The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
After you create the environment, you should add any modules you
want in the deployment. A base deployment requires Kubernetes to be
deployed to the environment. This is done by adding the
kubernetes module to the environment.
You can see a list of the available modules for an environment using the olcnectl module list command. For example:
$ olcnectl --api-server 127.0.0.1:8091 module list --environment-name myenvironment
Use the olcnectl module create command to add
modules to an environment. For example, to add the
kubernetes module to the
myenvironment environment, with one master and
two worker nodes:
$ olcnectl --api-server 127.0.0.1:8091 module create --environment-name myenvironment \
--module kubernetes --name mycluster \
--container-registry container-registry.oracle.com/olcne \
--apiserver-advertise-address 192.0.2.100 \
--master-nodes master1.example.com:8090 \
--worker-nodes worker1.example.com:8090,worker2.example.com:8090 \
--restrict-service-externalip-ca-cert=/etc/olcne/configs/certificates/restrict_external_ip/production/ca.cert \
--restrict-service-externalip-tls-cert=/etc/olcne/configs/certificates/restrict_external_ip/production/node.cert \
--restrict-service-externalip-tls-key=/etc/olcne/configs/certificates/restrict_external_ip/production/node.key
The --apiserver-advertise-address option
specifies the IP address of the interface on the master node to
use when communicating with the worker nodes. This option makes
sure that if there are multiple network interfaces on the master
node, the one specified with this option is used.
The --container-registry option specifies the
container registry from which to pull the Kubernetes images. This
example uses the Oracle Container Registry, but you may also use a local registry,
with the Kubernetes images mirrored from the Oracle Container Registry. For information on
creating a local registry, see Section 2.2, “Accessing the Container Registry”.
You must also include the location of the certificates for the
externalip-validation-webhook-service
Kubernetes service. These certificates must be located on the
operator node. The
--restrict-service-externalip-ca-cert option
sets the location of the CA certificate. The
--restrict-service-externalip-tls-cert sets the
location of the node certificate. The
--restrict-service-externalip-tls-key option
sets the location of the node key. For information on setting up
these certificates, see Section 3.6, “Setting up X.509 Certificates for the externalIPs
Kubernetes Service”.
In Release 1.1.8 or lower, the options to set the options for
the externalip-validation-webhook-service
Kubernetes service are not required and cannot be used. These
options are only available and required in Release 1.1.10 or
later.
You can optionally use the
--restrict-service-externalip-cidrs option to
set the external IP addresses that can be accessed by Kubernetes
services. For example:
--restrict-service-externalip-cidrs=192.0.2.0/24,198.51.100.0/24
In this example, the IP ranges that are allowed are within the
192.0.2.0/24 and
198.51.100.0/24 CIDR blocks.
If you do not include all the required options when adding the
kubernetes module, you are prompted to provide
them.
For the full list of the options available for the
kubernetes module, see
Section 5.1, “Platform CLI Syntax”.
For information on creating a multi-master highly available deployment, see Section 4.6, “Creating a Multi-Master (HA) Kubernetes Cluster”.