4 Creating an Environment

Important:

The software described in this documentation is either in Extended Support or Sustaining Support. See Oracle Open Source Support Policies for more information.

We recommend that you upgrade the software described by this documentation as soon as possible.

The first step to creating a Kubernetes cluster is to create an environment. You can create multiple environments, with each environment potentially containing multiple modules. Naming each environment and module makes it easier to manage the deployed components of Oracle Cloud Native Environment.

Note:

You should not use the same node in more than one environment.

Use the olcnectl environment create command on the operator node to create an environment. For more information on the syntax for the olcnectl environment create command, see Platform Command-Line Interface.

Tip:

You can also use a configuration file to create an environment. The configuration file is a YAML file that contains the information about the environments and modules you want to deploy. Using a configuration file reduces the information you need to provide with olcnectl commands. For information on creating and using a configuration file, see Platform Command-Line Interface.

This section shows you how to create an environment using Vault, and using your own certificates copied to the file system on each node. For information on setting up X.509 certificates, see Setting up X.509 Certificates for Kubernetes Nodes.

Creating an Environment using Certificates Managed by Vault

This section shows you how to create an environment using Vault to provide and manage the certificates.

On the operator node, use the olcnectl environment create command to create an environment. For example, to create an environment named myenvironment using certificates generated from a Vault instance located at https://192.0.2.20:8200:

olcnectl environment create \
--api-server 127.0.0.1:8091 \
--environment-name myenvironment \
--secret-manager-type vault \
--vault-token s.3QKNuRoTqLbjXaGBOmO6Psjh \
--vault-address https://192.0.2.20:8200 \
--update-config 

The --api-server option sets the location of the Platform API Server service. In this example, the Platform API Server is running on the operator node (the localhost) and listening on port 8091.

The --environment-name option sets the name of the environment, which in this example is myenvironment.

The --secret-manager-type option sets the certificate manager to Vault.

Replace --vault-token with the token to access Vault.

Replace --vault-address with the location of your Vault instance.

By default, the certificate generated by Vault is saved to $HOME/.olcne/certificates/environment_name/. If you want to specify a different location to save the certificate, use the --olcne-node-cert-path, --olcne-ca-path, and --olcne-node-key-path options. For example, add the following options to the olcnectl environment create command:

--olcne-node-cert-path /path/node.cert \
--olcne-ca-path /path/ca.cert \
--olcne-node-key-path /path/node.key 

The --update-config option writes information about the environment to a local configuration file at $HOME/.olcne/olcne.conf, and this configuration is used for future calls to the Platform API Server. If you use this option, you do not need to specify the Platform API Server (using the --api-server option) in future olcnectl commands. For more information on setting the Platform API Server see Platform Command-Line Interface.

Creating an Environment using Certificates

This section shows you how to create an environment using your own certificates, copied to each node. This example assumes the certificates are available on all nodes in the /etc/olcne/certificates/ directory.

On the operator node, create the environment using the olcnectl environment create command. For example:

olcnectl environment create \
--api-server 127.0.0.1:8091 \
--environment-name myenvironment \
--secret-manager-type file \
--olcne-node-cert-path /etc/olcne/certificates/node.cert \
--olcne-ca-path /etc/olcne/certificates/ca.cert \
--olcne-node-key-path /etc/olcne/certificates/node.key \
--update-config

The --api-server option sets the location of the Platform API Server service. In this example, the Platform API Server is running on the operator node (the localhost) and listening on port 8091.

The --environment-name option sets the name of the environment, which in this example is myenvironment.

The --secret-manager-type option sets the certificate manager to use file-based certificates.

The --olcne-node-cert-path, --olcne-ca-path, and --olcne-ca-path options set the location of the certificate files. You can optionally set the location for the certificate files using environment variables; olcnectl uses these if they are set. The following environment variables map to the olcnectl environment create command options:

Table 4-1 Certificate Options

Command Option	Environment Variable	Purpose
--olcne-node-cert-path	$OLCNE_SM_CERT_PATH	The path to the node certificate.
--olcne-ca-path	$OLCNE_SM_CA_PATH	The path to the Certificate Authority certificate.
--olcne-node-key-path	$OLCNE_SM_KEY_PATH	The path to the key for the node's certificate.

For example, to set the certificate information using environment variables for the same environment, you could use:

export OLCNE_SM_CA_PATH=/etc/olcne/certificates/ca.cert
export OLCNE_SM_CERT_PATH=/etc/olcne/certificates/node.cert
export OLCNE_SM_KEY_PATH=/etc/olcne/certificates/node.key

olcnectl environment create \
--api-server 127.0.0.1:8091 \
--environment-name myenvironment \
--secret-manager-type file \
--update-config 

The --update-config option writes information about the environment to a local configuration file at $HOME/.olcne/olcne.conf, and this configuration is used for future calls to the Platform API Server. If you use this option, you do not need to specify the Platform API Server (using the --api-server option) in future olcnectl commands. For more information on setting the Platform API Server see Platform Command-Line Interface.