Cluster Administrator Tasks

These OKE setup tasks can be performed by Private Cloud Appliance users who are creating and managing OKE clusters.

Perform the following prerequisite tasks in the Private Cloud Appliance Compute Enclave. These tasks require authorization to create users, user groups, dynamic groups, policies, and tag namespaces.

1. Create an OKE users group. See Create an OKE User Group and Policies.

2. Create an OKE dynamic group. See Create a Cluster Dynamic Group and Policies.

3. Create the OraclePCA-OKE defined tag. See Create the OraclePCA-OKE.cluster_id Tag

4. Create OraclePCA tags that are required to create a node pool. See Creating OraclePCA Tags.

Perform the following cluster user tasks in the Private Cloud Appliance Compute Enclave. To get the required authorizations, you should be a member of an OKE users group as described in Create an OKE User Group and Policies.

1. On your local system, configure OCI CLI access. See Configuring the OCI CLI.

   If you work in more than one tenancy, create a profile for each tenancy as described in Using Multiple Profiles. If you already have OCI CLI installed, use oci -v to check the version. The minimum required version for using OKE is 3.48.0.

   To configure OCI CLI access, you need the Certificate Authority (CA) bundle for the Private Cloud Appliance. The CA bundle includes the certificate, private and public keys, and other authorization information. The CA bundle is automatically updated on the Private Cloud Appliance when regular certificate rotation occurs or when the appliance is upgraded. To use the OCI CLI or the Compute Enclave API, copy the new CA bundle to your local system as described in Obtaining the Certificate Authority Bundle.

   The CA bundle is automatically downloaded and made available to a cluster when the cluster is created. If you need to update the CA bundle for a cluster manually, see the procedure in Updating the Certificate Authority Bundle.

2. Create network resources. See Creating OKE Network Resources.

   Create a VCN, subnets, route tables, and security lists. Create gateways as needed: internet gateway, NAT gateway, Local Peering gateway, Dynamic Routing gateway. See Public and Private Clusters.

3. Create a cluster. See Creating an OKE Cluster.

   • On your local system, install the Kubernetes client command line tool, kubectl, and create a Kubernetes configuration file for the cluster. See Creating a Kubernetes Configuration File.

     If you already have kubectl installed, ensure the version is within one minor version of the Kubernetes version that you are using.

   • Deploy a Kubernetes Dashboard to manage the cluster and to manage and troubleshoot applications running in the cluster. On the https://kubernetes.io/ site, see Deploy and Access the Kubernetes Dashboard.

   • Enable add-ons as necessary. See Managing OKE Cluster Add-ons.

4. Create a worker node pool. See Creating an OKE Worker Node Pool.

   • Configure any registries or repositories that the worker nodes need. Ensure you have access to a self-managed public or intranet container registry to use with the OKE service and your application images.

   • Create a service to expose containerized applications outside the Private Cloud Appliance. See Exposing Containerized Applications.

   • Create persistent storage for applications to use. See Adding Storage for Containerized Applications.