
+  # Helm repos
+  helm_repository = {
+    ingress_nginx          = "https://kubernetes.github.io/ingress-nginx"
+    ingress_nginx_version  = "4.2.0"
+    jetstack               = "https://charts.jetstack.io" # cert-manager
+    jetstack_version       = "1.8.2"                      # cert-manager
+    grafana                = "https://grafana.github.io/helm-charts"
+    grafana_version        = "6.32.5"
+    prometheus             = "https://prometheus-community.github.io/helm-charts"
+    prometheus_version     = "15.10.5"
+    metrics_server         = "https://kubernetes-sigs.github.io/metrics-server"
+    metrics_server_version = "3.8.2"
+  }
+}
+
+# OCI Provider
+variable "tenancy_ocid" {}
+variable "compartment_ocid" {}
+variable "region" {}
\ No newline at end of file
diff --git a/terraform/modules/cluster-tools/grafana.tf b/terraform/modules/cluster-tools/grafana.tf
new file mode 100644
index 0000000..8d14ff3
--- /dev/null
+++ b/terraform/modules/cluster-tools/grafana.tf
@@ -0,0 +1,150 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# Grafana variables
+variable "grafana_enabled" {
+  default     = true
+  description = "Enable Grafana Dashboards. Includes example dashboards and Prometheus, OCI Logging and OCI Metrics datasources"
+}
+
+# Grafana Helm chart
+## https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md
+## https://artifacthub.io/packages/helm/grafana/grafana
+resource "helm_release" "grafana" {
+  name       = "grafana"
+  repository = local.helm_repository.grafana
+  chart      = "grafana"
+  version    = local.helm_repository.grafana_version
+  namespace  = kubernetes_namespace.cluster_tools.id
+  wait       = false
+
+  set {
+    name  = "grafana\\.ini.server.root_url"
+    value = "%(protocol)s://%(domain)s:%(http_port)s/grafana"
+    type  = "string"
+  }
+
+  set {
+    name  = "grafana\\.ini.server.serve_from_sub_path"
+    value = "true"
+  }
+
+  values = [
+    <<EOF
+dashboards:
+  default:
+    k8s-cluster:
+      gnetId: 7249
+      revision: 1
+      datasource: Prometheus
+    k8s-cluster-metrics:
+      gnetId: 11663
+      revision: 1
+      datasource: Prometheus
+    k8s-cluster-metrics-simple:
+      gnetId: 6417
+      revision: 1
+      datasource: Prometheus
+    k8s-pods-monitoring:
+      gnetId: 13498
+      revision: 1
+      datasource: Prometheus
+    k8s-memory:
+      gnetId: 13421
+      revision: 1
+      datasource: Prometheus
+    k8s-networking:
+      gnetId: 12658
+      revision: 1
+      datasource: Prometheus
+    k8s-cluster-autoscaler:
+      gnetId: 3831
+      revision: 1
+      datasource: Prometheus
+    k8s-hpa:
+      gnetId: 10257
+      revision: 1
+      datasource: Prometheus
+    k8s-pods:
+      gnetId: 6336
+      revision: 1
+      datasource: Prometheus
+    spring-boot:
+      gnetId: 12464
+      revision: 2
+      datasource: Prometheus
+    nginx-ingress-controller:
+      gnetId: 9614
+      revision: 1
+      datasource: Prometheus
+    oci-compute:
+      gnetId: 13596
+      revision: 1
+      datasource: Oracle Cloud Infrastructure Metrics
+    oci-oke:
+      gnetId: 13594
+      revision: 1
+      datasource: Oracle Cloud Infrastructure Metrics
+dashboardProviders:
+   dashboardproviders.yaml:
+     apiVersion: 1
+     providers:
+     - name: 'default'
+       orgId: 1
+       folder: ''
+       type: file
+       disableDeletion: true
+       editable: true
+       options:
+         path: /var/lib/grafana/dashboards/default
+sidecar:
+  datasources:
+    enabled: true
+    label: grafana_datasource
+  dashboards:
+    enabled: true
+    label: grafana_dashboard
+persistence:
+  enabled: true
+plugins:
+  - oci-logs-datasource
+  - oci-metrics-datasource
+  - grafana-kubernetes-app
+  - grafana-worldmap-panel
+  - grafana-piechart-panel
+  - btplc-status-dot-panel
+datasources: 
+  datasources.yaml:
+    apiVersion: 1
+    datasources:
+    - name: Prometheus
+      type: prometheus
+      url: http://prometheus-server.${kubernetes_namespace.cluster_tools.id}.svc.cluster.local
+      access: proxy
+      isDefault: true
+      disableDeletion: true
+      editable: false
+    - name: Oracle Cloud Infrastructure Metrics
+      type: oci-metrics-datasource
+      access: proxy
+      disableDeletion: true
+      editable: true
+      jsonData:
+        tenancyOCID: ${var.tenancy_ocid}
+        defaultRegion: ${var.region}
+        environment: "OCI Instance"
+    - name: Oracle Cloud Infrastructure Logs
+      type: oci-logs-datasource
+      access: proxy
+      disableDeletion: true
+      editable: true
+      jsonData:
+        tenancyOCID: ${var.tenancy_ocid}
+        defaultRegion: ${var.region}
+        environment: "OCI Instance"
+EOF
+  ]
+
+  count = var.grafana_enabled ? 1 : 0
+}
\ No newline at end of file
diff --git a/terraform/modules/cluster-tools/ingress-nginx.tf b/terraform/modules/cluster-tools/ingress-nginx.tf
new file mode 100644
index 0000000..c8262e3
--- /dev/null
+++ b/terraform/modules/cluster-tools/ingress-nginx.tf
@@ -0,0 +1,74 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+
+# Ingress/LoadBalancer variables
+variable "ingress_nginx_enabled" {
+  default     = true
+  description = "Enable Ingress Nginx for Kubernetes Services (This option provision a Load Balancer)"
+}
+variable "ingress_load_balancer_shape" {
+  default     = "flexible" # Flexible, 10Mbps, 100Mbps, 400Mbps or 8000Mps
+  description = "Shape that will be included on the Ingress annotation for the OCI Load Balancer creation"
+}
+variable "ingress_load_balancer_shape_flex_min" {
+  default     = "10"
+  description = "Enter the minimum size of the flexible shape."
+}
+variable "ingress_load_balancer_shape_flex_max" {
+  default     = "100"
+  description = "Enter the maximum size of the flexible shape (Should be bigger than minimum size). The maximum service limit is set by your tenancy limits."
+}
+
+## Resource Ingress examples
+# variable "ingress_hosts" {
+#   default     = ""
+#   description = "Enter a valid full qualified domain name (FQDN). You will need to map the domain name to the EXTERNAL-IP address on your DNS provider (DNS Registry type - A). If you have multiple domain names, include separated by comma. e.g.: mushop.example.com,catshop.com"
+# }
+# variable "ingress_tls" {
+#   default     = false
+#   description = "If enabled, will generate SSL certificates to enable HTTPS for the ingress using the Certificate Issuer"
+# }
+# variable "ingress_cluster_issuer" {
+#   default     = "letsencrypt-prod"
+#   description = "Certificate issuer type. Currently supports the free Let's Encrypt and Self-Signed. Only *letsencrypt-prod* generates valid certificates"
+# }
+# variable "ingress_email_issuer" {
+#   default     = "no-reply@example.cloud"
+#   description = "You must replace this email address with your own. The certificate provider will use this to contact you about expiring certificates, and issues related to your account."
+# }
+
+# Ingress-NGINX helm chart
+## https://kubernetes.github.io/ingress-nginx/
+## https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
+resource "helm_release" "ingress_nginx" {
+  name       = "ingress-nginx"
+  repository = local.helm_repository.ingress_nginx
+  chart      = "ingress-nginx"
+  version    = local.helm_repository.ingress_nginx_version
+  namespace  = kubernetes_namespace.cluster_tools.id
+  wait       = false
+
+  set {
+    name  = "controller.metrics.enabled"
+    value = true
+  }
+  set {
+    name  = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/oci-load-balancer-shape"
+    value = var.ingress_load_balancer_shape
+    type  = "string"
+  }
+  set {
+    name  = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/oci-load-balancer-shape-flex-min"
+    value = var.ingress_load_balancer_shape_flex_min
+    type  = "string"
+  }
+  set {
+    name  = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/oci-load-balancer-shape-flex-max"
+    value = var.ingress_load_balancer_shape_flex_max
+    type  = "string"
+  }
+
+  count = var.ingress_nginx_enabled ? 1 : 0
+}
\ No newline at end of file
diff --git a/terraform/modules/cluster-tools/jaeger.tf b/terraform/modules/cluster-tools/jaeger.tf
new file mode 100644
index 0000000..e69de29
diff --git a/terraform/modules/cluster-tools/keycloak.tf b/terraform/modules/cluster-tools/keycloak.tf
new file mode 100644
index 0000000..e69de29
diff --git a/terraform/modules/cluster-tools/metrics-server.tf b/terraform/modules/cluster-tools/metrics-server.tf
new file mode 100644
index 0000000..b632c0b
--- /dev/null
+++ b/terraform/modules/cluster-tools/metrics-server.tf
@@ -0,0 +1,28 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# Metrics Server variables
+variable "metrics_server_enabled" {
+  default     = true
+  description = "Enable Metrics Server for Metrics, HPA, VPA and Cluster Autoscaler"
+}
+
+# Metrics Server for the HPA
+## https://github.com/kubernetes-sigs/metrics-server/blob/master/charts/metrics-server/README.md
+## https://artifacthub.io/packages/helm/metrics-server/metrics-server
+resource "helm_release" "metrics_server" {
+  name       = "metrics-server"
+  repository = local.helm_repository.metrics_server
+  chart      = "metrics-server"
+  version    = local.helm_repository.metrics_server_version
+  namespace  = kubernetes_namespace.cluster_tools.id
+  wait       = false
+
+  set {
+    name  = "args"
+    value = "{--kubelet-insecure-tls,--kubelet-preferred-address-types=InternalIP}"
+  }
+
+  count = var.metrics_server_enabled ? 1 : 0
+}
diff --git a/terraform/modules/cluster-tools/postgresql.tf b/terraform/modules/cluster-tools/postgresql.tf
new file mode 100644
index 0000000..e69de29
diff --git a/terraform/modules/cluster-tools/prometheus.tf b/terraform/modules/cluster-tools/prometheus.tf
new file mode 100644
index 0000000..b69b497
--- /dev/null
+++ b/terraform/modules/cluster-tools/prometheus.tf
@@ -0,0 +1,39 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+#
+
+# Prometheus variables
+variable "prometheus_enabled" {
+  default     = true
+  description = "Enable Prometheus"
+}
+
+# Prometheus Helm chart
+## https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/README.md
+## https://artifacthub.io/packages/helm/prometheus-community/prometheus
+resource "helm_release" "prometheus" {
+  name       = "prometheus"
+  repository = local.helm_repository.prometheus
+  chart      = "prometheus"
+  version    = local.helm_repository.prometheus_version
+  namespace  = kubernetes_namespace.cluster_tools.id
+  wait       = false
+
+
+  values = [
+    <<EOF
+extraScrapeConfigs: |
+    - job_name: 'ingress-nginx'
+      metrics_path: /metrics
+      scrape_interval: 5s
+      static_configs:
+        - targets:
+          - ingress-nginx-controller-metrics:9913
+nodeExporter:
+  hostRootfs: false
+
+EOF
+  ]
+
+  count = var.prometheus_enabled ? 1 : 0
+}
\ No newline at end of file
diff --git a/terraform/modules/cluster-tools/providers.tf b/terraform/modules/cluster-tools/providers.tf
new file mode 100644
index 0000000..ce53230
--- /dev/null
+++ b/terraform/modules/cluster-tools/providers.tf
@@ -0,0 +1,39 @@
+# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+terraform {
+  required_version = ">= 1.1"
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = ">= 4.88.1"
+      # https://registry.terraform.io/providers/oracle/oci/4.88.1
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.12.1"
+      # https://registry.terraform.io/providers/hashicorp/kubernetes/2.12.1
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.6.0"
+      # https://registry.terraform.io/providers/hashicorp/helm/2.6.0
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0.1"
+      # https://registry.terraform.io/providers/hashicorp/tls/4.0.1
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "~> 2.2.3"
+      # https://registry.terraform.io/providers/hashicorp/local/2.2.3
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.3.2"
+      # https://registry.terraform.io/providers/hashicorp/random/3.3.2
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/modules/cluster-tools/redis.tf b/terraform/modules/cluster-tools/redis.tf
new file mode 100644
index 0000000..e69de29
diff --git a/terraform/modules/new-subnet-from-oke-vcn/datasources.tf b/terraform/modules/new-subnet-from-oke-vcn/datasources.tf
new file mode 100644
index 0000000..79b04fa
--- /dev/null
+++ b/terraform/modules/new-subnet-from-oke-vcn/datasources.tf
@@ -0,0 +1,13 @@
+# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# OCI Services
+## Available Services
+data "oci_core_services" "all_services" {
+  filter {
+    name   = "name"
+    values = ["All .* Services In Oracle Services Network"]
+    regex  = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/modules/new-subnet-from-oke-vcn/providers.tf b/terraform/modules/new-subnet-from-oke-vcn/providers.tf
new file mode 100644
index 0000000..8c52099
--- /dev/null
+++ b/terraform/modules/new-subnet-from-oke-vcn/providers.tf
@@ -0,0 +1,14 @@
+# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+terraform {
+  required_version = ">= 1.1"
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = ">= 4.88.1"
+      # https://registry.terraform.io/providers/oracle/oci/4.88.1
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/modules/new-subnet-from-oke-vcn/security-lists.tf b/terraform/modules/new-subnet-from-oke-vcn/security-lists.tf
new file mode 100644
index 0000000..cdb0100
--- /dev/null
+++ b/terraform/modules/new-subnet-from-oke-vcn/security-lists.tf
@@ -0,0 +1,48 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+resource "oci_core_security_list" "extra_subnet_security_list" {
+  compartment_id = var.oke_vcn_compartment_ocid
+  display_name   = "${local.subnet_name_normalized}-seclist-${random_string.deploy_id.result}"
+  vcn_id         = var.oke_vcn_ocid
+  freeform_tags  = local.freeform_deployment_tags
+
+  # Ingresses
+
+  ingress_security_rules {
+    description = "Allow API Gateway to receive requests"
+    source      = lookup(var.network_cidrs, "ALL-CIDR")
+    source_type = "CIDR_BLOCK"
+    protocol    = local.tcp_protocol_number
+    stateless   = false
+
+    tcp_options {
+      max = local.https_port_number
+      min = local.https_port_number
+    }
+  }
+
+  # Egresses
+
+  egress_security_rules {
+    description      = "Allow API Gateway to forward requests to Functions via service conduit"
+    destination      = lookup(data.oci_core_services.all_services.services[0], "cidr_block")
+    destination_type = "SERVICE_CIDR_BLOCK"
+    protocol         = local.all_protocols
+    stateless        = false
+  }
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+
+locals {
+  http_port_number                        = "80"
+  https_port_number                       = "443"
+  k8s_api_endpoint_port_number            = "6443"
+  k8s_worker_to_control_plane_port_number = "12250"
+  ssh_port_number                         = "22"
+  tcp_protocol_number                     = "6"
+  icmp_protocol_number                    = "1"
+  all_protocols                           = "all"
+}
\ No newline at end of file
diff --git a/terraform/modules/new-subnet-from-oke-vcn/subnet.tf b/terraform/modules/new-subnet-from-oke-vcn/subnet.tf
new file mode 100644
index 0000000..c5e1cd6
--- /dev/null
+++ b/terraform/modules/new-subnet-from-oke-vcn/subnet.tf
@@ -0,0 +1,30 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+resource "oci_core_subnet" "extra_subnet" {
+  cidr_block                 = lookup(var.network_cidrs, "EXTRA-SUBNET-REGIONAL-CIDR")
+  compartment_id             = var.oke_vcn_compartment_ocid
+  display_name               = "${local.subnet_name_normalized}-subnet-${random_string.deploy_id.result}"
+  dns_label                  = "${local.subnet_name_normalized}${random_string.deploy_id.result}"
+  vcn_id                     = var.oke_vcn_ocid
+  prohibit_public_ip_on_vnic = true
+  route_table_id             = oci_core_route_table.extra_subnet_route_table[0].id
+  dhcp_options_id            = var.oke_vcn_default_dhcp_id
+  security_list_ids          = [oci_core_security_list.extra_subnet_security_list[0].id]
+  freeform_tags              = local.freeform_deployment_tags
+}
+
+resource "oci_core_route_table" "extra_subnet_route_table" {
+  compartment_id = var.oke_vcn_compartment_ocid
+  vcn_id         = var.oke_vcn_ocid
+  display_name   = "${local.subnet_name_normalized}-route-table-${random_string.deploy_id.result}"
+  freeform_tags  = local.freeform_deployment_tags
+
+  route_rules {
+    description       = "Traffic to/from internet"
+    destination       = lookup(var.network_cidrs, "ALL-CIDR")
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.oke_internet_gateway[0].id
+  }
+}
\ No newline at end of file
diff --git a/terraform/modules/new-subnet-from-oke-vcn/variables.tf b/terraform/modules/new-subnet-from-oke-vcn/variables.tf
new file mode 100644
index 0000000..5322fa6
--- /dev/null
+++ b/terraform/modules/new-subnet-from-oke-vcn/variables.tf
@@ -0,0 +1,41 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+variable "network_cidrs" {
+  type = map(string)
+
+  default = {
+    EXTRA-SUBNET-REGIONAL-CIDR = "10.20.40.0/24"
+    ALL-CIDR                   = "0.0.0.0/0"
+  }
+}
+
+variable "oke_vcn_ocid" {
+  description = "VCN OCID used by the OKE Cluster"
+}
+variable "oke_vcn_compartment_ocid" {
+  description = "VCN Compartment OCID used by the OKE Cluster VCN resources"
+}
+variable "oke_vcn_default_dhcp_ocid" {
+  description = "Default DHCP OCID used by the OKE Cluster VCN"
+}
+variable "oke_vcn_nat_gateway_ocid" {
+  description = "NAT Gateway OCID used by the OKE Cluster VCN"
+}
+variable "oke_vcn_internet_gateway_ocid" {
+  description = "Internet Gateway OCID used by the OKE Cluster VCN"
+}
+variable "oke_vcn_service_gateway_ocid" {
+  description = "Service Gateway OCID used by the OKE Cluster VCN"
+}
+
+variable "subnet_name" {
+  default     = "Extra Subnet"
+  description = "Subnet Name"
+}
+
+# Subnet Name Locals
+locals {
+  subnet_name_normalized = substr(replace(lower(var.subnet_name), " ", "-"), 0, 6)
+}
\ No newline at end of file
diff --git a/terraform/modules/oke/oke-autoscaler.tf b/terraform/modules/oke/oke-autoscaler.tf
new file mode 100644
index 0000000..c69cb7f
--- /dev/null
+++ b/terraform/modules/oke/oke-autoscaler.tf
@@ -0,0 +1,277 @@
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+locals {
+  cluster_autoscaler_supported_k8s_versions           = { "1.21" = "1.21.1-3", "1.22" = "1.22.2-4", "1.23" = "1.23.0-4" } # There's no API to get that list. Need to be updated manually
+  cluster_autoscaler_image_version                    = lookup(local.cluster_autoscaler_supported_k8s_versions, local.k8s_major_minor_version, reverse(values(local.cluster_autoscaler_supported_k8s_versions))[0])
+  cluster_autoscaler_default_region                   = "us-ashburn-1"
+  cluster_autoscaler_image_regions                    = ["us-ashburn-1", "us-phoenix-1", "uk-london-1", "eu-frankfurt-1"]
+  cluster_autoscaler_image_region                     = contains(local.cluster_autoscaler_image_regions, var.region) ? var.region : local.cluster_autoscaler_default_region
+  cluster_autoscaler_image                            = "${local.cluster_autoscaler_image_region}.ocir.io/oracle/oci-cluster-autoscaler:${local.cluster_autoscaler_image_version}"
+  cluster_autoscaler_log_level_verbosity              = 4
+  cluster_autoscaler_node_pool                        = var.create_new_oke_cluster ? oci_containerengine_node_pool.oke_node_pool[0].id : var.existent_oke_nodepool_id_for_autoscaler
+  cluster_autoscaler_min_nodes                        = var.cluster_autoscaler_min_nodes
+  cluster_autoscaler_max_nodes                        = var.cluster_autoscaler_max_nodes
+  cluster_autoscaler_max_node_provision_time          = "25m"
+  cluster_autoscaler_scale_down_delay_after_add       = "10m"
+  cluster_autoscaler_scale_down_unneeded_time         = "10m"
+  cluster_autoscaler_unremovable_node_recheck_timeout = "5m"
+  cluster_autoscaler_enabled                          = alltrue([contains(keys(local.cluster_autoscaler_supported_k8s_versions), local.k8s_major_minor_version), var.create_new_oke_cluster]) ? var.cluster_autoscaler_enabled : false
+  k8s_major_minor_version                             = regex("\\d+(?:\\.(?:\\d+|x)(?:))", (var.k8s_version == "Latest") ? local.node_pool_k8s_latest_version : var.k8s_version)
+}
+
+# NOTE: Service Account creation is not supported with Kubernetes 1.24 and Terraform Kubernetes provider 2.12.1.
+resource "kubernetes_service_account" "cluster_autoscaler_sa" {
+  metadata {
+    name      = "cluster-autoscaler"
+    namespace = "kube-system"
+    labels = {
+      k8s-addon = "cluster-autoscaler.addons.k8s.io"
+      k8s-app   = "cluster-autoscaler"
+    }
+  }
+  automount_service_account_token = true
+
+  depends_on = [oci_containerengine_node_pool.oke_node_pool]
+
+  count = local.cluster_autoscaler_enabled ? 1 : 0
+}
+resource "kubernetes_cluster_role" "cluster_autoscaler_cr" {
+  metadata {
+    name = "cluster-autoscaler"
+    labels = {
+      k8s-addon = "cluster-autoscaler.addons.k8s.io"
+      k8s-app   = "cluster-autoscaler"
+    }
+  }
+
+  rule {
+    api_groups = [""]
+    resources  = ["events", "endpoints"]
+    verbs      = ["create", "patch"]
+  }
+  rule {
+    api_groups = [""]
+    resources  = ["pods/eviction"]
+    verbs      = ["create"]
+  }
+  rule {
+    api_groups = [""]
+    resources  = ["pods/status"]
+    verbs      = ["update"]
+  }
+  rule {
+    api_groups     = [""]
+    resource_names = ["cluster-autoscaler"]
+    resources      = ["endpoints"]
+    verbs          = ["get", "update"]
+  }
+  rule {
+    api_groups = [""]
+    resources  = ["nodes"]
+    verbs      = ["watch", "list", "get", "patch", "update"]
+  }
+  rule {
+    api_groups = [""]
+    resources  = ["pods", "services", "replicationcontrollers", "persistentvolumeclaims", "persistentvolumes", "namespaces"]
+    verbs      = ["watch", "list", "get"]
+  }
+  rule {
+    api_groups = ["extensions"]
+    resources  = ["replicasets", "daemonsets"]
+    verbs      = ["watch", "list", "get"]
+  }
+  rule {
+    api_groups = ["policy"]
+    resources  = ["poddisruptionbudgets"]
+    verbs      = ["watch", "list"]
+  }
+  rule {
+    api_groups = ["apps"]
+    resources  = ["statefulsets", "replicasets", "daemonsets"]
+    verbs      = ["watch", "list", "get"]
+  }
+  rule {
+    api_groups = ["storage.k8s.io"]
+    resources  = ["storageclasses", "csinodes", "csidrivers"]
+    verbs      = ["watch", "list", "get"]
+  }
+  rule {
+    api_groups = ["batch", "extensions"]
+    resources  = ["jobs"]
+    verbs      = ["get", "list", "watch", "patch"]
+  }
+  rule {
+    api_groups = ["coordination.k8s.io"]
+    resources  = ["leases"]
+    verbs      = ["create"]
+  }
+  rule {
+    api_groups     = ["coordination.k8s.io"]
+    resource_names = ["cluster-autoscaler"]
+    resources      = ["leases"]
+    verbs          = ["get", "update"]
+  }
+
+  depends_on = [oci_containerengine_node_pool.oke_node_pool]
+
+  count = local.cluster_autoscaler_enabled ? 1 : 0
+}
+resource "kubernetes_role" "cluster_autoscaler_role" {
+  metadata {
+    name      = "cluster-autoscaler"
+    namespace = "kube-system"
+    labels = {
+      k8s-addon = "cluster-autoscaler.addons.k8s.io"
+      k8s-app   = "cluster-autoscaler"
+    }
+  }
+
+  rule {
+    api_groups = [""]
+    resources  = ["configmaps"]
+    verbs      = ["create", "list", "watch"]
+  }
+  rule {
+    api_groups     = [""]
+    resource_names = ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"]
+    resources      = ["configmaps"]
+    verbs          = ["delete", "get", "update", "watch"]
+  }
+
+  depends_on = [oci_containerengine_node_pool.oke_node_pool]
+
+  count = local.cluster_autoscaler_enabled ? 1 : 0
+}
+resource "kubernetes_cluster_role_binding" "cluster_autoscaler_crb" {
+  metadata {
+    name = "cluster-autoscaler"
+    labels = {
+      k8s-addon = "cluster-autoscaler.addons.k8s.io"
+      k8s-app   = "cluster-autoscaler"
+    }
+  }
+
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "cluster-autoscaler"
+  }
+  subject {
+    kind      = "ServiceAccount"
+    name      = "cluster-autoscaler"
+    namespace = "kube-system"
+  }
+
+  depends_on = [oci_containerengine_node_pool.oke_node_pool]
+
+  count = local.cluster_autoscaler_enabled ? 1 : 0
+}
+resource "kubernetes_role_binding" "cluster_autoscaler_rb" {
+  metadata {
+    name      = "cluster-autoscaler"
+    namespace = "kube-system"
+    labels = {
+      k8s-addon = "cluster-autoscaler.addons.k8s.io"
+      k8s-app   = "cluster-autoscaler"
+    }
+  }
+
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "Role"
+    name      = "cluster-autoscaler"
+  }
+  subject {
+    kind      = "ServiceAccount"
+    name      = "cluster-autoscaler"
+    namespace = "kube-system"
+  }
+
+  depends_on = [oci_containerengine_node_pool.oke_node_pool]
+
+  count = local.cluster_autoscaler_enabled ? 1 : 0
+}
+resource "kubernetes_deployment" "cluster_autoscaler_deployment" {
+  metadata {
+    name      = "cluster-autoscaler"
+    namespace = "kube-system"
+    labels = {
+      app = "cluster-autoscaler"
+    }
+  }
+
+  spec {
+    replicas = 3
+
+    selector {
+      match_labels = {
+        app = "cluster-autoscaler"
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          app = "cluster-autoscaler"
+        }
+        annotations = {
+          "prometheus.io/scrape" = true
+          "prometheus.io/port"   = 8085
+        }
+      }
+
+      spec {
+        service_account_name = "cluster-autoscaler"
+
+        container {
+          image = local.cluster_autoscaler_image
+          name  = "cluster-autoscaler"
+
+          resources {
+            limits = {
+              cpu    = "100m"
+              memory = "300Mi"
+            }
+            requests = {
+              cpu    = "100m"
+              memory = "300Mi"
+            }
+          }
+          command = [
+            "./cluster-autoscaler",
+            "--v=${local.cluster_autoscaler_log_level_verbosity}",
+            "--stderrthreshold=info",
+            "--cloud-provider=oci",
+            "--max-node-provision-time=${local.cluster_autoscaler_max_node_provision_time}",
+            "--nodes=${local.cluster_autoscaler_min_nodes}:${local.cluster_autoscaler_max_nodes}:${local.cluster_autoscaler_node_pool}",
+            "--scale-down-delay-after-add=${local.cluster_autoscaler_scale_down_delay_after_add}",
+            "--scale-down-unneeded-time=${local.cluster_autoscaler_scale_down_unneeded_time}",
+            "--unremovable-node-recheck-timeout=${local.cluster_autoscaler_unremovable_node_recheck_timeout}",
+            "--balance-similar-node-groups",
+            "--balancing-ignore-label=displayName",
+            "--balancing-ignore-label=hostname",
+            "--balancing-ignore-label=internal_addr",
+            "--balancing-ignore-label=oci.oraclecloud.com/fault-domain"
+          ]
+          image_pull_policy = "Always"
+          env {
+            name  = "OKE_USE_INSTANCE_PRINCIPAL"
+            value = "true"
+          }
+          env {
+            name  = "OCI_SDK_APPEND_USER_AGENT"
+            value = "oci-oke-cluster-autoscaler"
+          }
+        }
+      }
+    }
+  }
+
+  wait_for_rollout = false
+
+  depends_on = [oci_containerengine_node_pool.oke_node_pool]
+
+  count = local.cluster_autoscaler_enabled ? 1 : 0
+}
diff --git a/terraform/modules/oke/oke-datasources.tf b/terraform/modules/oke/oke-datasources.tf
new file mode 100644
index 0000000..67b3a0c
--- /dev/null
+++ b/terraform/modules/oke/oke-datasources.tf
@@ -0,0 +1,54 @@
+# Copyright (c) 2021 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# Gets a list of supported images based on the shape, operating_system and operating_system_version provided
+data "oci_core_images" "node_pool_images" {
+  compartment_id           = local.oke_compartment_ocid
+  operating_system         = var.image_operating_system
+  operating_system_version = var.image_operating_system_version
+  shape                    = var.node_pool_shape
+  sort_by                  = "TIMECREATED"
+  sort_order               = "DESC"
+}
+
+data "oci_containerengine_cluster_option" "oke" {
+  cluster_option_id = "all"
+}
+data "oci_containerengine_node_pool_option" "oke" {
+  node_pool_option_id = "all"
+}
+data "oci_containerengine_clusters" "oke" {
+  compartment_id = local.oke_compartment_ocid
+}
+
+# Gets a list of Availability Domains
+data "oci_identity_availability_domains" "ADs" {
+  compartment_id = var.tenancy_ocid
+}
+
+# Gets kubeconfig
+data "oci_containerengine_cluster_kube_config" "oke" {
+  cluster_id = var.create_new_oke_cluster ? oci_containerengine_cluster.oke_cluster[0].id : var.existent_oke_cluster_id
+}
+
+# OCI Services
+## Available Services
+data "oci_core_services" "all_services" {
+  filter {
+    name   = "name"
+    values = ["All .* Services In Oracle Services Network"]
+    regex  = true
+  }
+}
+
+## Object Storage
+data "oci_objectstorage_namespace" "ns" {
+  compartment_id = local.oke_compartment_ocid
+}
+
+# Randoms
+resource "random_string" "deploy_id" {
+  length  = 4
+  special = false
+}
diff --git a/terraform/modules/oke/oke-kms.tf b/terraform/modules/oke/oke-kms.tf
new file mode 100644
index 0000000..18982bc
--- /dev/null
+++ b/terraform/modules/oke/oke-kms.tf
@@ -0,0 +1,45 @@
+# Copyright (c) 2021 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+##**************************************************************************
+##                            OCI KMS Vault
+##**************************************************************************
+
+### OCI Vault vault
+resource "oci_kms_vault" "oke_vault" {
+  compartment_id = local.oke_compartment_ocid
+  display_name   = "${local.vault_display_name} - ${random_string.deploy_id.result}"
+  vault_type     = local.vault_type[0]
+  freeform_tags  = local.freeform_deployment_tags
+
+  depends_on = [oci_identity_policy.kms_user_group_compartment_policies]
+
+  count = var.use_encryption_from_oci_vault ? (var.create_new_encryption_key ? 1 : 0) : 0
+}
+### OCI Vault key
+resource "oci_kms_key" "oke_key" {
+  compartment_id      = local.oke_compartment_ocid
+  display_name        = "${local.vault_key_display_name} - ${random_string.deploy_id.result}"
+  management_endpoint = oci_kms_vault.oke_vault[0].management_endpoint
+  protection_mode     = local.vault_key_protection_mode
+  freeform_tags       = local.freeform_deployment_tags
+
+  key_shape {
+    algorithm = local.vault_key_key_shape_algorithm
+    length    = local.vault_key_key_shape_length
+  }
+
+  count = var.use_encryption_from_oci_vault ? (var.create_new_encryption_key ? 1 : 0) : 0
+}
+
+### Vault and Key definitions
+locals {
+  vault_display_name            = "OKE Vault"
+  vault_key_display_name        = "OKE Key"
+  vault_key_key_shape_algorithm = "AES"
+  vault_key_key_shape_length    = 32
+  vault_type                    = ["DEFAULT", "VIRTUAL_PRIVATE"]
+  vault_key_protection_mode     = "SOFTWARE" # HSM or SOFTWARE
+  oci_vault_key_id              = var.use_encryption_from_oci_vault ? (var.create_new_encryption_key ? oci_kms_key.oke_key[0].id : var.existent_encryption_key_id) : "void"
+}
\ No newline at end of file
diff --git a/terraform/modules/oke/oke-network.tf b/terraform/modules/oke/oke-network.tf
new file mode 100644
index 0000000..92bbd27
--- /dev/null
+++ b/terraform/modules/oke/oke-network.tf
@@ -0,0 +1,155 @@
+# Copyright (c) 2021, 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+resource "oci_core_virtual_network" "oke_vcn" {
+  cidr_block     = lookup(var.network_cidrs, "VCN-CIDR")
+  compartment_id = local.oke_compartment_ocid
+  display_name   = "OKE ${var.app_name} VCN - ${random_string.deploy_id.result}"
+  dns_label      = "oke${random_string.deploy_id.result}"
+  freeform_tags  = local.freeform_deployment_tags
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+
+resource "oci_core_subnet" "oke_k8s_endpoint_subnet" {
+  cidr_block                 = lookup(var.network_cidrs, "ENDPOINT-SUBNET-REGIONAL-CIDR")
+  compartment_id             = local.oke_compartment_ocid
+  display_name               = "oke-k8s-endpoint-subnet-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  dns_label                  = "okek8sn${random_string.deploy_id.result}"
+  vcn_id                     = oci_core_virtual_network.oke_vcn[0].id
+  prohibit_public_ip_on_vnic = (var.cluster_endpoint_visibility == "Private") ? true : false
+  route_table_id             = (var.cluster_endpoint_visibility == "Private") ? oci_core_route_table.oke_private_route_table[0].id : oci_core_route_table.oke_public_route_table[0].id
+  dhcp_options_id            = oci_core_virtual_network.oke_vcn[0].default_dhcp_options_id
+  security_list_ids          = [oci_core_security_list.oke_endpoint_security_list[0].id]
+  freeform_tags              = local.freeform_deployment_tags
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+resource "oci_core_subnet" "oke_nodes_subnet" {
+  cidr_block                 = lookup(var.network_cidrs, "SUBNET-REGIONAL-CIDR")
+  compartment_id             = local.oke_compartment_ocid
+  display_name               = "oke-nodes-subnet-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  dns_label                  = "okenodesn${random_string.deploy_id.result}"
+  vcn_id                     = oci_core_virtual_network.oke_vcn[0].id
+  prohibit_public_ip_on_vnic = (var.cluster_workers_visibility == "Private") ? true : false
+  route_table_id             = (var.cluster_workers_visibility == "Private") ? oci_core_route_table.oke_private_route_table[0].id : oci_core_route_table.oke_public_route_table[0].id
+  dhcp_options_id            = oci_core_virtual_network.oke_vcn[0].default_dhcp_options_id
+  security_list_ids          = [oci_core_security_list.oke_nodes_security_list[0].id]
+  freeform_tags              = local.freeform_deployment_tags
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+resource "oci_core_subnet" "oke_lb_subnet" {
+  cidr_block                 = lookup(var.network_cidrs, "LB-SUBNET-REGIONAL-CIDR")
+  compartment_id             = local.oke_compartment_ocid
+  display_name               = "oke-lb-subnet-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  dns_label                  = "okelbsn${random_string.deploy_id.result}"
+  vcn_id                     = oci_core_virtual_network.oke_vcn[0].id
+  prohibit_public_ip_on_vnic = false
+  route_table_id             = oci_core_route_table.oke_public_route_table[0].id
+  dhcp_options_id            = oci_core_virtual_network.oke_vcn[0].default_dhcp_options_id
+  security_list_ids          = [oci_core_security_list.oke_lb_security_list[0].id]
+  freeform_tags              = local.freeform_deployment_tags
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+# resource "oci_core_subnet" "apigw_fn_subnet" {
+#   cidr_block                 = lookup(var.network_cidrs, "APIGW-FN-SUBNET-REGIONAL-CIDR")
+#   compartment_id             = local.oke_compartment_ocid
+#   display_name               = "services-subnet-${local.app_name_normalized}-${random_string.deploy_id.result}"
+#   dns_label                  = "services${random_string.deploy_id.result}"
+#   vcn_id                     = oci_core_virtual_network.oke_vcn[0].id
+#   prohibit_public_ip_on_vnic = false
+#   route_table_id             = oci_core_route_table.apigw_fn_route_table[0].id
+#   dhcp_options_id            = oci_core_virtual_network.oke_vcn[0].default_dhcp_options_id
+#   security_list_ids          = [oci_core_security_list.apigw_fn_security_list[0].id]
+#   freeform_tags = local.freeform_deployment_tags
+
+#   count = var.create_new_oke_cluster ? 1 : 0
+# }
+
+resource "oci_core_route_table" "oke_private_route_table" {
+  compartment_id = local.oke_compartment_ocid
+  vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+  display_name   = "oke-private-route-table-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  freeform_tags  = local.freeform_deployment_tags
+
+  route_rules {
+    description       = "Traffic to the internet"
+    destination       = lookup(var.network_cidrs, "ALL-CIDR")
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_nat_gateway.oke_nat_gateway[0].id
+  }
+  route_rules {
+    description       = "Traffic to OCI services"
+    destination       = lookup(data.oci_core_services.all_services.services[0], "cidr_block")
+    destination_type  = "SERVICE_CIDR_BLOCK"
+    network_entity_id = oci_core_service_gateway.oke_service_gateway[0].id
+  }
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+resource "oci_core_route_table" "oke_public_route_table" {
+  compartment_id = local.oke_compartment_ocid
+  vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+  display_name   = "oke-public-route-table-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  freeform_tags  = local.freeform_deployment_tags
+
+  route_rules {
+    description       = "Traffic to/from internet"
+    destination       = lookup(var.network_cidrs, "ALL-CIDR")
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.oke_internet_gateway[0].id
+  }
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+# resource "oci_core_route_table" "apigw_fn_route_table" {
+#   compartment_id = local.oke_compartment_ocid
+#   vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+#   display_name   = "apigw-fn-route-table-${local.app_name_normalized}-${random_string.deploy_id.result}"
+#   freeform_tags = local.freeform_deployment_tags
+
+#   route_rules {
+#     description       = "Traffic to/from internet"
+#     destination       = lookup(var.network_cidrs, "ALL-CIDR")
+#     destination_type  = "CIDR_BLOCK"
+#     network_entity_id = oci_core_internet_gateway.oke_internet_gateway[0].id
+#   }
+
+#   count = var.create_new_oke_cluster ? 1 : 0
+# }
+
+resource "oci_core_nat_gateway" "oke_nat_gateway" {
+  block_traffic  = "false"
+  compartment_id = local.oke_compartment_ocid
+  display_name   = "oke-nat-gateway-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+  freeform_tags  = local.freeform_deployment_tags
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+
+resource "oci_core_internet_gateway" "oke_internet_gateway" {
+  compartment_id = local.oke_compartment_ocid
+  display_name   = "oke-internet-gateway-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  enabled        = true
+  vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+  freeform_tags  = local.freeform_deployment_tags
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+
+resource "oci_core_service_gateway" "oke_service_gateway" {
+  compartment_id = local.oke_compartment_ocid
+  display_name   = "oke-service-gateway-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+  freeform_tags  = local.freeform_deployment_tags
+
+  services {
+    service_id = lookup(data.oci_core_services.all_services.services[0], "id")
+  }
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
\ No newline at end of file
diff --git a/terraform/modules/oke/oke-orm-private-endpoint.tf b/terraform/modules/oke/oke-orm-private-endpoint.tf
new file mode 100644
index 0000000..d7bb0b6
--- /dev/null
+++ b/terraform/modules/oke/oke-orm-private-endpoint.tf
@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+### Important Notice ###
+# OCI Resource Manager Private Endpoint is only available when using Resource Manager.
+# If you use local Terraform, you will need to setup an OCI Bastion for connectivity to the Private OKE.
+# If using OCI CloudShell, you need to activate the OCI Private Endpoint for OCI CLoud Shell.
+
+resource "oci_resourcemanager_private_endpoint" "private_kubernetes_endpoint" {
+  compartment_id = local.oke_compartment_ocid
+  display_name   = "Private Endpoint for OKE ${var.app_name} - ${random_string.deploy_id.result}"
+  description    = "Resource Manager Private Endpoint for OKE for the ${var.app_name} - ${random_string.deploy_id.result}"
+  vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+  subnet_id      = oci_core_subnet.oke_k8s_endpoint_subnet[0].id
+  freeform_tags  = local.freeform_deployment_tags
+
+  count = var.create_new_oke_cluster ? ((var.cluster_endpoint_visibility == "Private") ? 1 : 0) : 0
+}
+
+# Resolves the private IP of the customer's private endpoint to a NAT IP.
+data "oci_resourcemanager_private_endpoint_reachable_ip" "private_kubernetes_endpoint" {
+  private_endpoint_id = var.create_new_oke_cluster ? oci_resourcemanager_private_endpoint.private_kubernetes_endpoint[0].id : var.existent_oke_cluster_private_endpoint
+  private_ip          = trimsuffix(oci_containerengine_cluster.oke_cluster[0].endpoints.0.private_endpoint, ":6443") # TODO: Pending rule when has existent cluster
+
+  count = (var.cluster_endpoint_visibility == "Private") ? 1 : 0
+}
\ No newline at end of file
diff --git a/terraform/modules/oke/oke-outputs.tf b/terraform/modules/oke/oke-outputs.tf
new file mode 100755
index 0000000..6b0249b
--- /dev/null
+++ b/terraform/modules/oke/oke-outputs.tf
@@ -0,0 +1,84 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+output "comments" {
+  value = "The application URL will be unavailable for a few minutes after provisioning while the application is configured and deployed to Kubernetes"
+}
+output "deploy_id" {
+  value = random_string.deploy_id.result
+}
+output "deployed_oke_kubernetes_version" {
+  value = local.deployed_k8s_version
+}
+output "deployed_to_region" {
+  value = var.region
+}
+output "dev" {
+  value = "Made with \u2764 by Oracle Developers"
+}
+output "kubeconfig" {
+  value = data.oci_containerengine_cluster_kube_config.oke.content
+}
+output "kubeconfig_for_kubectl" {
+  value       = "export KUBECONFIG=${path.root}/generated/kubeconfig"
+  description = "If using Terraform locally, this command set KUBECONFIG environment variable to run kubectl locally"
+}
+output "orm_private_endpoint_oke_api_ip_address" {
+  value       = (var.cluster_endpoint_visibility == "Private") ? data.oci_resourcemanager_private_endpoint_reachable_ip.private_kubernetes_endpoint.0.ip_address : ""
+  description = "OCI Resource Manager Private Endpoint ip address for OKE Kubernetes API Private Endpoint"
+
+  depends_on = [
+    oci_resourcemanager_private_endpoint.private_kubernetes_endpoint
+  ]
+}
+
+# OKE VCN info
+output "oke_vcn_ocid" {
+  value       = var.create_new_oke_cluster ? oci_core_virtual_network.oke_vcn[0].id : "" # TODO: Include selected VCN for private endpoint or Existent VCN
+  description = "VCN OCID used by the OKE Cluster"
+}
+output "oke_vcn_compartment_ocid" {
+  value       = local.oke_compartment_ocid
+  description = "VCN Compartment OCID used by the OKE Cluster VCN resources"
+}
+output "oke_vcn_default_dhcp_ocid" {
+  value       = var.create_new_oke_cluster ? oci_core_virtual_network.oke_vcn[0].default_dhcp_options_id : "" # TODO: Get the existent VCN Default DHCP
+  description = "Default DHCP OCID used by the OKE Cluster VCN"
+}
+output "oke_vcn_nat_gateway_ocid" {
+  value       = var.create_new_oke_cluster ? oci_core_nat_gateway.oke_nat_gateway[0].id : "" # TODO: Get the existent VCN Default DHCP
+  description = "NAT Gateway OCID used by the OKE Cluster VCN"
+}
+output "oke_vcn_private_route_table_ocid" {
+  value       = var.create_new_oke_cluster ? oci_core_route_table.oke_private_route_table[0].id : "" # TODO: Get the existent VCN Private Route Table
+  description = "Private Route Table OCID used by the OKE Cluster VCN"
+}
+output "oke_vcn_internet_gateway_ocid" {
+  value       = var.create_new_oke_cluster ? oci_core_internet_gateway.oke_internet_gateway[0].id : "" # TODO: Get the existent VCN Default DHCP
+  description = "Internet Gateway OCID used by the OKE Cluster VCN"
+}
+output "oke_vcn_service_gateway_ocid" {
+  value       = var.create_new_oke_cluster ? oci_core_service_gateway.oke_service_gateway[0].id : "" # TODO: Get the existent VCN Default DHCP
+  description = "Service Gateway OCID used by the OKE Cluster VCN"
+}
+### Important Security Notice ###
+# The private key generated by this resource will be stored unencrypted in your Terraform state file. 
+# Use of this resource for production deployments is not recommended. 
+# Instead, generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run.
+output "generated_private_key_pem" {
+  value     = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.private_key_pem : "No Keys Auto Generated"
+  sensitive = true
+}
+
+# output "oke_debug_oke_private_endpoint" {
+#   value = oci_containerengine_cluster.oke_cluster[0].endpoints.0.private_endpoint
+# }
+
+# output "oke_debug_orm_private_endpoint_reachable_ip" {
+#   value = data.oci_resourcemanager_private_endpoint_reachable_ip.private_kubernetes_endpoint.0.ip_address
+# }
+
+# output "oke_debug_oke_endpoints" {
+#   value = oci_containerengine_cluster.oke_cluster.0.endpoints
+# }
\ No newline at end of file
diff --git a/terraform/modules/oke/oke-security-lists.tf b/terraform/modules/oke/oke-security-lists.tf
new file mode 100644
index 0000000..e7c2d55
--- /dev/null
+++ b/terraform/modules/oke/oke-security-lists.tf
@@ -0,0 +1,276 @@
+# Copyright (c) 2021, 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+resource "oci_core_security_list" "oke_nodes_security_list" {
+  compartment_id = local.oke_compartment_ocid
+  display_name   = "oke-nodes-wkr-seclist-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+  freeform_tags  = local.freeform_deployment_tags
+
+  # Ingresses
+  ingress_security_rules {
+    description = "Allow pods on one worker node to communicate with pods on other worker nodes"
+    source      = lookup(var.network_cidrs, "SUBNET-REGIONAL-CIDR")
+    source_type = "CIDR_BLOCK"
+    protocol    = local.all_protocols
+    stateless   = false
+  }
+  ingress_security_rules {
+    description = "Inbound SSH traffic to worker nodes"
+    source      = lookup(var.network_cidrs, (var.cluster_workers_visibility == "Private") ? "VCN-CIDR" : "ALL-CIDR")
+    source_type = "CIDR_BLOCK"
+    protocol    = local.tcp_protocol_number
+    stateless   = false
+
+    tcp_options {
+      max = local.ssh_port_number
+      min = local.ssh_port_number
+    }
+  }
+  ingress_security_rules {
+    description = "TCP access from Kubernetes Control Plane"
+    source      = lookup(var.network_cidrs, "ENDPOINT-SUBNET-REGIONAL-CIDR")
+    source_type = "CIDR_BLOCK"
+    protocol    = local.tcp_protocol_number
+    stateless   = false
+  }
+  ingress_security_rules {
+    description = "Path discovery"
+    source      = lookup(var.network_cidrs, "ENDPOINT-SUBNET-REGIONAL-CIDR")
+    source_type = "CIDR_BLOCK"
+    protocol    = local.icmp_protocol_number
+    stateless   = false
+
+    icmp_options {
+      type = "3"
+      code = "4"
+    }
+  }
+
+  # Egresses
+  egress_security_rules {
+    description      = "Allow pods on one worker node to communicate with pods on other worker nodes"
+    destination      = lookup(var.network_cidrs, "SUBNET-REGIONAL-CIDR")
+    destination_type = "CIDR_BLOCK"
+    protocol         = local.all_protocols
+    stateless        = false
+  }
+  egress_security_rules {
+    description      = "Worker Nodes access to Internet"
+    destination      = lookup(var.network_cidrs, "ALL-CIDR")
+    destination_type = "CIDR_BLOCK"
+    protocol         = local.all_protocols
+    stateless        = false
+  }
+  egress_security_rules {
+    description      = "Allow nodes to communicate with OKE to ensure correct start-up and continued functioning"
+    destination      = lookup(data.oci_core_services.all_services.services[0], "cidr_block")
+    destination_type = "SERVICE_CIDR_BLOCK"
+    protocol         = local.tcp_protocol_number
+    stateless        = false
+
+    tcp_options {
+      max = local.https_port_number
+      min = local.https_port_number
+    }
+  }
+  egress_security_rules {
+    description      = "ICMP Access from Kubernetes Control Plane"
+    destination      = lookup(var.network_cidrs, "ALL-CIDR")
+    destination_type = "CIDR_BLOCK"
+    protocol         = local.icmp_protocol_number
+    stateless        = false
+
+    icmp_options {
+      type = "3"
+      code = "4"
+    }
+  }
+  egress_security_rules {
+    description      = "Access to Kubernetes API Endpoint"
+    destination      = lookup(var.network_cidrs, "ENDPOINT-SUBNET-REGIONAL-CIDR")
+    destination_type = "CIDR_BLOCK"
+    protocol         = local.tcp_protocol_number
+    stateless        = false
+
+    tcp_options {
+      max = local.k8s_api_endpoint_port_number
+      min = local.k8s_api_endpoint_port_number
+    }
+  }
+  egress_security_rules {
+    description      = "Kubernetes worker to control plane communication"
+    destination      = lookup(var.network_cidrs, "ENDPOINT-SUBNET-REGIONAL-CIDR")
+    destination_type = "CIDR_BLOCK"
+    protocol         = local.tcp_protocol_number
+    stateless        = false
+
+    tcp_options {
+      max = local.k8s_worker_to_control_plane_port_number
+      min = local.k8s_worker_to_control_plane_port_number
+    }
+  }
+  egress_security_rules {
+    description      = "Path discovery"
+    destination      = lookup(var.network_cidrs, "ENDPOINT-SUBNET-REGIONAL-CIDR")
+    destination_type = "CIDR_BLOCK"
+    protocol         = local.icmp_protocol_number
+    stateless        = false
+
+    icmp_options {
+      type = "3"
+      code = "4"
+    }
+  }
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+
+resource "oci_core_security_list" "oke_lb_security_list" {
+  compartment_id = local.oke_compartment_ocid
+  display_name   = "oke-lb-seclist-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+  freeform_tags  = local.freeform_deployment_tags
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+
+resource "oci_core_security_list" "oke_endpoint_security_list" {
+  compartment_id = local.oke_compartment_ocid
+  display_name   = "oke-k8s-api-endpoint-seclist-${local.app_name_normalized}-${random_string.deploy_id.result}"
+  vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+  freeform_tags  = local.freeform_deployment_tags
+
+  # Ingresses
+
+  ingress_security_rules {
+    description = "External access to Kubernetes API endpoint"
+    source      = lookup(var.network_cidrs, (var.cluster_endpoint_visibility == "Private") ? "VCN-CIDR" : "ALL-CIDR")
+    source_type = "CIDR_BLOCK"
+    protocol    = local.tcp_protocol_number
+    stateless   = false
+
+    tcp_options {
+      max = local.k8s_api_endpoint_port_number
+      min = local.k8s_api_endpoint_port_number
+    }
+  }
+  ingress_security_rules {
+    description = "Kubernetes worker to Kubernetes API endpoint communication"
+    source      = lookup(var.network_cidrs, "SUBNET-REGIONAL-CIDR")
+    source_type = "CIDR_BLOCK"
+    protocol    = local.tcp_protocol_number
+    stateless   = false
+
+    tcp_options {
+      max = local.k8s_api_endpoint_port_number
+      min = local.k8s_api_endpoint_port_number
+    }
+  }
+  ingress_security_rules {
+    description = "Kubernetes worker to control plane communication"
+    source      = lookup(var.network_cidrs, "SUBNET-REGIONAL-CIDR")
+    source_type = "CIDR_BLOCK"
+    protocol    = local.tcp_protocol_number
+    stateless   = false
+
+    tcp_options {
+      max = local.k8s_worker_to_control_plane_port_number
+      min = local.k8s_worker_to_control_plane_port_number
+    }
+  }
+  ingress_security_rules {
+    description = "Path discovery"
+    source      = lookup(var.network_cidrs, "SUBNET-REGIONAL-CIDR")
+    source_type = "CIDR_BLOCK"
+    protocol    = local.icmp_protocol_number
+    stateless   = false
+
+    icmp_options {
+      type = "3"
+      code = "4"
+    }
+  }
+
+  # Egresses
+
+  egress_security_rules {
+    description      = "Allow Kubernetes Control Plane to communicate with OKE"
+    destination      = lookup(data.oci_core_services.all_services.services[0], "cidr_block")
+    destination_type = "SERVICE_CIDR_BLOCK"
+    protocol         = local.tcp_protocol_number
+    stateless        = false
+
+    tcp_options {
+      max = local.https_port_number
+      min = local.https_port_number
+    }
+  }
+  egress_security_rules {
+    description      = "All traffic to worker nodes"
+    destination      = lookup(var.network_cidrs, "SUBNET-REGIONAL-CIDR")
+    destination_type = "CIDR_BLOCK"
+    protocol         = local.tcp_protocol_number
+    stateless        = false
+  }
+  egress_security_rules {
+    description      = "Path discovery"
+    destination      = lookup(var.network_cidrs, "SUBNET-REGIONAL-CIDR")
+    destination_type = "CIDR_BLOCK"
+    protocol         = local.icmp_protocol_number
+    stateless        = false
+
+    icmp_options {
+      type = "3"
+      code = "4"
+    }
+  }
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+
+# resource "oci_core_security_list" "apigw_fn_security_list" {
+#   compartment_id = local.oke_compartment_ocid
+#   display_name   = "apigw-fn-seclist-${local.app_name_normalized}-${random_string.deploy_id.result}"
+#   vcn_id         = oci_core_virtual_network.oke_vcn[0].id
+#   freeform_tags = local.freeform_deployment_tags
+
+#   # Ingresses
+
+#   ingress_security_rules {
+#     description = "Allow API Gateway to receive requests"
+#     source      = lookup(var.network_cidrs, "ALL-CIDR")
+#     source_type = "CIDR_BLOCK"
+#     protocol    = local.tcp_protocol_number
+#     stateless   = false
+
+#     tcp_options {
+#       max = local.https_port_number
+#       min = local.https_port_number
+#     }
+#   }
+
+#   # Egresses
+
+#   egress_security_rules {
+#     description      = "Allow API Gateway to forward requests to Functions via service conduit"
+#     destination      = lookup(data.oci_core_services.all_services.services[0], "cidr_block")
+#     destination_type = "SERVICE_CIDR_BLOCK"
+#     protocol         = local.all_protocols
+#     stateless        = false
+#   }
+
+#   count = var.create_new_oke_cluster ? 1 : 0
+# }
+
+locals {
+  http_port_number                        = "80"
+  https_port_number                       = "443"
+  k8s_api_endpoint_port_number            = "6443"
+  k8s_worker_to_control_plane_port_number = "12250"
+  ssh_port_number                         = "22"
+  tcp_protocol_number                     = "6"
+  icmp_protocol_number                    = "1"
+  all_protocols                           = "all"
+}
\ No newline at end of file
diff --git a/terraform/modules/oke/oke-variables.tf b/terraform/modules/oke/oke-variables.tf
new file mode 100644
index 0000000..78ea970
--- /dev/null
+++ b/terraform/modules/oke/oke-variables.tf
@@ -0,0 +1,217 @@
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# OKE Variables
+## OKE Cluster Details
+variable "app_name" {
+  default     = "OKE App"
+  description = "Application name. Will be used as prefix to identify resources, such as OKE, VCN, ATP, and others"
+}
+variable "app_deployment_environment" {
+  default     = "generic" # e.g.: Development, QA, Stage, ...
+  description = "Deployment environment for the freeform tags"
+}
+variable "app_deployment_type" {
+  default     = "generic" # e.g.: App Type 1, App Type 2, Red, Purple, ...
+  description = "Deployment type for the freeform tags"
+}
+variable "create_new_oke_cluster" {
+  default     = false
+  description = "Creates a new OKE cluster and node pool"
+}
+variable "existent_oke_cluster_id" {
+  default     = ""
+  description = "Using existent OKE Cluster. Only the application and services will be provisioned. If select cluster autoscaler feature, you need to get the node pool id and enter when required"
+}
+variable "existent_oke_cluster_private_endpoint" {
+  default     = ""
+  description = "Resource Manager Private Endpoint to access the OKE Private Cluster"
+}
+variable "create_new_compartment_for_oke" {
+  default     = false
+  description = "Creates new compartment for OKE Nodes and OCI Services deployed.  NOTE: The creation of the compartment increases the deployment time by at least 3 minutes, and can increase by 15 minutes when destroying"
+}
+variable "oke_compartment_description" {
+  default = "Compartment for OKE, Nodes and Services"
+}
+variable "cluster_options_add_ons_is_kubernetes_dashboard_enabled" {
+  default = false
+}
+variable "cluster_options_admission_controller_options_is_pod_security_policy_enabled" {
+  description = "If true: The pod security policy admission controller will use pod security policies to restrict the pods accepted into the cluster."
+  default     = false
+}
+
+## OKE Visibility (Workers and Endpoint)
+
+variable "cluster_workers_visibility" {
+  default     = "Private"
+  description = "The Kubernetes worker nodes that are created will be hosted in public or private subnet(s)"
+
+  validation {
+    condition     = var.cluster_workers_visibility == "Private" || var.cluster_workers_visibility == "Public"
+    error_message = "Sorry, but cluster visibility can only be Private or Public."
+  }
+}
+
+variable "cluster_endpoint_visibility" {
+  default     = "Public"
+  description = "The Kubernetes cluster that is created will be hosted on a public subnet with a public IP address auto-assigned or on a private subnet. If Private, additional configuration will be necessary to run kubectl commands"
+
+  validation {
+    condition     = var.cluster_endpoint_visibility == "Private" || var.cluster_endpoint_visibility == "Public"
+    error_message = "Sorry, but cluster endpoint visibility can only be Private or Public."
+  }
+}
+
+## OKE Encryption details
+variable "use_encryption_from_oci_vault" {
+  default     = false
+  description = "By default, Oracle manages the keys that encrypts Kubernetes Secrets at Rest in Etcd, but you can choose a key from a vault that you have access to, if you want greater control over the key's lifecycle and how it's used"
+}
+variable "create_new_encryption_key" {
+  default     = false
+  description = "Creates new vault and key on OCI Vault/Key Management/KMS and assign to boot volume of the worker nodes"
+}
+variable "existent_encryption_key_id" {
+  default     = ""
+  description = "Use an existent master encryption key to encrypt boot volume and object storage bucket. NOTE: If the key resides in a different compartment or in a different tenancy, make sure you have the proper policies to access, or the provision of the worker nodes will fail"
+}
+variable "create_vault_policies_for_group" {
+  default     = false
+  description = "Creates policies to allow the user applying the stack to manage vault and keys. If you are on the Administrators group or already have the policies for a compartment, this policy is not needed. If you do not have access to allow the policy, ask your administrator to include it for you"
+}
+variable "user_admin_group_for_vault_policy" {
+  default     = "Administrators"
+  description = "User Identity Group to allow manage vault and keys. The user running the Terraform scripts or Applying the ORM Stack need to be on this group"
+}
+
+## OKE Autoscaler
+variable "cluster_autoscaler_enabled" {
+  default     = true
+  description = "Enables OKE cluster autoscaler. Node pools will auto scale based on the resources usage"
+}
+variable "cluster_autoscaler_min_nodes" {
+  default     = 3
+  description = "Minimum number of nodes on the node pool to be scheduled by the Kubernetes"
+}
+variable "cluster_autoscaler_max_nodes" {
+  default     = 10
+  description = "Maximum number of nodes on the node pool to be scheduled by the Kubernetes"
+}
+variable "existent_oke_nodepool_id_for_autoscaler" {
+  default     = ""
+  description = "Nodepool Id of the existent OKE to use with Cluster Autoscaler"
+}
+
+## OKE Node Pool Details
+variable "node_pool_name" {
+  default     = "pool1"
+  description = "Name of the node pool"
+}
+variable "k8s_version" {
+  default     = "Latest"
+  description = "Kubernetes version installed on your master and worker nodes"
+}
+variable "num_pool_workers" {
+  default     = 3
+  description = "The number of worker nodes in the node pool. If select Cluster Autoscaler, will assume the minimum number of nodes configured"
+}
+variable "node_pool_shape" {
+  default     = "VM.Standard.E4.Flex"
+  description = "A shape is a template that determines the number of OCPUs, amount of memory, and other resources allocated to a newly created instance for the Worker Node"
+}
+
+variable "node_pool_node_shape_config_ocpus" {
+  default     = "1" # Only used if flex shape is selected
+  description = "You can customize the number of OCPUs to a flexible shape"
+}
+variable "node_pool_node_shape_config_memory_in_gbs" {
+  default     = "16" # Only used if flex shape is selected
+  description = "You can customize the amount of memory allocated to a flexible shape"
+}
+variable "node_pool_boot_volume_size_in_gbs" {
+  default     = "50"
+  description = "Specify a custom boot volume size (in GB)"
+}
+variable "image_operating_system" {
+  default     = "Oracle Linux"
+  description = "The OS/image installed on all nodes in the node pool."
+}
+variable "image_operating_system_version" {
+  default     = "8"
+  description = "The OS/image version installed on all nodes in the node pool."
+}
+variable "generate_public_ssh_key" {
+  default = true
+}
+variable "public_ssh_key" {
+  default     = ""
+  description = "In order to access your private nodes with a public SSH key you will need to set up a bastion host (a.k.a. jump box). If using public nodes, bastion is not needed. Left blank to not import keys."
+}
+
+# OCI Provider
+variable "tenancy_ocid" {}
+variable "compartment_ocid" {}
+variable "region" {}
+
+# Network Details
+## CIDRs
+variable "network_cidrs" {
+  type = map(string)
+
+  default = {
+    VCN-CIDR                      = "10.20.0.0/16"
+    SUBNET-REGIONAL-CIDR          = "10.20.10.0/24"
+    LB-SUBNET-REGIONAL-CIDR       = "10.20.20.0/24"
+    APIGW-FN-SUBNET-REGIONAL-CIDR = "10.20.30.0/24"
+    ENDPOINT-SUBNET-REGIONAL-CIDR = "10.20.0.0/28"
+    ALL-CIDR                      = "0.0.0.0/0"
+    PODS-CIDR                     = "10.244.0.0/16"
+    KUBERNETES-SERVICE-CIDR       = "10.96.0.0/16"
+  }
+}
+## VCN
+variable "create_new_vcn" {
+  default     = false
+  description = "Creates a new VCN"
+}
+
+# Create Dynamic Group and Policies
+variable "create_dynamic_group_for_nodes_in_compartment" {
+  default     = false # TODO: true 
+  description = "Creates dynamic group of Nodes in the compartment. Note: You need to have proper rights on the Tenancy. If you only have rights in a compartment, uncheck and ask you administrator to create the Dynamic Group for you"
+}
+variable "existent_dynamic_group_for_nodes_in_compartment" {
+  default     = ""
+  description = "Enter previous created Dynamic Group for the policies"
+}
+variable "create_compartment_policies" {
+  default     = false # TODO: true 
+  description = "Creates policies that will reside on the compartment. e.g.: Policies to support Cluster Autoscaler, OCI Logging datasource on Grafana"
+}
+variable "create_tenancy_policies" {
+  default     = false # TODO: true 
+  description = "Creates policies that need to reside on the tenancy. e.g.: Policies to support OCI Metrics datasource on Grafana"
+}
+
+# ORM Schema visual control variables
+variable "show_advanced" {
+  default = false
+}
+
+# App Name Locals
+locals {
+  app_name_normalized = substr(replace(lower(var.app_name), " ", "-"), 0, 6)
+  app_name_for_db     = regex("[[:alnum:]]{1,10}", var.app_name)
+}
+
+# Deployment Tags
+locals {
+  freeform_deployment_tags = {
+    "DeploymentID" = "${random_string.deploy_id.result}",
+    "AppName"      = "${var.app_name}",
+    "Environment"  = "${var.app_deployment_environment}",
+  "DeploymentType" = "${var.app_deployment_type}" }
+}
diff --git a/terraform/modules/oke/oke.tf b/terraform/modules/oke/oke.tf
new file mode 100644
index 0000000..1df9559
--- /dev/null
+++ b/terraform/modules/oke/oke.tf
@@ -0,0 +1,149 @@
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+resource "oci_containerengine_cluster" "oke_cluster" {
+  compartment_id     = local.oke_compartment_ocid
+  kubernetes_version = (var.k8s_version == "Latest") ? local.cluster_k8s_latest_version : var.k8s_version
+  name               = "${var.app_name} (${random_string.deploy_id.result})"
+  vcn_id             = oci_core_virtual_network.oke_vcn[0].id
+  kms_key_id         = var.use_encryption_from_oci_vault ? (var.create_new_encryption_key ? oci_kms_key.oke_key[0].id : var.existent_encryption_key_id) : null
+  freeform_tags      = local.freeform_deployment_tags
+
+  endpoint_config {
+    is_public_ip_enabled = (var.cluster_endpoint_visibility == "Private") ? false : true
+    subnet_id            = oci_core_subnet.oke_k8s_endpoint_subnet[0].id
+    nsg_ids              = []
+  }
+  options {
+    service_lb_subnet_ids = [oci_core_subnet.oke_lb_subnet[0].id]
+    add_ons {
+      is_kubernetes_dashboard_enabled = var.cluster_options_add_ons_is_kubernetes_dashboard_enabled
+      is_tiller_enabled               = false # Default is false, left here for reference
+    }
+    admission_controller_options {
+      is_pod_security_policy_enabled = var.cluster_options_admission_controller_options_is_pod_security_policy_enabled
+    }
+    kubernetes_network_config {
+      services_cidr = lookup(var.network_cidrs, "KUBERNETES-SERVICE-CIDR")
+      pods_cidr     = lookup(var.network_cidrs, "PODS-CIDR")
+    }
+    persistent_volume_config {
+      freeform_tags = local.freeform_deployment_tags
+    }
+    service_lb_config {
+      freeform_tags = local.freeform_deployment_tags
+    }
+  }
+  image_policy_config {
+    is_policy_enabled = false
+    # key_details {
+    #   # kms_key_id = var.use_encryption_from_oci_vault ? (var.create_new_encryption_key ? oci_kms_key.oke_key[0].id : var.existent_encryption_key_id) : null
+    # }
+  }
+  cluster_pod_network_options {
+    cni_type = "FLANNEL_OVERLAY"
+  }
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+
+resource "oci_containerengine_node_pool" "oke_node_pool" {
+  cluster_id         = oci_containerengine_cluster.oke_cluster[0].id
+  compartment_id     = local.oke_compartment_ocid
+  kubernetes_version = (var.k8s_version == "Latest") ? local.node_pool_k8s_latest_version : var.k8s_version
+  name               = var.node_pool_name
+  node_shape         = var.node_pool_shape
+  ssh_public_key     = var.generate_public_ssh_key ? tls_private_key.oke_worker_node_ssh_key.public_key_openssh : var.public_ssh_key
+  freeform_tags      = local.freeform_deployment_tags
+
+  node_config_details {
+    dynamic "placement_configs" {
+      for_each = data.oci_identity_availability_domains.ADs.availability_domains
+
+      content {
+        availability_domain = placement_configs.value.name
+        subnet_id           = oci_core_subnet.oke_nodes_subnet[0].id
+      }
+    }
+    node_pool_pod_network_option_details {
+      cni_type = "FLANNEL_OVERLAY"
+    }
+    # nsg_ids       = []
+    size          = var.cluster_autoscaler_enabled ? var.cluster_autoscaler_min_nodes : var.num_pool_workers
+    kms_key_id    = var.use_encryption_from_oci_vault ? (var.create_new_encryption_key ? oci_kms_key.oke_key[0].id : var.existent_encryption_key_id) : null
+    freeform_tags = local.freeform_deployment_tags
+  }
+
+  dynamic "node_shape_config" {
+    for_each = local.is_flexible_node_shape ? [1] : []
+    content {
+      ocpus         = var.node_pool_node_shape_config_ocpus
+      memory_in_gbs = var.node_pool_node_shape_config_memory_in_gbs
+    }
+  }
+
+  node_source_details {
+    source_type             = "IMAGE"
+    image_id                = lookup(data.oci_core_images.node_pool_images.images[0], "id")
+    boot_volume_size_in_gbs = var.node_pool_boot_volume_size_in_gbs
+  }
+  # node_eviction_node_pool_settings {
+  #   eviction_grace_duration              = "PT1H"
+  #   is_force_delete_after_grace_duration = false
+  # }
+  # node_metadata = {}
+
+  initial_node_labels {
+    key   = "name"
+    value = var.node_pool_name
+  }
+
+  count = var.create_new_oke_cluster ? 1 : 0
+}
+
+resource "oci_identity_compartment" "oke_compartment" {
+  compartment_id = var.compartment_ocid
+  name           = "${local.app_name_normalized}-${random_string.deploy_id.result}"
+  description    = "${var.app_name} ${var.oke_compartment_description} (Deployment ${random_string.deploy_id.result})"
+  enable_delete  = true
+
+  count = var.create_new_compartment_for_oke ? 1 : 0
+}
+locals {
+  oke_compartment_ocid = var.create_new_compartment_for_oke ? oci_identity_compartment.oke_compartment.0.id : var.compartment_ocid
+}
+
+# Local kubeconfig for when using Terraform locally. Not used by Oracle Resource Manager
+resource "local_file" "oke_kubeconfig" {
+  content  = data.oci_containerengine_cluster_kube_config.oke.content
+  filename = "${path.module}/generated/kubeconfig"
+}
+
+# Generate ssh keys to access Worker Nodes, if generate_public_ssh_key=true, applies to the pool
+resource "tls_private_key" "oke_worker_node_ssh_key" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# Get OKE options
+locals {
+  cluster_k8s_latest_version   = reverse(sort(data.oci_containerengine_cluster_option.oke.kubernetes_versions))[0]
+  node_pool_k8s_latest_version = reverse(sort(data.oci_containerengine_node_pool_option.oke.kubernetes_versions))[0]
+  deployed_k8s_version = var.create_new_oke_cluster ? ((var.k8s_version == "Latest") ? local.cluster_k8s_latest_version : var.k8s_version) : [
+  for x in data.oci_containerengine_clusters.oke.clusters : x.kubernetes_version if x.id == var.existent_oke_cluster_id][0]
+}
+
+# Checks if is using Flexible Compute Shapes
+locals {
+  # is_flexible_node_shape = contains(local.compute_flexible_shapes, var.node_pool_shape)
+  is_flexible_node_shape = contains(split(".", var.node_pool_shape), "Flex")
+}
+
+output "debug_k8s_version_calculated" {
+  value = ((var.k8s_version == "Latest") ? local.cluster_k8s_latest_version : var.k8s_version)
+}
+
+output "debug_k8s_version_var" {
+  value = var.k8s_version
+}
\ No newline at end of file
diff --git a/terraform/modules/oke/policies.tf b/terraform/modules/oke/policies.tf
new file mode 100644
index 0000000..15de0bc
--- /dev/null
+++ b/terraform/modules/oke/policies.tf
@@ -0,0 +1,86 @@
+# Copyright (c) 2021 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+resource "oci_identity_dynamic_group" "app_dynamic_group" {
+  name           = "${local.app_name_normalized}-dg-${random_string.deploy_id.result}"
+  description    = "${var.app_name} OKE Cluster Dynamic Group (${random_string.deploy_id.result})"
+  compartment_id = var.tenancy_ocid
+  matching_rule  = "ANY {${join(",", local.dynamic_group_matching_rules)}}"
+
+  provider = oci.home_region
+
+  count = var.create_dynamic_group_for_nodes_in_compartment ? 1 : 0
+}
+resource "oci_identity_policy" "app_compartment_policies" {
+  name           = "${local.app_name_normalized}-compartment-policies-${random_string.deploy_id.result}"
+  description    = "${var.app_name} OKE Cluster Compartment Policies (${random_string.deploy_id.result})"
+  compartment_id = local.oke_compartment_ocid
+  statements     = local.app_compartment_statements
+
+  depends_on = [oci_identity_dynamic_group.app_dynamic_group]
+
+  provider = oci.home_region
+
+  count = var.create_compartment_policies ? 1 : 0
+}
+resource "oci_identity_policy" "kms_user_group_compartment_policies" {
+  name           = "${local.app_name_normalized}-kms-compartment-policies-${random_string.deploy_id.result}"
+  description    = "${var.app_name} KMS User Group Compartment Policies (${random_string.deploy_id.result})"
+  compartment_id = local.oke_compartment_ocid
+  statements     = local.kms_user_group_compartment_statements
+
+  depends_on = [oci_identity_dynamic_group.app_dynamic_group]
+
+  provider = oci.home_region
+
+  count = (var.create_compartment_policies && var.create_vault_policies_for_group) ? 1 : 0
+}
+
+# Concat Matching Rules and Policy Statements
+locals {
+  dynamic_group_matching_rules = concat(
+    local.instances_in_compartment_rule,
+    local.clusters_in_compartment_rule
+  )
+  app_compartment_statements = concat(
+    var.use_encryption_from_oci_vault ? local.allow_oke_use_oci_vault_keys_statements : [],
+    var.cluster_autoscaler_enabled ? local.cluster_autoscaler_statements : []
+  )
+  kms_user_group_compartment_statements = concat(
+    local.allow_group_manage_vault_keys_statements
+  )
+}
+
+# Individual Rules
+locals {
+  instances_in_compartment_rule = ["ALL {instance.compartment.id = '${local.oke_compartment_ocid}'}"]
+  clusters_in_compartment_rule  = ["ALL {resource.type = 'cluster', resource.compartment.id = '${local.oke_compartment_ocid}'}"]
+}
+
+# Individual Policy Statements
+locals {
+  cluster_autoscaler_statements = [
+    "Allow dynamic-group ${local.app_dynamic_group} to manage cluster-node-pools in compartment id ${local.oke_compartment_ocid}",
+    "Allow dynamic-group ${local.app_dynamic_group} to manage instance-family in compartment id ${local.oke_compartment_ocid}",
+    "Allow dynamic-group ${local.app_dynamic_group} to use subnets in compartment id ${local.oke_compartment_ocid}",
+    "Allow dynamic-group ${local.app_dynamic_group} to read virtual-network-family in compartment id ${local.oke_compartment_ocid}",
+    "Allow dynamic-group ${local.app_dynamic_group} to use vnics in compartment id ${local.oke_compartment_ocid}",
+    "Allow dynamic-group ${local.app_dynamic_group} to inspect compartments in compartment id ${local.oke_compartment_ocid}"
+  ]
+  allow_oke_use_oci_vault_keys_statements = [
+    "Allow service oke to use vaults in compartment id ${local.oke_compartment_ocid}",
+    "Allow service oke to use keys in compartment id ${local.oke_compartment_ocid} where target.key.id = '${local.oci_vault_key_id}'",
+    "Allow dynamic-group ${local.app_dynamic_group} to use keys in compartment id ${local.oke_compartment_ocid} where target.key.id = '${local.oci_vault_key_id}'"
+  ]
+  allow_group_manage_vault_keys_statements = [
+    "Allow group ${var.user_admin_group_for_vault_policy} to manage vaults in compartment id ${local.oke_compartment_ocid}",
+    "Allow group ${var.user_admin_group_for_vault_policy} to manage keys in compartment id ${local.oke_compartment_ocid}",
+    "Allow group ${var.user_admin_group_for_vault_policy} to use key-delegate in compartment id ${local.oke_compartment_ocid}"
+  ]
+}
+
+# Conditional locals
+locals {
+  app_dynamic_group = var.create_dynamic_group_for_nodes_in_compartment ? oci_identity_dynamic_group.app_dynamic_group.0.name : "void"
+}
diff --git a/terraform/modules/oke/providers.tf b/terraform/modules/oke/providers.tf
new file mode 100644
index 0000000..043c6b5
--- /dev/null
+++ b/terraform/modules/oke/providers.tf
@@ -0,0 +1,40 @@
+# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+terraform {
+  required_version = ">= 1.1"
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = ">= 4.88.1"
+      # https://registry.terraform.io/providers/oracle/oci/4.88.1
+      configuration_aliases = [oci.home_region]
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.12.1"
+      # https://registry.terraform.io/providers/hashicorp/kubernetes/2.12.1
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.6.0"
+      # https://registry.terraform.io/providers/hashicorp/helm/2.6.0
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0.1"
+      # https://registry.terraform.io/providers/hashicorp/tls/4.0.1
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "~> 2.2.3"
+      # https://registry.terraform.io/providers/hashicorp/local/2.2.3
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.3.2"
+      # https://registry.terraform.io/providers/hashicorp/random/3.3.2
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
new file mode 100755
index 0000000..0b40812
--- /dev/null
+++ b/terraform/outputs.tf
@@ -0,0 +1,7 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+output "stack_version" {
+  value = file("${path.module}/VERSION")
+}
\ No newline at end of file
diff --git a/terraform/providers.tf b/terraform/providers.tf
new file mode 100644
index 0000000..81809a4
--- /dev/null
+++ b/terraform/providers.tf
@@ -0,0 +1,100 @@
+# Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+terraform {
+  required_version = ">= 1.1"
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = ">= 4.88.1"
+      # https://registry.terraform.io/providers/oracle/oci/4.88.1
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.12.1"
+      # https://registry.terraform.io/providers/hashicorp/kubernetes/2.12.1
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.6.0"
+      # https://registry.terraform.io/providers/hashicorp/helm/2.6.0
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0.1"
+      # https://registry.terraform.io/providers/hashicorp/tls/4.0.1
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "~> 2.2.3"
+      # https://registry.terraform.io/providers/hashicorp/local/2.2.3
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.3.2"
+      # https://registry.terraform.io/providers/hashicorp/random/3.3.2
+    }
+  }
+}
+
+provider "oci" {
+  tenancy_ocid = var.tenancy_ocid
+  region       = var.region
+}
+
+provider "oci" {
+  alias        = "home_region"
+  tenancy_ocid = var.tenancy_ocid
+  region       = lookup(data.oci_identity_regions.home_region.regions[0], "name")
+
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+}
+
+provider "oci" {
+  alias        = "current_region"
+  tenancy_ocid = var.tenancy_ocid
+  region       = var.region
+
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+}
+
+# New configuration to avoid Terraform Kubernetes provider interpolation. https://registry.terraform.io/providers/hashicorp/kubernetes/2.2.0/docs#stacking-with-managed-kubernetes-cluster-resources
+# Currently need to uncheck to refresh (--refresh=false) when destroying or else the terraform destroy will fail
+
+# https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengdownloadkubeconfigfile.htm#notes
+provider "kubernetes" {
+  host                   = local.cluster_endpoint
+  cluster_ca_certificate = local.cluster_ca_certificate
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["ce", "cluster", "generate-token", "--cluster-id", local.cluster_id, "--region", local.cluster_region]
+    command     = "oci"
+  }
+}
+
+# https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengdownloadkubeconfigfile.htm#notes
+provider "helm" {
+  kubernetes {
+    host                   = local.cluster_endpoint
+    cluster_ca_certificate = local.cluster_ca_certificate
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      args        = ["ce", "cluster", "generate-token", "--cluster-id", local.cluster_id, "--region", local.cluster_region]
+      command     = "oci"
+    }
+  }
+}
+
+locals {
+  cluster_endpoint = (var.cluster_endpoint_visibility == "Private") ? (
+    "https://${module.oke.orm_private_endpoint_oke_api_ip_address}:6443") : (
+  yamldecode(module.oke.kubeconfig)["clusters"][0]["cluster"]["server"])
+  cluster_ca_certificate = base64decode(yamldecode(module.oke.kubeconfig)["clusters"][0]["cluster"]["certificate-authority-data"])
+  cluster_id             = yamldecode(module.oke.kubeconfig)["users"][0]["user"]["exec"]["args"][4]
+  cluster_region         = yamldecode(module.oke.kubeconfig)["users"][0]["user"]["exec"]["args"][6]
+}
diff --git a/terraform/schema.yaml b/terraform/schema.yaml
new file mode 100644
index 0000000..416a0a7
--- /dev/null
+++ b/terraform/schema.yaml
@@ -0,0 +1,838 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+title: "CARDS Connected System GREEN and CDE BLUE"
+description: "Deploys CARDS Connected System GREEN or CDE BLUE"
+informationalText: "This stack deploys Optum CARDS on an existent OKE Cluster (optionally the stack allows create a new cluster before deploy)."
+schemaVersion: 1.1.0
+version: "20190304"
+
+source:
+  type: quickstart
+
+locale: "en"
+variableGroups:
+  - title: "Basic Hidden"
+    variables:
+    - tenancy_ocid
+    - region
+    visible: false
+
+  - title: "General Configuration"
+    variables:
+    - app_name
+    - show_advanced
+
+  - title: "Optum CARDs options"
+    variables:
+    - app_deployment_environment
+    - app_deployment_type
+
+  - title: "Other Oracle-managed services"
+    variables:
+    - ofs_provision
+    - oss_provision
+
+  - title: "OKE Cluster Configuration"
+    variables:
+    - create_new_oke_cluster
+    - compartment_ocid
+    - existent_oke_cluster_id
+    - k8s_version
+    - cluster_workers_visibility
+    - cluster_endpoint_visibility
+    - existent_oke_cluster_vcn
+    - existent_oke_cluster_private_endpoint
+    - create_new_compartment_for_oke
+
+  - title: "OKE Worker Nodes"
+    variables:
+    - cluster_autoscaler_enabled
+    - num_pool_workers
+    - cluster_autoscaler_min_nodes
+    - cluster_autoscaler_max_nodes
+    - node_pool_instance_shape
+    - generate_public_ssh_key
+    - public_ssh_key
+    - image_operating_system
+    - image_operating_system_version
+    - node_pool_name
+
+  - title: "Dynamic Group and Policies"
+    variables:
+    - create_dynamic_group_for_nodes_in_compartment
+    - existent_dynamic_group_for_nodes_in_compartment
+    - create_compartment_policies
+
+  - title: "Encryption using OCI Vault (KMS)"
+    variables:
+    - use_encryption_from_oci_vault
+    - create_new_encryption_key
+    - existent_encryption_key_vault
+    - existent_encryption_key_id
+    - create_vault_policies_for_group
+    - user_admin_group_for_vault_policy
+
+  - title: "Cluster Tools - Ingress"
+    variables:
+    - ingress_nginx_enabled
+    - ingress_load_balancer_shape
+    - ingress_load_balancer_shape_flex_min
+    - ingress_load_balancer_shape_flex_max
+    # visible:
+    #   and:
+    #     - show_advanced
+
+  - title: "Hidden: Cluster Tools - Ingress"
+    variables:
+    - ingress_hosts
+    - ingress_tls
+    - ingress_cluster_issuer
+    - ingress_email_issuer
+    visible: false
+
+  - title: "Cluster Tools"
+    variables:
+    - metrics_server_enabled
+    - prometheus_enabled
+    - grafana_enabled
+    - cert_manager_enabled
+    # visible:
+    #   and:
+    #     - show_advanced
+
+  # - title: "Network Configuration"
+  #   variables:
+  #     - network_strategy
+  #     - vcn_id
+  #     - vcn_display_name
+  #     - vcn_cidr_block
+  #     - vcn_dns_label
+  #     - subnet_type
+  #     - subnet_span
+  #     - subnet_id
+  #     - subnet_display_name
+  #     - subnet_cidr_block
+  #     - subnet_dns_label
+  #   visible:
+  #     and:
+  #       - show_advanced
+
+  - title: "Extras Hidden"
+    variables:
+      - user_ocid
+      - fingerprint
+      - private_key_path
+      # - network_cidrs
+      - node_pool_boot_volume_size_in_gbs
+      - oke_compartment_description
+      - existent_oke_nodepool_id_for_autoscaler
+    visible: false
+
+variables:
+  # compartment_ocid:
+  #   type: oci:identity:compartment:id
+  #   title: "Compartment"
+  #   description: "The compartment in which to create compute instance(s)"
+  #   required: true
+
+  app_name:
+    type: string
+    title: "Cluster Name Prefix"
+    required: true
+    visible:
+      and:
+        - create_new_oke_cluster
+
+  app_deployment_environment:
+    type: enum
+    enum:
+    - "SANDBOX"
+    - "DEV"
+    - "QA"
+    - "STG"
+    - "PRD"
+    title: "Choose which Environment for Optum CARDs deployment"
+    required: true
+    visible: true
+
+  app_deployment_type:
+    type: enum
+    enum:
+    - "Green"
+    - "Blue"
+    title: "Choose which Optum CARDs deployment"
+    required: true
+    visible: true
+    
+  ofs_provision:
+    type: boolean
+    title: "Provision Oracle File Storage"
+    required: true
+
+  oss_provision:
+    type: boolean
+    title: "Provision OCI Streaming Service - Kafka Compatible"
+    required: true
+
+  show_advanced:
+    type: boolean
+    title: "Show advanced options?"
+    description: "Shows advanced options, allowing enable customer-managed encryption keys, select your ssh key, select/unselect cluster utilities, do not create policies, and other advanced options"
+    visible: true
+
+  # OKE Cluster
+  create_new_oke_cluster:
+    type: boolean
+    title: "Create new OKE Cluster"
+
+  compartment_ocid:
+    type: oci:identity:compartment:id
+    title: "Existent OKE Cluster Compartment"
+    description: "The compartment where you find the existent OKE Cluster"
+    required: true
+    visible:
+      not:
+        - create_new_oke_cluster
+
+  existent_oke_cluster_id:
+    type: oci:container:cluster:id
+    title: "Existent OKE Cluster"
+    required: true
+    dependsOn:
+      compartmentId: compartment_ocid
+    visible:
+      not:
+        - create_new_oke_cluster
+
+  existent_oke_cluster_vcn:
+    type: oci:core:vcn:id
+    title: "Existent OKE Cluster VCN for Private Endpoint"
+    required: true
+    dependsOn:
+      compartmentId: compartment_ocid
+    visible:
+      and:
+        - not:
+          - create_new_oke_cluster
+        - eq:
+          - cluster_endpoint_visibility 
+          - "Private"
+
+  existent_oke_cluster_private_endpoint:
+    type: oci:resourcemanager:privateendpoint:id
+    title: "Existent OKE Cluster ORM Private Endpoint"
+    required: true
+    dependsOn:
+      compartmentId: compartment_ocid
+      vcnId: existent_oke_cluster_vcn
+    visible:
+      and:
+        - not:
+          - create_new_oke_cluster
+        - eq:
+          - cluster_endpoint_visibility 
+          - "Private"
+
+  k8s_version:
+    type: oci:kubernetes:versions:id
+    title: "Kubernetes Version"
+    required: false
+    dependsOn:
+      compartmentId: compartment_ocid
+      clusterOptionId: "all"
+    visible:
+      and:
+        - create_new_oke_cluster
+        - show_advanced
+
+  cluster_workers_visibility:
+    type: enum
+    enum:
+    - "Private"
+    - "Public"
+    title: "Choose Worker Nodes visibility type"
+    required: true
+    visible:
+      and:
+        - create_new_oke_cluster
+
+  cluster_endpoint_visibility:
+    type: enum
+    enum:
+    - "Private"
+    - "Public"
+    title: "Choose Kubernetes API Endpoint visibility type"
+    required: true
+    # visible:
+    #   and:
+    #     - create_new_oke_cluster
+
+  create_new_compartment_for_oke:
+    type: boolean
+    title: "Create new Compartment"
+    visible:
+      and:
+        - create_new_oke_cluster
+        - show_advanced
+
+  cluster_autoscaler_enabled:
+    type: boolean
+    title: "Enable Cluster Autoscaler" 
+    visible:
+      and:
+        - create_new_oke_cluster 
+
+  num_pool_workers:
+    type: integer
+    title: "Number of Worker Nodes"
+    minimum: 1
+    maximum: 1000
+    required: true
+    visible:
+      and:
+        - and:
+          - create_new_oke_cluster
+        - not:
+          - cluster_autoscaler_enabled
+
+  cluster_autoscaler_min_nodes:
+    type: integer
+    title: "Autoscaler: Minimum number of nodes"
+    minimum: 1
+    maximum: 1000
+    required: true
+    visible:
+      and:
+        - create_new_oke_cluster
+        - cluster_autoscaler_enabled
+
+  cluster_autoscaler_max_nodes:
+    type: integer
+    title: "Autoscaler: Maximum number of nodes"
+    minimum: 1
+    maximum: 1000
+    required: true
+    visible:
+      and:
+        - create_new_oke_cluster
+        - cluster_autoscaler_enabled
+
+  existent_oke_nodepool_id_for_autoscaler:
+    type: string
+    title: "OKE Nodepool id"
+    required: true
+    visible:
+      and:
+        - and:
+          - cluster_autoscaler_enabled
+        - not:
+          - create_new_oke_cluster
+
+  # node_pool_shape:
+  #   type: oci:core:instanceshape:name
+  #   title: "Select a shape for the Worker Nodes instances"
+  #   required: true
+  #   dependsOn:
+  #     compartmentId: compartment_ocid
+  #   visible:
+  #     and:
+  #       - create_new_oke_cluster
+
+  node_pool_instance_shape:
+    type: oci:core:instanceshapewithflex:name
+    title: "Select a flex shape for the Worker Nodes instances"
+    required: true
+    dependsOn:
+      compartmentId: compartment_ocid
+    visible:
+      and:
+        - create_new_oke_cluster
+
+  # node_pool_node_shape_config_ocpus:
+  #   type: integer
+  #   minimum: 1
+  #   maximum: 64
+  #   title: "Number of OCPUs"
+  #   visible:
+  #     and:
+  #       - and:
+  #         - create_new_oke_cluster
+  #       - or:
+  #         - eq:
+  #           - node_pool_shape 
+  #           - "VM.Standard.E3.Flex"
+  #         - eq:
+  #           - node_pool_shape 
+  #           - "VM.Standard.E4.Flex"
+  #         - eq:
+  #           - node_pool_shape 
+  #           - "VM.Standard.A1.Flex"
+
+  # node_pool_node_shape_config_memory_in_gbs:
+  #   type: integer
+  #   minimum: 1
+  #   maximum: 1024
+  #   title: "Amount of memory (GB)"
+  #   visible:
+  #     and:
+  #       - and:
+  #         - create_new_oke_cluster
+  #       - or:
+  #         - eq:
+  #           - node_pool_shape 
+  #           - "VM.Standard.E3.Flex"
+  #         - eq:
+  #           - node_pool_shape 
+  #           - "VM.Standard.E4.Flex"
+  #         - eq:
+  #           - node_pool_shape 
+  #           - "VM.Standard.A1.Flex"
+
+  node_pool_name:
+    type: string
+    title: "Node Pool Name"
+    required: true
+    visible:
+      and:
+        - create_new_oke_cluster
+        - show_advanced
+
+  cluster_options_add_ons_is_kubernetes_dashboard_enabled:
+    type: boolean
+    title: "Kubernetes Dashboard Enabled"
+    visible: false
+
+  generate_public_ssh_key:
+    type: boolean
+    title: "Auto generate public ssh key?"
+    required: true
+    visible:
+      and:
+        - create_new_oke_cluster
+        - show_advanced
+
+  public_ssh_key:
+    type: oci:core:ssh:publickey
+    title: "Import your own SSH public key"
+    additionalProps:
+      allowMultiple: true
+    required: false
+    pattern: "((^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3})( [^,]*)?)(,((ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3})( [^,]*)?)*$"
+    visible:
+      and:
+        - and:
+          - create_new_oke_cluster
+          - show_advanced
+        - not:
+          - generate_public_ssh_key
+
+  image_operating_system:
+    type: enum
+    title: "Image OS"
+    enum:
+      - "Oracle Linux"
+    required: true
+    visible:
+      and:
+        - create_new_oke_cluster
+        - show_advanced
+
+  image_operating_system_version:
+    type: string
+    title: "Image OS Version"
+    required: true
+    visible:
+      and:
+        - create_new_oke_cluster
+        - show_advanced
+
+  # Dynamic Groups and Policies for Instance Principals and Autoscaler
+  create_dynamic_group_for_nodes_in_compartment:
+    type: boolean
+    title: "Create Dynamic Group for Worker Nodes in the Compartment"
+    required: true
+    visible:
+      and:
+        - show_advanced
+
+  existent_dynamic_group_for_nodes_in_compartment:
+    type: string
+    title: "Existent Dynamic Group"
+    required: true
+    visible:
+      and:
+        - and:
+          - show_advanced
+        - or:
+          - create_compartment_policies
+        - not:
+          - create_dynamic_group_for_nodes_in_compartment
+        
+  create_compartment_policies:
+    type: boolean
+    title: "Create Compartment Policies"
+    required: true
+    visible:
+      and:
+        - show_advanced
+
+  # Encryption options
+  use_encryption_from_oci_vault:
+    type: boolean
+    title: "Encrypt using Customer-Managed Encryption Keys instead of OracleManaged Encryption Keys"
+    visible:
+      and:
+        - create_new_oke_cluster
+        - show_advanced
+
+  create_new_encryption_key:
+    type: boolean
+    title: "Create new Vault and Key"
+    visible:
+      and:
+        - create_new_oke_cluster
+        - show_advanced
+        - use_encryption_from_oci_vault
+
+  # existent_encryption_key_id:
+  #   type: string
+  #   title: "Existent Encryption Key OCID"
+  #   required: true
+  #   visible:
+  #     and:
+  #       - and:
+  #         - create_new_oke_cluster
+  #         - show_advanced
+  #         - use_encryption_from_oci_vault
+  #       - not:
+  #         - create_new_encryption_key
+
+  existent_encryption_key_vault:
+    type: oci:kms:vault:id
+    title: "Existent Encryption Key Vault"
+    required: true
+    dependsOn:
+      compartmentId: compartment_ocid
+    visible:
+      and:
+        - and:
+          - create_new_oke_cluster
+          - show_advanced
+          - use_encryption_from_oci_vault
+        - not:
+          - create_new_encryption_key
+
+  existent_encryption_key_id:
+    type: oci:kms:key:id
+    title: "Existent Encryption Key"
+    required: true
+    dependsOn:
+      compartmentId: compartment_ocid
+      vaultId: existent_encryption_key_vault
+    visible:
+      and:
+        - and:
+          - create_new_oke_cluster
+          - show_advanced
+          - use_encryption_from_oci_vault
+        - not:
+          - create_new_encryption_key
+
+  create_vault_policies_for_group:
+    type: boolean
+    title: "Create policies for the user group to manage vault and keys"
+    visible:
+      and:
+        - create_new_oke_cluster
+        - show_advanced
+        - use_encryption_from_oci_vault
+        - create_new_encryption_key
+
+  user_admin_group_for_vault_policy:
+    type: string
+    title: "Specify your group to include the policy"
+    visible:
+      and:
+        - create_new_oke_cluster
+        - show_advanced
+        - use_encryption_from_oci_vault
+        - create_new_encryption_key
+        - create_vault_policies_for_group
+
+  # Cluster Tools - Ingress
+  ingress_nginx_enabled:
+    type: boolean
+    title: "Ingress NGINX"
+
+  ingress_load_balancer_shape:
+    type: enum
+    enum:
+    - "flexible"
+    - "10Mbps"
+    - "100Mbps"
+    - "400Mbps"
+    - "8000Mbps"
+    title: "Select a shape for the load balancer created by the Ingress"
+    visible:
+      and:
+        - show_advanced
+        - ingress_nginx_enabled
+
+  ingress_load_balancer_shape_flex_min:
+    type: integer
+    minimum: 10
+    maximum: 8000
+    title: "Choose the minimum bandwidth"
+    required: true
+    visible:
+      and:
+        - and:
+          - show_advanced
+          - ingress_nginx_enabled
+        - eq:
+          - ingress_load_balancer_shape 
+          - "flexible"
+
+  ingress_load_balancer_shape_flex_max:
+    type: integer
+    minimum: 10
+    maximum: 8000
+    title: "Choose the maximum bandwidth"
+    required: true
+    visible:
+      and:
+        - and:
+          - show_advanced
+          - ingress_nginx_enabled
+        - eq:
+          - ingress_load_balancer_shape 
+          - "flexible"
+
+  ingress_hosts:
+    type: string
+    title: "Optional valid domain name"
+    visible:
+      and:
+        - show_advanced
+        - ingress_nginx_enabled
+
+  ingress_tls:
+    type: boolean
+    title: "Use TLS to enable HTTPS on the valid domain name"
+    visible:
+      and:
+        - show_advanced
+        - ingress_nginx_enabled
+        - cert_manager_enabled
+
+  ingress_cluster_issuer:
+    type: enum
+    enum:
+    - "letsencrypt-prod"
+    - "letsencrypt-staging"
+    - "selfsigned"
+    title: "Certificate Issuer"
+    required: true
+    visible:
+      and:
+        - show_advanced
+        - ingress_nginx_enabled
+        - ingress_tls
+        - cert_manager_enabled
+
+  ingress_email_issuer:
+    type: string
+    title: "Certificate Issuer Email"
+    required: true
+    visible:
+      and:
+        - show_advanced
+        - ingress_nginx_enabled
+        - ingress_tls
+        - cert_manager_enabled
+
+  # Cluster Tools
+  metrics_server_enabled:
+    type: boolean
+    title: "Metrics Server"
+
+  prometheus_enabled:
+    type: boolean
+    title: "Prometheus"
+
+  grafana_enabled:
+    type: boolean
+    title: "Grafana"
+
+  cert_manager_enabled:
+    type: boolean
+    title: "Certificate Management"
+
+  # Network Type Options
+  # network_strategy:
+  #   type: enum
+  #   title: Network Strategy
+  #   description: Create or use existing Network Stack (VCN and Subnet)
+  #   enum:
+  #     - "Create New VCN and Subnet"
+  #     # - "Use Existing VCN and Subnet"
+  #   required: true
+  #   default: "Create New VCN and Subnet"
+  #   visible:
+  #     and:
+  #       - create_new_oke_cluster
+  #       - show_advanced
+
+  # subnet_type:
+  #   visible: #($network_strategy  == ""Create New VCN and Subnet"")
+  #     eq:
+  #       - network_strategy 
+  #       - "Create New VCN and Subnet"
+  #   type: enum
+  #   title: Subnet Type
+  #   description: Choose between private and public subnets
+  #   enum:
+  #     - "Private Subnet"
+  #     - "Public Subnet"
+  #   required: true
+  #   default: "Private Subnet"
+
+  # vcn_id:
+  #   visible: #($network_strategy  == "Use Existing VCN and Subnet")
+  #     eq:
+  #       - network_strategy 
+  #       - "Use Existing VCN and Subnet"
+  #   type: oci:core:vcn:id
+  #   dependsOn:
+  #     compartmentId: compartment_ocid 
+  #   required: true
+  #   title: Existing Network
+  #   description: An existing Virtual Cloud Network (VCN) in which to create the compute instances, network resources, and load balancers. If not specified, a new VCN is created.
+
+  # vcn_cidr_block:
+  #   visible: #($network_strategy  == ""Create New VCN and Subnet"")
+  #     eq:
+  #       - network_strategy 
+  #       - "Create New VCN and Subnet"
+  #   type: string
+  #   required: true
+  #   default: 10.20.0.0/16
+  #   pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$"
+  #   title: VCN CIDR BLOCK
+  #   description: The CIDR of the new Virtual Cloud Network (VCN). If you plan to peer this VCN with another VCN, the VCNs must not have overlapping CIDRs.
+
+  # subnet_cidr_block:
+  #   visible: #($network_strategy  == ""Create New VCN and Subnet"")
+  #     eq:
+  #       - network_strategy 
+  #       - "Create New VCN and Subnet"
+  #   type: string
+  #   default: 10.20.10.0/24
+  #   pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$"
+  #   required: true
+  #   title: Subnet CIDR
+  #   description: The CIDR of the new Subnet. The new subnet's CIDR should not overlap with any other subnet CIDRs.
+
+outputGroups:
+  - title: Deployment Info
+    outputs:
+      - deploy_id
+      - deployed_to_region
+      - stack_version
+
+  - title: Kubernetes
+    outputs:
+      - deployed_oke_kubernetes_version
+      - kubeconfig
+
+  - title: Passwords and Keys
+    outputs:
+      - grafana_admin_password
+      - generated_private_key_pem
+
+  - title: Comments
+    outputs:
+      - comments
+
+  - title: Dev Notes
+    outputs:
+      - dev
+
+outputs:
+  external_ip:
+    type: string
+    title: Ingress LoadBalancer External IP
+    displayText: Ingress Nginx LoadBalancer External IP Address
+    visible: true
+
+  grafana_url:
+    type: link
+    title: Grafana
+    displayText: Dashboards
+    visible: true
+
+  grafana_admin_password:
+    type: string
+    title: Grafana Admin Password
+    displayText: Grafana Admin Password
+    visible: true
+
+  deploy_id:
+    type: string
+    title: "Deployment Id"
+    visible: true
+
+  deployed_to_region:
+    type: string
+    title: "Deployed using Region"
+    visible: true
+
+  deployed_oke_kubernetes_version:
+    type: string
+    title: "OKE Kubernetes version deployed"
+    visible: true
+
+  stack_version:
+    type: string
+    title: Stack Version
+    displayText: Stack Version deployed
+    visible: true
+
+  generated_private_key_pem:
+    type: string
+    title: Generated Private Key
+    displayText: Generated Private Key
+
+  comments:
+    type: string
+    title: Comments
+    displayText: Comments
+    visible: true
+
+  dev:
+    type: string
+    title: dev
+    displayText: dev note from Oracle Developers
+    visible: true
+
+  kubeconfig:
+    type: string
+    title: kubeconfig
+    displayText: kubeconfig for local kubectl run. Not used by ORM
+    visible: true
+
+  kubeconfig_for_kubectl:
+    type: string
+    title: kubeconfig
+    displayText: kubeconfig for local kubectl run. Not used by ORM
+    visible: false
+
+  sensitive_comments_local_tf:
+    type: string
+    title: kubeconfig
+    displayText: Instructions to get sensitive outputs on local Terraform. Not used by ORM
+    visible: false
+  
+primaryOutputButton: mushop_url_button
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000..318295a
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,13 @@
+# OCI Provider
+variable "tenancy_ocid" {}
+variable "compartment_ocid" {}
+variable "region" {}
+variable "user_ocid" {
+  default = ""
+}
+variable "fingerprint" {
+  default = ""
+}
+variable "private_key_path" {
+  default = ""
+}
\ No newline at end of file