4 Creating an Environment
Important:
The software described in this documentation is either in Extended Support or Sustaining Support. See Oracle Open Source Support Policies for more information.
We recommend that you upgrade the software described by this documentation as soon as possible.
The first step to creating a Kubernetes cluster is to create an environment. You can create multiple environments, with each environment potentially containing multiple modules. Naming each environment and module makes it easier to manage the deployed components of Oracle Cloud Native Environment.
Note:
You should not use the same node in more than one environment.
Use the olcnectl environment create
command on
the operator node to
create an environment. For more information on the syntax for the
olcnectl environment create
command, see
Platform Command-Line Interface.
Tip:
You can also use a configuration file to create an environment.
The configuration file is a YAML file that contains the
information about the environments and modules you want to
deploy. Using a configuration file reduces the information you
need to provide with olcnectl
commands. For
information on creating and using a configuration file, see
Platform Command-Line Interface.
This section shows you how to create an environment using Vault, and using your own certificates copied to the file system on each node. For information on setting up X.509 certificates, see Setting up X.509 Certificates for Kubernetes Nodes.
Creating an Environment using Certificates Managed by Vault
This section shows you how to create an environment using Vault to provide and manage the certificates.
On the operator node, use the
olcnectl environment create
command to create
an environment. For example, to create an environment named
myenvironment
using certificates generated
from a Vault instance located at
https://192.0.2.20:8200
:
olcnectl environment create \ --api-server 127.0.0.1:8091 \ --environment-name myenvironment \ --secret-manager-type vault \ --vault-token s.3QKNuRoTqLbjXaGBOmO6Psjh \ --vault-address https://192.0.2.20:8200 \ --update-config
The --api-server
option sets the location of
the Platform API Server service. In this example, the
Platform API Server is running on the operator node (the
localhost) and listening on port 8091
.
The --environment-name
option sets the name
of the environment, which in this example is
myenvironment
.
The --secret-manager-type
option sets the
certificate manager to Vault.
Replace --vault-token
with the token to
access Vault.
Replace --vault-address
with the location of
your Vault instance.
By default, the certificate generated by Vault is saved to
$HOME/.olcne/certificates/environment_name/
.
If you want to specify a different location to save the
certificate, use the --olcne-node-cert-path
,
--olcne-ca-path
, and
--olcne-node-key-path
options. For example,
add the following options to the olcnectl environment
create
command:
--olcne-node-cert-path /path/node.cert \ --olcne-ca-path /path/ca.cert \ --olcne-node-key-path /path/node.key
The --update-config
option writes information about the environment to a
local configuration file at $HOME/.olcne/olcne.conf
, and this configuration
is used for future calls to the Platform API Server. If you use this option, you do not need
to specify the Platform API Server (using the --api-server
option) in future
commands. For more information on setting the
Platform API Server see Platform Command-Line Interface.
olcnectl
Creating an Environment using Certificates
This section shows you how to create an environment using your
own certificates, copied to each node. This example assumes the
certificates are available on all nodes in the
/etc/olcne/certificates/
directory.
On the operator node, create
the environment using the olcnectl environment
create
command. For example:
olcnectl environment create \ --api-server 127.0.0.1:8091 \ --environment-name myenvironment \ --secret-manager-type file \ --olcne-node-cert-path /etc/olcne/certificates/node.cert \ --olcne-ca-path /etc/olcne/certificates/ca.cert \ --olcne-node-key-path /etc/olcne/certificates/node.key \ --update-config
The --api-server
option sets the location of
the Platform API Server service. In this example, the
Platform API Server is running on the operator node (the
localhost) and listening on port 8091
.
The --environment-name
option sets the name
of the environment, which in this example is
myenvironment
.
The --secret-manager-type
option sets the
certificate manager to use file-based certificates.
The --olcne-node-cert-path
,
--olcne-ca-path
, and
--olcne-ca-path
options set the location of
the certificate files. You can optionally set the location for
the certificate files using environment variables;
olcnectl
uses these if they are set. The
following environment variables map to the olcnectl
environment create
command options:
Table 4-1 Certificate Options
Command Option | Environment Variable | Purpose |
---|---|---|
|
|
The path to the node certificate. |
|
|
The path to the Certificate Authority certificate. |
|
|
The path to the key for the node's certificate. |
For example, to set the certificate information using environment variables for the same environment, you could use:
export OLCNE_SM_CA_PATH=/etc/olcne/certificates/ca.cert export OLCNE_SM_CERT_PATH=/etc/olcne/certificates/node.cert export OLCNE_SM_KEY_PATH=/etc/olcne/certificates/node.key olcnectl environment create \ --api-server 127.0.0.1:8091 \ --environment-name myenvironment \ --secret-manager-type file \ --update-config
The --update-config
option writes information about the environment to a
local configuration file at $HOME/.olcne/olcne.conf
, and this configuration
is used for future calls to the Platform API Server. If you use this option, you do not need
to specify the Platform API Server (using the --api-server
option) in future
commands. For more information on setting the
Platform API Server see Platform Command-Line Interface.
olcnectl