Table of Contents Table of Contents Title and Copyright Information Preface Documentation License Conventions Documentation Accessibility Access to Oracle Support for Accessibility Diversity and Inclusion 1 Host Requirements Hardware Requirements Kubernetes Control Plane Node Hardware Kubernetes Worker Node Hardware Operator Node Hardware Kubernetes High Availability Requirements Istio Requirements Operating System Requirements 2 Prerequisites Enabling Access to the Software Packages Oracle Linux 8 Enabling Channels with ULN Enabling Repositories with the Oracle Linux Yum Server Oracle Linux 7 Enabling Channels with ULN Enabling Repositories with the Oracle Linux Yum Server Accessing the Oracle Container Registry Using an Oracle Container Registry Mirror Using a Private Registry Setting up the Operating System Setting up a Network Time Service Disabling Swap Setting up the Network Setting up the Firewall Rules Non-HA Cluster Firewall Rules Highly Available Cluster Firewall Rules Setting up Other Network Options Internet Access Flannel Network br_netfilter Module Bridge Tunable Parameters Network Address Translation Setting FIPS Mode Setting Up SSH Key-based Authentication 3 Installing Oracle Cloud Native Environment Installation Overview Setting up the Nodes Setting up the Operator Node Setting up Kubernetes Nodes Setting up a Load Balancer for Highly Available Clusters Setting up an External Load Balancer Setting up a Load Balancer on Oracle Cloud Infrastructure Setting up the Internal Load Balancer Setting up X.509 Certificates for Kubernetes Nodes Setting up Vault Authentication Setting up CA Certificates Setting up Private CA Certificates Creating and Copying Certificates Creating Additional Certificates Setting up X.509 Certificates for the externalIPs Kubernetes Service Setting up Vault Certificates Setting up CA Certificates Setting up Private CA Certificates Starting the Platform API Server and Platform Agent Services Starting the Services Using Vault Starting the Services Using Certificates 4 Creating an Environment Creating an Environment using Certificates Managed by Vault Creating an Environment using Certificates 5 Installing Modules Creating a Kubernetes Module Creating an Oracle Cloud Infrastructure Cloud Controller Manager Module Creating a MetalLB Module Creating a Gluster Container Storage Interface Module Creating an Operator Lifecycle Manager Module Creating an Istio Module 6 Configuring Services Configuring the Platform API Server Configuring the Platform Agent