The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
This chapter shows you how to use the Platform CLI
(olcnectl) to create an environment, add the
Kubernetes module (kubernetes
) to
the environment, add the master and worker nodes, and perform the
deployment to create a Kubernetes cluster.
For more information on the syntax for the olcnectl command, see Chapter 5, Using the Platform CLI.
The first step to deploying Oracle Linux Cloud Native Environment is to create an environment. You can create multiple environments, with each environment potentially containing multiple modules. Naming each environment and module makes it easier to manage the deployed components of Oracle Linux Cloud Native Environment. Use the olcnectl environment create command to create an environment.
This section shows you how to create an environment using Vault, and using your own certificates copied to the file system on each node.
For information on setting up the certificates with Vault, see Section 3.5, “Setting up X.509 Certificates”.
For information on creating a private CA to sign certificates that can be used during testing, see Section 3.5.3, “Setting up Private CA Certificates”.
This section shows you how to create an environment using Vault to provide and manage the certificates.
On the operator node, use the olcnectl environment
create command to create an environment. For example,
to create an environment named myenvironment
using certificates generated from a Vault instance:
$ olcnectl --api-server 127.0.0.1:8091 environment create --environment-name myenvironment \
--update-config \
--vault-token s.3QKNuRoTqLbjXaGBOmO6Psjh \
--secret-manager-type vault \
--vault-address https://192.0.2.20:8200
The --secret-manager-type vault
file option
sets the certificate manager to Vault. Replace
--vault-token
with the token to access Vault.
Replace --vault-address
with the location of
your Vault instance.
The --update-config
option saves the
certificate generated by Vault on the local host. When you use
this option, you do not need to enter the certificate
information again when managing the environment.
By default, the certificate is saved to
$HOME/.olcne/certificates/
.
If you want to specify a different location to save the
certificate, use the environment_name
/--olcne-node-cert-path
,
--olcne-ca-path
, and
--olcne-node-key-path
options. For example,
add the following options to the olcnectl environment
create command:
--olcne-node-cert-path /etc/olcne/configs/certificates/production/node.cert \
--olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert \
--olcne-node-key-path /etc/olcne/configs/certificates/production/node.key
This section shows you how to create an environment using your
own certificates, copied to each node. This example assumes the
certificates are available on all nodes in the
/etc/olcne/configs/certificates/production/
directory.
On the operator node, create the environment using the olcnectl environment create command. For example:
$ olcnectl --api-server 127.0.0.1:8091 environment create --environment-name myenvironment \
--update-config \
--secret-manager-type file \
--olcne-node-cert-path /etc/olcne/configs/certificates/production/node.cert \
--olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert \
--olcne-node-key-path /etc/olcne/configs/certificates/production/node.key
The --secret-manager-type file
file option
sets the certificate manager to use file-based certificates.
You can optionally set the location for the certificate files using environment variables; olcnectl uses these if they are set.
The environment variables map to the olcnectl environment create command options:
$OLCNE_SM_CERT_PATH
sets the value used with the--olcne-node-cert-path
option.$OLCNE_SM_CA_PATH
sets the value used with the--olcne-ca-path
option.$OLCNE_SM_KEY_PATH
sets the value used with the--olcne-node-key-path
option.
For example:
$export OLCNE_SM_CA_PATH=/etc/olcne/configs/certificates/production/ca.cert
$export OLCNE_SM_CERT_PATH=/etc/olcne/configs/certificates/production/node.cert
$export OLCNE_SM_KEY_PATH=/etc/olcne/configs/certificates/production/node.key
$olcnectl --api-server 127.0.0.1:8091 environment create --environment-name myenvironment \ --update-config \ --secret-manager-type file