Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Deploy Oracle Cloud Native Environment on Oracle Roving Edge Infrastructure

Introduction

Oracle Roving Edge Infrastructure enables customers to distribute their cloud workloads beyond their Oracle Cloud Infrastructure (OCI) tenancy to deliver cloud services and run application workloads at retail, satellite, and other edge locations. As a result, customers can process data faster and closer to their users and at the points of data ingestion to generate timely insights from their data.

Oracle Cloud Native Environment is a fully integrated suite for the development and management of cloud native applications. The Kubernetes module is the core module. It is used to deploy and manage containers and automatically installs and configures CRI-O, runC, and Kata containers. CRI-O manages the container runtime for a Kubernetes cluster. The runtime may be either runC or Kata containers.

Audience

Oracle Roving Edge Infrastructure administrators, developers, and users.

Objective

• Install Oracle Cloud Native Environment on Oracle Roving Edge Infrastructure with three instances, and create an Oracle Cloud Native Environment three-node cluster.

Prerequisites

• Access to three Oracle Linux instances running on an Oracle Roving Edge Infrastructure node. Decide which Oracle Linux instance will be assigned to each role and reflect the role in the instance hostname or note which instance belongs to each role.

  • One instance will be used as the operator node (ocne-operator).

  • Second instance will be the Kubernetes control plane node (ocne-control).

  • And the last will be the Kubernetes worker node (ocne-worker).

• The three Oracle Linux instances should be running Oracle Linux (x86_64) Unbreakable Enterprise Kernel Release 7 (UEK R7).

• A MacOS, Linux, or Windows computer with ssh support installed.

• SSH access to the Oracle Linux instances with ssh key authentication setup from your MacOS, Linux, or Windows computer.

• Enable remote SSH access from the ocne-operator Oracle Linux instance without requiring a password to the ocne-worker and ocne-control Oracle Linux instances. For more information, see Working with SSH Key Pairs for instructions.

• Access to to sudo on each of the Oracle Linux instances.

• Basic knowledge of using and working on Linux hosts, including installing software, creating and editing files, and working with services.

Task 1: Update Oracle Linux

1. Verify Oracle Linux is up to date on all three of the instance. Access each instance via ssh and run the command to update instances.

   sudo dnf -y update
   

2. Reboot the instance.

   sudo reboot
   

3. Reconnect via ssh.

   ssh oracle@<ip_address_of_ol_node>
   

Task 2: Install and Enable the Oracle Cloud Native Environment Yum Repository

1. Install the yum repository on each Oracle Linux instance using following command.

   sudo dnf -y install oracle-olcne-release-el8
   

   Example output:

   [opc@ocne-operator .ssh]$ sudo dnf -y install oracle-olcne-release-el8
   Last metadata expiration check: 1:07:19 ago on Wed 15 Nov 2023 11:43:56 PM GMT.
   Dependencies resolved.
   =====================================================================================================================================================
   Package                                      Architecture               Version                         Repository                             Size
   =====================================================================================================================================================
   Installing:
   oracle-olcne-release-el8                     x86_64                     1.0-8.el8                       ol8_baseos_latest                      17 k
   
   Transaction Summary
   =====================================================================================================================================================
   Install  1 Package
   
   Total download size: 17 k
   Installed size: 19 k
   Downloading Packages:
   oracle-olcne-release-el8-1.0-8.el8.x86_64.rpm                                                                         26 kB/s |  17 kB     00:00
   -----------------------------------------------------------------------------------------------------------------------------------------------------
   Total                                                                                                                 26 kB/s |  17 kB     00:00
   Running transaction check
   Transaction check succeeded.
   Running transaction test
   Transaction test succeeded.
   Running transaction
   Preparing        :
   Installing       : oracle-olcne-release-el8-1.0-8.el8.x86_64
   Running scriptlet: oracle-olcne-release-el8-1.0-8.el8.x86_64
   Installed:
   oracle-olcne-release-el8-1.0-8.el8.x86_64
   Complete!
   

2. Enable the current Oracle Cloud Native Environment repository on all three Oracle Linux instances.

   sudo dnf config-manager --enable ol8_olcne17 ol8_addons ol8_baseos_latest ol8_appstream ol8_UEKR7
   

   Example output:

   [opc@ocne-operator .ssh]$ sudo dnf config-manager --enable ol8_olcne17 ol8_addons ol8_baseos_latest ol8_appstream ol8_UEKR7
   

3. Disable all previous ocne repository versions on each Oracle Linux instance.

   sudo dnf config-manager --disable ol8_olcne12 ol8_olcne13 ol8_olcne14 ol8_olcne15 ol8_olcne16 ol8_developer
   

   Example output:

   [opc@ocne-operator .ssh]$ sudo dnf config-manager --disable ol8_olcne12 ol8_olcne13 ol8_olcne14 ol8_olcne15 ol8_olcne16 ol8_developer
   

Task 3: Install and Enable Chrony

1. Check if chrony installed on each Oracle Linux instance.

   sudo dnf list --installed chrony
   

   Example output:

   [opc@ocne-operator .ssh]$ sudo dnf list --installed chrony
   Installed Packages
   chrony.x86_64         4.2-1.0.1.el8                                                         @anaconda
   

2. If chrony is not installed on the Oracle Linux instance, install and enable chrony.

   sudo dnf -y install chrony
   sudo systemctl enable --now chronyd
   

Task 4: Disable Swap

1. Disable swap on all the Oracle Linux instances.

   sudo swapoff -a
   sudo sed -i '/swap/ s/^#*/#/' /etc/fstab
   

   Example output:

   [opc@ocne-operator .ssh]$ sudo swapoff -a
   [opc@ocne-operator .ssh]$ sudo sed -i '/swap/ s/^#*/#/' /etc/fstab
   [opc@ocne-operator .ssh]$
   

Task 5: Configure the Oracle Linux Firewall

1. Decide which of the Oracle Linux instance you will use as the ocne-operator. Then set the firewall rules for the operator node.

   sudo firewall-cmd --add-port=8091/tcp --permanent
   sudo firewall-cmd –reload
   

   Example output:

   [opc@ocne-operator .ssh]$ sudo firewall-cmd --add-port=8091/tcp --permanent
   success
   [opc@ocne-operator .ssh]$ sudo firewall-cmd --reload
   success
   

2. Decide which Oracle Linux instance you will use for ocne-control. Set the firewall rules for the control plane node.

   sudo firewall-cmd --zone=trusted --add-interface=cni0 --permanent
   sudo firewall-cmd --add-port=8090/tcp --permanent
   sudo firewall-cmd --add-port=10250/tcp --permanent
   sudo firewall-cmd --add-port=10255/tcp --permanent
   sudo firewall-cmd --add-port=8472/udp --permanent
   sudo firewall-cmd --add-port=6443/tcp --permanent
   sudo firewall-cmd –reload
   

   Example output:

   [root@ocne-control vars]# sudo firewall-cmd --zone=trusted --add-interface=cni0 --permanent
   success
   [root@ocne-control vars]# sudo firewall-cmd --add-port=8090/tcp --permanent
   success
   [root@ocne-control vars]# sudo firewall-cmd --add-port=10250/tcp --permanent
   success
   [root@ocne-control vars]# sudo firewall-cmd --add-port=10255/tcp --permanent
   success
   [root@ocne-control vars]# sudo firewall-cmd --add-port=8472/udp --permanent
   success
   [root@ocne-control vars]# sudo firewall-cmd --add-port=6443/tcp --permanent
   success
   [root@ocne-control vars]# sudo firewall-cmd --reload
   success
   

3. Add the following firewall rules on the ocne-control Oracle Linux instance, these ports are used for high availability and are required to pass validation.

   sudo firewall-cmd --add-port=10251/tcp --permanent
   sudo firewall-cmd --add-port=10252/tcp --permanent
   sudo firewall-cmd --add-port=2379/tcp --permanent
   sudo firewall-cmd --add-port=2380/tcp --permanent
   sudo firewall-cmd –reload
   

   Example output:

   [opc@ocne-control ~]$ sudo firewall-cmd --add-port=10251/tcp --permanent
   success
   [opc@ocne-control ~]$ sudo firewall-cmd --add-port=10252/tcp --permanent
   success
   [opc@ocne-control ~]$ sudo firewall-cmd --add-port=2379/tcp --permanent
   success
   [opc@ocne-control ~]$ sudo firewall-cmd --add-port=2380/tcp --permanent
   success
   [opc@ocne-control ~]$ sudo firewall-cmd --reload
   success
   

4. Decide which Oracle Linux instance will be the ocne-worker. Set the firewall rules for the ocne-worker instance.

   sudo firewall-cmd --zone=trusted --add-interface=cni0 --permanent
   sudo firewall-cmd --add-port=8090/tcp --permanent
   sudo firewall-cmd --add-port=10250/tcp --permanent
   sudo firewall-cmd --add-port=10255/tcp --permanent
   sudo firewall-cmd --add-port=8472/udp --permanent
   sudo firewall-cmd –reload
   

   Example output:

   [opc@ocne-worker ~]$ sudo firewall-cmd --zone=trusted --add-interface=cni0 --permanent
   success
   [opc@ocne-worker ~]$ sudo firewall-cmd --add-port=8090/tcp --permanent
   success
   [opc@ocne-worker ~]$ sudo firewall-cmd --add-port=10250/tcp --permanent
   success
   [opc@ocne-worker ~]$ sudo firewall-cmd --add-port=10255/tcp --permanent
   success
   [opc@ocne-worker ~]$ sudo firewall-cmd --add-port=8472/udp --permanent
   success
   [opc@ocne-worker ~]$ sudo firewall-cmd --reload
   success
   

Task 6: Enable and Load the Bridge Filtering Module

1. On the Oracle Linux instances for ocne-control and ocne-worker, enable and load the bridge filtering module.

   sudo modprobe br_netfilter
   sudo sh -c 'echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf'
   

   Example output:

   [opc@ocne-control ~]$ sudo modprobe br_netfilter
   [opc@ocne-control ~]$ sudo sh -c 'echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf'
   [opc@ocne-control ~]$
   [opc@ocne-worker ~]$ sudo modprobe br_netfilter
   [opc@ocne-worker ~]$ sudo sh -c 'echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf'
   [opc@ocne-worker ~]$
   

Task 7: Set up the Operator Node

The operator node performs and manages the deployment of environments, including deployment of the Kubernetes cluster. An operator node may be a node in the Kubernetes cluster or a separate host. The following steps in this task will include installing the Oracle Cloud Native Environment Platform CLI, Platform API Server, and utilities on the Oracle Linux instance you have designated as the operator node.

1. On the ocne-operator Oracle Linux instance install the Platform CLI, Platform API Server, and utilities.

   sudo dnf -y install olcnectl olcne-api-server olcne-utils
   

   Example output:

   [opc@ocne-operator .ssh]$ sudo dnf -y install olcnectl olcne-api-server olcne-utils
   Installed:
   conmon-3:2.1.6-1.module+el8.8.0+21045+adcb6a64.x86_64                         container-selinux-2:2.205.0-2.module+el8.8.0+21045+adcb6a64.noarch
   containernetworking-plugins-1:1.2.0-1.module+el8.8.0+21045+adcb6a64.x86_64    containers-common-2:1-64.0.1.module+el8.8.0+21056+d98a0860.x86_64
   criu-3.15-3.0.1.module+el8.8.0+21125+a7f95b8d.x86_64                          fuse-overlayfs-1.11-1.module+el8.8.0+21056+d98a0860.x86_64
   kubectl-1.26.6-1.el8.x86_64                                                   libnet-1.1.6-15.el8.x86_64
   libslirp-4.4.0-1.module+el8.8.0+21045+adcb6a64.x86_64                         olcne-api-server-1.7.4-2.el8.x86_64
   olcne-selinux-1.0.0-8.el8.x86_64                                              olcne-utils-1.7.4-2.el8.x86_64
   olcnectl-1.7.4-2.el8.x86_64                                                   podman-3:4.4.1-16.module+el8.8.0+21191+109ddc60.x86_64
   podman-catatonit-3:4.4.1-16.module+el8.8.0+21191+109ddc60.x86_64              runc-1:1.1.4-1.0.1.module+el8.8.0+21119+51f68ed8.x86_64
   shadow-utils-subid-2:4.6-17.el8.x86_64                                        slirp4netns-1.2.0-2.module+el8.8.0+21045+adcb6a64.x86_64
   virtctl-0.58.0-3.el8.x86_64                                                   yq-4.34.1-1.el8.x86_64
   Complete!
   

2. On the ocne-operator Oracle Linux instance enable the olcne-api-server service, but do not start it.

   sudo systemctl enable olcne-api-server.service
   

   Example output:

   [opc@ocne-operator .ssh]$ sudo systemctl enable olcne-api-server.service
   Created symlink /etc/systemd/system/multi-user.target.wants/olcne-api-server.service → /usr/lib/systemd/system/olcne-api-server.service.
   [opc@ocne-operator .ssh]$
   

Task 8: Set up the Kubernetes Nodes

The Kubernetes control plane and worker nodes contain the Oracle Cloud Native Environment Platform Agent and utility packages. The steps in this task will be run on the Oracle Linux instances you designated for ocne-control and ocne-worker.

1. On ocne-control and ocne-worker Oracle Linux instances install the Platform Agent package and utilities.

   sudo dnf -y install olcne-agent olcne-utils
   

2. On ocne-control and ocne-worker Oracle Linux instances enable the olcne-agent service (but do not start it).

   sudo systemctl enable olcne-agent.service
   

   Example output:

   [opc@ocne-control ~]$ sudo systemctl enable olcne-agent.service
   Created symlink /etc/systemd/system/multi-user.target.wants/olcne-agent.service → /usr/lib/systemd/system/olcne-agent.service.
   [opc@ocne-control ~]$
   
   [opc@ocne-worker ~]$ sudo systemctl enable olcne-agent.service
   Created symlink /etc/systemd/system/multi-user.target.wants/olcne-agent.service → /usr/lib/systemd/system/olcne-agent.service.
   

Note: The tasks so far have completed the initial setup and software installation for each Oracle Linux instance that will be part of the Oracle Cloud Native 3-node cluster.

Task 9: Set up X.509 Private CA Certificates

Use the /etc/olcne/gen-certs-helper.sh script to generate a private CA and certificates for the Oracle Linux instances in the Oracle Cloud Native Environment cluster. Run the script from the /etc/olcne directory on the operator node, saving the certificate files in the current directory.

On ocne-operator Oracle Linux instance create the X.509 certificates.

cd /etc/olcne
sudo ./gen-certs-helper.sh \
--cert-request-organization-unit "My Company Unit" \
--cert-request-organization "My Company" \
--cert-request-locality "My Town" \
--cert-request-state "My State" \
--cert-request-country US \
--cert-request-common-name domain.com \
--nodes ocne-control,ocne-operator,ocne-worker

Provide the private CA information using the --cert-request options. Some of these options exist in the example below. Run the gen-certs-helper.sh --help command to get a complete list of options.

• For the command flag --cert-request-common-name: Provide the appropriate Domain Name System (DNS) Domain Name for your environment.
• For the command flag --nodes: Provide the fully qualified domain name (FQDN) of your operator, control plane, and worker nodes.

Example output:

[opc@ocne-operator ~]$ cd /etc/olcne
[opc@ocne-operator olcne]$ sudo ./gen-certs-helper.sh \
> --cert-request-organization-unit “Ultra” \
> --cert-request-organization “PDM” \
> --cert-request-locality “Broomfield” \
> --cert-request-state “CO” \
> --cert-request-country US \
> --cert-request-common-name g1vcn.oraclevcn.com \
> --nodes ocne-operator.g1sn1.g1vcn.oraclevcn.com,ocne-control.g1sn1.g1vcn.oraclevcn.com,ocne-worker.g1sn1.g1vcn.oraclevcn.com
[INFO] Generating CA
Generating a RSA private key
..............................................................+++++
.+++++
writing new private key to '/etc/olcne/configs/certificates/production/ca.key'
-----
[INFO] Generating certs for ocne-operator.g1sn1.g1vcn.oraclevcn.com
Generating RSA private key, 2048 bit long modulus (2 primes)
....................+++++
.................................................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, ST = \E2\80\9CCO\E2\80\9D, L = \E2\80\9CBroomfield\E2\80\9D, O = \E2\80\9CPDM\E2\80\9D, OU = \E2\80\9CUltra\E2\80\9D, CN = g1vcn.oraclevcn.com
Getting CA Private Key
[INFO] Generating certs for ocne-control.g1sn1.g1vcn.oraclevcn.com
Generating RSA private key, 2048 bit long modulus (2 primes)
.................................................................................+++++
..........................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, ST = \E2\80\9CCO\E2\80\9D, L = \E2\80\9CBroomfield\E2\80\9D, O = \E2\80\9CPDM\E2\80\9D, OU = \E2\80\9CUltra\E2\80\9D, CN = g1vcn.oraclevcn.com
Getting CA Private Key
[INFO] Generating certs for ocne-worker.g1sn1.g1vcn.oraclevcn.com
Generating RSA private key, 2048 bit long modulus (2 primes)
.........................+++++
...........................................................................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, ST = \E2\80\9CCO\E2\80\9D, L = \E2\80\9CBroomfield\E2\80\9D, O = \E2\80\9CPDM\E2\80\9D, OU = \E2\80\9CUltra\E2\80\9D, CN = g1vcn.oraclevcn.com
Getting CA Private Key
-----------------------------------------------------------
Script To Transfer Certs: /etc/olcne/configs/certificates/olcne-tranfer-certs.sh
-----------------------------------------------------------
[SUCCESS] Generated certs and file transfer script!
[INFO]    CA Cert: /etc/olcne/configs/certificates/production/ca.key
[INFO]    CA Key:  /etc/olcne/configs/certificates/production/ca.cert
[WARNING] The CA Key is the only way to generate more certificates, ensure it is stored in long term storage
[USER STEP #1]    Please ensure you have ssh access from this machine to: ocne-operator.g1sn1.g1vcn.oraclevcn.com,ocne-control.g1sn1.g1vcn.oraclevcn.com,ocne-worker.g1sn1.g1vcn.oraclevcn.com
[opc@ocne-operator olcne]$

Task 10: Transfer the X.509 Private CA Certificates

After generating the certificates, copy the certificates to each of the Oracle Linux instances that will be part of the Oracle Cloud Native Environment cluster.

1. On the ocne-operator Oracle Linux instance update the user details in the provided transfer script.

   sudo sed -i 's/USER=opc/USER=oracle/g' configs/certificates/olcne-tranfer-certs.sh
   

   Note: Update the USER variable within the script if required.

2. On the ocne-operator Oracle Linux instance set the permissions for each node.key generated by the certificate creation script.

   sudo chmod 644 /etc/olcne/configs/certificates/tmp-olcne/ocne-control.g1sn1.g1vcn.oraclevcn.com/node.key
   sudo chmod 644 /etc/olcne/configs/certificates/tmp-olcne/ocne-operator.g1sn1.g1vcn.oraclevcn.com/node.key
   sudo chmod 644 /etc/olcne/configs/certificates/tmp-olcne/ ocne-worker.g1sn1.g1vcn.oraclevcn.com/node.key
   

   Example output:

   [opc@ocne-operator tmp-olcne]$ sudo chmod 644 /etc/olcne/configs/certificates/tmp-olcne/ocne-control.g1sn1.g1vcn.oraclevcn.com/node.key
   [opc@ocne-operator tmp-olcne]$ sudo chmod 644 /etc/olcne/configs/certificates/tmp-olcne/ocne-operator.g1sn1.g1vcn.oraclevcn.com/node.key
   [opc@ocne-operator tmp-olcne]$ sudo chmod 644 /etc/olcne/configs/certificates/tmp-olcne/ ocne-worker.g1sn1.g1vcn.oraclevcn.com/node.key
   

3. On the ocne-operator Oracle Linux instance transfer the scripts to the other Oracle Linux instances that will be part of the Oracle Cloud Native Environment cluster. This step requires password less SSH configured between the nodes, which was one of the prerequisites.

   bash -ex /etc/olcne/configs/certificates/olcne-tranfer-certs.sh
   

4. Verify the files copied correctly to each of the Oracle Linux instances.

   sudo -u olcne ls /etc/olcne/configs/certificates/production
   

   Example output:

   [oracle@ocne-control ~]$ sudo -u olcne ls /etc/olcne/configs/certificates/production
   ca.cert  node.cert  node.key
   

Task 11: Set up X.509 Certificates for the external IPs Kubernetes Service

The external ip-validation-webhook-service Kubernetes requires X.509 certificates be set up prior to deployment.

1. On ocne-operator Oracle Linux instance generate the certificates.

   cd /etc/olcne
   sudo ./gen-certs-helper.sh \
   --cert-dir /etc/olcne/configs/certificates/restrict_external_ip/ \
   --cert-request-organization-unit "My Company Unit" \
   --cert-request-organization "My Company" \
   --cert-request-locality "My Town" \
   --cert-request-state "My State" \
   --cert-request-country US \
   --cert-request-common-name cloud.example.com \
   --nodes <externalip-validation-webhook-service>,<externalip-validation-system.svc.cluster.local> \
   --one-cert \
   --byo-ca-cert /etc/olcne/configs/certificates/production/ca.cert \
   --byo-ca-key /etc/olcne/configs/certificates/production/node.key
   

   Note: The options --byo-ca-* uses the CA certificate (ca.cert) and key (node.key) copied in Task 10.

2. On ocne-operator Oracle Linux instance set the permissions for the directory containing the node.key generated by the certificate creation script.

   sudo chown -R oracle:oracle /etc/olcne/configs/certificates/restrict_external_ip/
   

Task 12: Bootstrap the Platform API Server

1. On ocne-operator Oracle Linux instance run the bootstrap script to configure the Platform API Server to use the certificates.

   sudo /etc/olcne/bootstrap-olcne.sh \
   --secret-manager-type file \
   --olcne-node-cert-path /etc/olcne/configs/certificates/production/node.cert \
   --olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert \
   --olcne-node-key-path /etc/olcne/configs/certificates/production/node.key \
   --olcne-component api-server
   

   Example output:

   [opc@ocne-operator certificates]$ sudo /etc/olcne/bootstrap-olcne.sh \
   > --secret-manager-type file \
   > --olcne-node-cert-path /etc/olcne/configs/certificates/production/node.cert \
   > --olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert \
   > --olcne-node-key-path /etc/olcne/configs/certificates/production/node.key \
   > --olcne-component api-server
   ● olcne-api-server.service - API server for Oracle Linux Cloud Native Environments
      Loaded: loaded (/usr/lib/systemd/system/olcne-api-server.service; enabled; vendor preset: disabled)
     Drop-In: /etc/systemd/system/olcne-api-server.service.d
              └─10-auth.conf
      Active: active (running) since Thu 2023-11-16 02:53:35 GMT; 2s ago
    Main PID: 53536 (olcne-api-serve)
       Tasks: 6 (limit: 48304)
      Memory: 10.1M
      CGroup: /system.slice/olcne-api-server.service
           └─53536 /usr/libexec/olcne-api-server -i /etc/olcne/modules --secret-manager-type file --olcne-ca-path /etc/olcne/configs/certificates/pr…
   
   Nov 16 02:53:35 ocne-operator systemd[1]: Started API server for Oracle Linux Cloud Native Environments.
   Nov 16 02:53:35 ocne-operator olcne-api-server[53536]: time=16/11/23 02:53:35 level=info msg=Api server listening on: 8091
   

2. On ocne-operator Oracle Linux instance confirm the Platform API server is running.

   sudo systemctl status olcne-api-server
   

   Example output:

   [opc@ocne-operator certificates]$ sudo systemctl status olcne-api-server
   ● olcne-api-server.service - API server for Oracle Linux Cloud Native Environments
      Loaded: loaded (/usr/lib/systemd/system/olcne-api-server.service; enabled; vendor preset: disabled)
     Drop-In: /etc/systemd/system/olcne-api-server.service.d
              └─10-auth.conf
      Active: active (running) since Thu 2023-11-16 02:53:35 GMT; 1min 1s ago
    Main PID: 53536 (olcne-api-serve)
       Tasks: 6 (limit: 48304)
      Memory: 10.1M
      CGroup: /system.slice/olcne-api-server.service
           └─53536 /usr/libexec/olcne-api-server -i /etc/olcne/modules --secret-manager-type file --olcne-ca-path /etc/olcne/configs/certificates/pr>
   
   Nov 16 02:53:35 ocne-operator systemd[1]: Started API server for Oracle Linux Cloud Native Environments.
   Nov 16 02:53:35 ocne-operator olcne-api-server[53536]: time=16/11/23 02:53:35 level=info msg=Api server listening on: 8091
   lines 1-13/13 (END)
   

3. On ocne-operator Oracle Linux instance press q to exit the process and continue to the next task.

Task 13: Bootstrap the Platform Agents

1. On ocne-control and ocne-worker Oracle Linux instances run the bootstrap script to configure the Platform Agent to use the certificates.

   sudo /etc/olcne/bootstrap-olcne.sh \
   --secret-manager-type file \
   --olcne-node-cert-path /etc/olcne/configs/certificates/production/node.cert \
   --olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert \
   --olcne-node-key-path /etc/olcne/configs/certificates/production/node.key \
   --olcne-component agent
   
   ● olcne-agent.service - Agent for Oracle Linux Cloud Native Environments
      Loaded: loaded (/usr/lib/systemd/system/olcne-agent.service; enabled; vendor preset: disabled)
     Drop-In: /etc/systemd/system/olcne-agent.service.d
              └─10-auth.conf
      Active: active (running) since Thu 2023-11-16 02:55:51 GMT; 2s ago
    Main PID: 52348 (olcne-agent)
       Tasks: 6 (limit: 48304)
      Memory: 3.1M
      CGroup: /system.slice/olcne-agent.service
              └─52348 /usr/libexec/olcne-agent --secret-manager-type file --olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert --olcne-no…
   
   Nov 16 02:55:51 ocne-control systemd[1]: Started Agent for Oracle Linux Cloud Native Environments.
   Nov 16 02:55:51 ocne-control olcne-agent[52348]: time=16/11/23 02:55:51 level=info msg=Started server on[::]:8090
   [opc@ocne-control configs]$
   
   
   ● olcne-agent.service - Agent for Oracle Linux Cloud Native Environments
      Loaded: loaded (/usr/lib/systemd/system/olcne-agent.service; enabled; vendor preset: disabled)
     Drop-In: /etc/systemd/system/olcne-agent.service.d
              └─10-auth.conf
      Active: active (running) since Thu 2023-11-16 02:56:00 GMT; 2s ago
    Main PID: 52145 (olcne-agent)
       Tasks: 6 (limit: 48304)
      Memory: 5.1M
      CGroup: /system.slice/olcne-agent.service
              └─52145 /usr/libexec/olcne-agent --secret-manager-type file --olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert --olcne-no…
   
   Nov 16 02:56:00 ocne-worker systemd[1]: Started Agent for Oracle Linux Cloud Native Environments.
   Nov 16 02:56:00 ocne-worker olcne-agent[52145]: time=16/11/23 02:56:00 level=info msg=Started server on[::]:8090
   [opc@ocne-worker ~]$
   

Task 14: Create a Platform CLI configuration file

Administrators can use a configuration file to simplify creating and managing environments and modules. The configuration file, written in valid YAML syntax, includes all information about the environments and modules to create. Using a configuration file saves repeated entries of Platform CLI command options.

1. On ocne-operator Oracle Linux instance create the configuration file myenvironment.yaml with the editor of your choice.

   cat ~/myenvironment.yaml
   environments:
     - environment-name: myenvironment
       globals:
         api-server: 127.0.0.1:8091
         secret-manager-type: file
         olcne-ca-path: /etc/olcne/pki/production/ca.cert
         olcne-node-cert-path: /etc/olcne/pki/production/node.cert
         olcne-node-key-path:  /etc/olcne/pki/production/node.key
       modules:
         - module: kubernetes
           name: mycluster
           args:
             container-registry: container-registry.oracle.com/olcne
             control-plane-nodes: 10.80.35.128:8090
             worker-nodes: 10.80.35.129:8090
             selinux: enforcing
             restrict-service-externalip: true
             restrict-service-externalip-ca-cert: /etc/olcne/pki/production/ca.cert
             restrict-service-externalip-tls-cert: /etc/olcne/pki/production/restrict_external_ip/production/node.cert
             restrict-service-externalip-tls-key: /etc/olcne/configs/certificates/restrict_external_ip/production/node.key
   

Task 15: Create the Environment and Kubernetes Module

1. On ocne-operator Oracle Linux instance create the environment.

   cd ~
   olcnectl environment create --config-file myenvironment.yaml
   

2. On ocne-operator Oracle Linux instance create the Kubernetes module.

   olcnectl module create --config-file myenvironment.yaml
   

3. On ocne-operator Oracle Linux instance validate the Kubernetes module.

   olcnectl module validate --config-file myenvironment.yaml
   

4. On ocne-operator Oracle Linux instance install the Kubernetes module.

   olcnectl module install --config-file myenvironment.yaml
   

5. On ocne-operator Oracle Linux instance validate the deployment of the Kubernetes module.

   olcnectl module instances --config-file myenvironment.yaml
   

   Example output:

   [opc@ocne-operator ~]$ olcnectl module instances --config-file myenvironment.yaml
   INSTANCE   	                                                           MODULE  	STATE
   ocne-control.g1sn1.g1vcn.oraclevcn.com:8090    node   	installed
   ocne-worker.g1sn1.g1vcn.oraclevcn.com:8090    node   	installed
   mycluster 	                                                        kubernetes	installed
   

Task 16: Set up Kubectl

1. On ocne-control Oracle Linux instance set up the kubectl command.

   mkdir -p $HOME/.kube
   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
   sudo chown $(id -u):$(id -g) $HOME/.kube/config
   export KUBECONFIG=$HOME/.kube/config
   echo 'export KUBECONFIG=$HOME/.kube/config' >> $HOME/.bashrc
   

2. On ocne-control Oracle Linux instance verify kubectl works.

   kubectl get nodes
   [opc@ocne-control ~]$ kubectl get nodes
   NAME    STATUS  ROLES      AGE  VERSION
   ocne-control  Ready  control-plane  12m  v1.26.6+1.el8
   ocne-worker  Ready  <none>     12m  v1.26.6+1.el8
   

Related Links

• Oracle Roving Edge Infrastructure

• Oracle Roving Edge Infrastructure FAQ

• Oracle Roving Edge Infrastructure documentation

• Oracle Cloud Native Environment documentation

Acknowledgments

• Author - Jeevan Sreenivas (Principal Technical Program Manager)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Deploy Oracle Cloud Native Environment on Oracle Roving Edge Infrastructure

F91143-01

January 2024

Copyright © 2024, Oracle and/or its affiliates.