Creating an OKE VCN
Create the following resources in the order listed:
-
VCN
-
Internet gateway
-
Route table with public route rule
-
NAT gateway
-
Route table with private route rule
-
Modify the VCN default security list
Resource names and CIDR blocks are example values.
VCN
To create the VCN, use the instructions in Creating a VCN in the Oracle Private Cloud Appliance User Guide. For Terraform input, see Example Terraform Scripts for Network Resources.
For this example, use the following input to create the VCN. The VCN covers one contiguous CIDR block. The CIDR block cannot be changed after the VCN is created.
Compute Web UI property | OCI CLI property |
---|---|
|
|
Note the OCID of the new VCN. In the examples in this guide, this VCN OCID is
ocid1.vcn.oke_vcn_id
.
Next steps: To enable internet access for OKE nodes, add an internet gateway and a route rule that references that internet gateway. For traffic that needs to go outside the VCN but not to the internet (for example, to your data center), add a NAT gateway and edit the default route table to add a route rule that references that NAT gateway.
Private Route Table
Create a NAT gateway, and edit the default route table to reference the NAT gateway.
NAT Gateway
To create the NAT gateway, use the instructions in Enabling Public Connections through a NAT Gateway in the Oracle Private Cloud Appliance User Guide. For Terraform input, see Example Terraform Scripts for Network Resources.
Note the name and OCID of the NAT gateway for assignment to the private route rule.
Private Route Rule
Modify the default route table, using the following input to create a private route rule that references the NAT gateway that was created in the preceding step. See "Updating Rules in a Route Table" in Working with Route Tables in the Oracle Private Cloud Appliance User Guide.
Compute Web UI property | OCI CLI property |
---|---|
Route rule
|
|
Note the name and OCID of this route table for assignment to private subnets.
Public Route Table
Create an Internet gateway and a route table with a route rule that references the Internet gateway.
Internet Gateway
To create the internet gateway, use the instructions in Providing Public Access through an Internet Gateway in the Oracle Private Cloud Appliance User Guide. For Terraform input, see Example Terraform Scripts for Network Resources.
Note the name and OCID of the internet gateway for assignment to the public route rule.
Public Route Rule
To create a route table, use the instructions in "Creating a Route Table" in Working with Route Tables in the Oracle Private Cloud Appliance User Guide. For Terraform input, see Example Terraform Scripts for Network Resources.
For this example, use the following input to create the route table with a public route rule that references the internet gateway that was created in the preceding step.
Compute Web UI property | OCI CLI property |
---|---|
Route rule
|
|
Note the name and OCID of this route table for assignment to public subnets.
VCN Default Security List
Modify the default security list, using the input shown in the following table. Delete all of the default rules and create the rules shown in the following table.
To modify a security list, use the instructions in "Updating a Security List" in Controlling Traffic with Security Lists in the Oracle Private Cloud Appliance User Guide. For Terraform input, see Example Terraform Scripts for Network Resources.
Compute Web UI property | OCI CLI property |
---|---|
|
|
One egress security rule:
|
One egress security rule:
|
Three ingress security rules: |
Three ingress security rules:
|
Ingress Rule 1
|
Ingress Rule 1
|
Ingress Rule 2
|
Ingress Rule 2
|
Ingress Rule 3
|
Ingress Rule 3
|
Note the name and OCID of this default security list for assignment to subnets.