The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
Chapter 1 Introduction to the Platform CLI
The Oracle Cloud Native Environment Platform Command-Line Interface, olcnectl, is used to configure,
deploy and manage the components of Oracle Cloud Native Environment. The
olcnectl command is installed using the
olcnectl
package on an operator node. For
information on setting up an operator node, see
Getting Started.
You interact with olcnectl by entering commands with a series of options. The Platform CLI syntax is:
olcnectlcommand
[command_options
|{-h|--help}]
The full syntax and options for each command is provided in Chapter 4, Platform CLI Commands.
When you use the olcnectl command, you are prompted for any missing options.
1.1 Getting Syntax Help
You can get help on the syntax for olcnectl
commands using the --help
option. For example,
to show the command options available for the
olcnectl command, enter:
olcnectl --help
A CLI that talks to an Oracle Cloud Native Environment Platform API Server endpoint, facilitating deployment and management of Kubernetes clusters and their resources Usage: olcnectl [command] Available Commands: environment Environment operations help Help about any command module Modules that can be modified in an environment template Generate a configuration file template Flags: -h, --help help for olcnectl Use "olcnectl [command] --help" for more information about a command.
The Available Commands
section lists any
available commands for the olcnectl command. In
this case, you can use the commands olcnectl
environment, olcnectl help,
olcnectl module and olcnectl
template.
The Flags
section lists the available command
options you can use.
The olcnectl help command is the equivalent of using olcnectl --help. That is, it prints out the help for the olcnectl command.
You can drill further down into the help system by providing the
--help
option to the commands listed in the
Available Commands
section. For example, to
show the available commands and options for the olcnectl
module command, enter:
olcnectl module --help
Modules that are used to customize your environment Usage: olcnectl module [command] Available Commands: backup backup a module create Create a module get Get a module install Install a module instances List all module instances that are defined in an environment list Show all modules that can be installed property Commands that interact with module properties report Display the report of the selected module instance restore restore a module uninstall Uninstall a module update Update a module validate Validate that an module can be installed Flags: -a, --api-server string Platform API Server to talk to. If this is not specified ... --config-file string Location of configuration file that contains the ... -h, --help help for olcnectl --olcn-ca-path string Optional path to a predefined CA or the a destination if ... --olcne-node-cert-path string Optional path to a predefined Key or the a destination ... --olcne-node-key-path string Optional path to a predefined Cert or the a destination ... --olcne-tls-cipher-suites string TLS Cipher Suites, Possible value(s) (comma separated): ... --olcne-tls-max-version string TLS Maximum Version, Default value: VersionTLS12, ... --olcne-tls-min-version string TLS Minimum Version, Default value: VersionTLS12, ... --secret-manager-type string Manager that will handle the secrets. Options are: file, ... --update-config When defined the global arguments will be writen to a ... --vault-address string Address of Vault. Default: https://127.0.0.1:8200 or ... --vault-cert-sans string Sans that will passed to Vault to generate the Platform ... --vault-token string Token to authentic with Vault Use "olcnectl module [command] --help" for more information about a command.
Again, the Available Commands
section lists any
sub commands available for the command. In this case, you can use
commands such as olcnectl module backup,
olcnectl module create, olcnectl
module get and so on.
The Flags
section lists the options that can be
used by all subcommands.
Drilling further down into the help system you can see the olcnectl module property command has a further two options, get and list.
olcnectl module property --help
Commands that interact with module properties Usage: olcnectl module property [command] Available Commands: get Gets the value of one or more properties list Show all properties for a module Flags: -h, --help help for property Global Flags: -a, --api-server string Platform API Server to talk to. If this is not ... --config-file string Location of configuration file that contains ... --olcne-ca-path string Optional path to a predefined CA or the a ... ... Use "olcnectl module property [command] --help" for more information about a command.
A new set of command options is listed under The Global
Flags
section. The options shown in this section are global
flags, which are used by all olcnectl
subcommands. For more information on global flags, see
Section 1.3, “Using Global Flags”.
To get a list of the command options, you need to include the full
command with the --help
option. In this case,
the olcnectl module property get command has
four options as shown in the Flags
section.
olcnectl module property get --help
Given a list of properties, fetch the value of each for a specific module Usage: olcnectl module property get [flags] Flags: -E, --environment-name string Name of the environment -h, --help help for get -N, --name string Name of the module -P, --property strings Names of properties to fetch ...
The help system for the olcnectl module create
and the olcnectl module update commands behaves
differently to the other uses of the --help
option. As there are multiple modules within an environment, you
must provide information about a module in order for the
Platform CLI to display the appropriate help. To display the
help for the olcnectl module create command,
enter:
olcnectl module create --help
Create a module in a environment Usage: olcnectl module create [flags] Flags: -E, --environment-name string Name of the environment -h, --help help for create -M, --module strings Module to create -N, --name strings Name to assign the module ...
To see the options for creating each module you must use the
--module
option and provide the module type.
The module types are listed in
Section 4.5, “Module Create”. For example, to get help
on creating a Kubernetes module you specify the
module type as kubernetes
:
olcnectl module create --help --module kubernetes
Create a module in a environment Usage: olcnectl module create [flags] Flags: -o, --apiserver-advertise-address string (DEPRECATED) Advertised address for internal ... -b, --apiserver-bind-port string Kubernetes API Server bind port (default "6443") -B, --apiserver-bind-port-alt string Port for the Kubernetes API Server to bind to if ... -e, --apiserver-cert-extra-sans string Kubernetes API Server extra sans -r, --container-registry string Container Registry that holds the kubernetes images -E, --environment-name string Name of the environment -h, --help help for create -x, --kube-proxy-mode string Routing mode for the Kubernetes proxy (default ... -v, --kube-version string Kubernetes version (default "1.17.4") ...
Similarly, to get help on the olcnectl module update command use:
olcnectl module update --help
Update a module Usage: olcnectl module update [flags] Flags: -E, --environment-name string Name of the environment -F, --force Update without prompting -g, --generate-scripts Generate a script for each node that takes all suggested actions -h, --help help for update -N, --name strings Modules to update ...
The output shows a --name
option. This is the
option you use to specify the module. This example shows the
output for the olcnectl module update --help
command for a Kubernetes module named
mycluster
:
olcnectl module update --help --name mycluster
Update a module Usage: olcnectl module update [flags] Flags: -E, --environment-name string Name of the environment -F, --force Update without prompting -g, --generate-scripts Generate a script for each node that takes all suggested actions -h, --help help for update -v, --kube-version string Kubernetes version (default "1.21.14-3") -m, --master-nodes string A comma separated list of master nodes -N, --name strings Modules to update -w, --worker-nodes string A comma separated list of worker nodes ...
The output shows the options you can use to scale or update/upgrade the Kubernetes module.
1.2 Setting the Platform API Server
The Platform CLI connects to an Oracle Cloud Native Environment Platform API Server. You can use an
operator node with the Platform CLI installed to connect to
multiple Platform API Server instances. You specify the
Platform API Server using the olcnectl --api-server
api_server_address
:8091
option. This enables you to use a single operator node to manage
multiple environments. For example, to connect to a
Platform API Server on apiserver.example.com
, you
would use:
olcnectl module property list \ --api-server apiserver.example.com:8091 \ --environment-name myenvironment \ --name mycluster
When you create an environment with the olcnectl
environment create command you can optionally include
the --update-config
option. This option writes
information about the environment to a local configuration file at
$HOME/.olcne/olcne.conf
, and this configuration
is used for future calls to the Platform API Server. If you use this
option, you do not need to specify the Platform API Server in future
olcnectl commands.
For example, if you create an environment using the
--update-config
option:
olcnectl environment create \ --api-server 127.0.0.1:8091 \ --environment-name myenvironment \ --secret-manager-type vault \ --vault-token s.3QKNuRoTqLbjXaGBOmO6Psjh \ --vault-address https://192.0.2.20:8200 \ --update-config
When you write all future olcnectl commands you
can omit the --api-server
option. For example:
olcnectl module property list \ --environment-name myenvironment \ --name mycluster
You can also set an environment variable to set the
Platform API Server. You can do this using the
$OLCNE_API_SERVER_BIN
environment variable on
the operator node. For example, to set the Platform API Server to
the localhost, use:
export OLCNE_API_SERVER_BIN=127.0.0.1:8091
1.3 Using Global Flags
There are a number of global flags, or command options, that can be used with all olcnectl commands.
These options are most often used when creating an environment using the olcnectl environment create command, however they can also be used with all other olcnectl commands. The global options are:
[{-a|--api-server}api_server_address
:8091
] [--config-filepath
] [--secret-manager-type {file|vault}] [--update-config] [--olcne-ca-pathca_path
] [--olcne-node-cert-pathnode_cert_path
] [--olcne-node-node-key-pathnode_key_path
] [--olcne-tls-cipher-suitesciphers
] [--olcne-tls-max-versionversion
] [--olcne-tls-min-versionversion
] [--vault-addressvault_address
] [--vault-cert-sansvault_cert_sans
] [--vault-tokenvault_token
]
Where:
-
{-a|--api-server}
api_server_address
:8091
-
The Platform API Server for the environment. This is the host running the
olcne-api-server
service in an environment. The value ofapi_server_address
is the IP address or hostname of the Platform API Server. The port number is the port on which theolcne-api-server
service is available. The default port is8091
.If a Platform API Server is not specified, a local instance is used. If no local instance is set up, it is configured in the
$HOME/.olcne/olcne.conf
file.For more information on setting the Platform API Server see Section 1.2, “Setting the Platform API Server”.
This option maps to the
$OLCNE_API_SERVER_BIN
environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting. -
--config-file
path
-
The location of a YAML file that contains the configuration information for the environment(s) and module(s). The filename extension must be either
yaml
oryml
. When you use this option, any other command line options are ignored, with the exception of the--force
option. Only the information contained in the configuration file is used. -
--secret-manager-type {file|vault}
-
The secrets manager type. The options are
file
orvault
. Usefile
for certificates saved on the nodes and usevault
for certificates managed by Vault. -
--update-config
-
Writes the global arguments for an environment to a local configuration file which is used for future calls to the Platform API Server. If this option has not been used previously, global arguments must be specified for every Platform API Server call.
The global arguments configuration information is saved to
$HOME/.olcne/olcne.conf
on the local host.If you use Vault to generate certificates for nodes, the certificate is saved to
$HOME/.olcne/certificates/
on the local host.environment_name
/ -
--olcne-ca-path
ca_path
-
The path to a predefined Certificate Authority certificate, or the destination of the certificate if using a secrets manager to download the certificate. The default is
/etc/olcne/certificates/ca.cert
, or gathered from the local configuration if the--update-config
option is used.This option maps to the
$OLCNE_SM_CA_PATH
environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting. -
--olcne-node-cert-path
node_cert_path
-
The path to a predefined certificate, or the a destination if using a secrets manager to download the certificate. The default is
/etc/olcne/certificates/node.cert
, or gathered from the local configuration if the--update-config
option is used.This option maps to the
$OLCNE_SM_CERT_PATH
environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting. -
--olcne-node-key-path
node_key_path
-
The path to a predefined key, or the destination of the key if using a secrets manager to download the key. The default is
/etc/olcne/certificates/node.key
, or gathered from the local configuration if the--update-config
option is used.This option maps to the
$OLCNE_SM_KEY_PATH
environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting. -
--olcne-tls-cipher-suites
ciphers
-
The TLS cipher suites to use for Oracle Cloud Native Environment services (the Platform Agent and Platform API Server). Enter one or more in a comma separated list. The options are:
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
-
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-
TLS_ECDHE_RSA_WITH_RC4_128_SHA
-
TLS_RSA_WITH_3DES_EDE_CBC_SHA
-
TLS_RSA_WITH_AES_128_CBC_SHA
-
TLS_RSA_WITH_AES_128_CBC_SHA256
-
TLS_RSA_WITH_AES_128_GCM_SHA256
-
TLS_RSA_WITH_AES_256_CBC_SHA
-
TLS_RSA_WITH_AES_256_GCM_SHA384
-
TLS_RSA_WITH_RC4_128_SHA
For example:
--olcne-tls-cipher-suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
This option maps to the
$OLCNE_TLS_CIPHER_SUITES
environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting. -
-
--olcne-tls-max-version
version
-
The TLS maximum version for Oracle Cloud Native Environment components. The default is
VersionTLS12
. Options are:-
VersionTLS10
-
VersionTLS11
-
VersionTLS12
-
VersionTLS13
This option maps to the
$OLCNE_TLS_MAX_VERSION
environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting. -
-
--olcne-tls-min-version
version
-
The TLS minimum version for Oracle Cloud Native Environment components. The default is
VersionTLS12
. Options are:-
VersionTLS10
-
VersionTLS11
-
VersionTLS12
-
VersionTLS13
This option maps to the
$OLCNE_TLS_MIN_VERSION
environment variable. If this environment variable is set it takes precedence over and overrides the Platform CLI setting. -
-
--vault-address
vault_address
-
The IP address of the Vault instance. The default is
https://127.0.0.1:8200
, or gathered from the local configuration if the--update-config
option is used. -
--vault-cert-sans
vault_cert_sans
-
Subject Alternative Names (SANs) to pass to Vault to generate the Oracle Cloud Native Environment certificate. The default is
127.0.0.1
, or gathered from the local configuration if the--update-config
option is used. -
--vault-token
vault_token
-
The Vault authentication token.