Creating an Environment

4 Creating an Environment

The first step to creating a Kubernetes cluster is to create an environment. You can create many environments, with each environment containing many modules. Naming each environment and module makes it easier to manage the deployed components of Oracle Cloud Native Environment.

Important:

Don't use the same node in more than one environment.

Use the olcnectl environment create command on the operator node to create an environment. For more information on the syntax for the olcnectl environment create command, see Platform Command-Line Interface.

Tip:

You can also use a configuration file to create an environment. The configuration file is a YAML file that contains the information about the environments and modules you want to deploy. Using a configuration file reduces the information you need to provide with olcnectl commands. For information on creating and using a configuration file, see Platform Command-Line Interface.

This section shows you how to create an environment using Vault, and using certificates copied to the file system on each node. For information on setting up X.509 certificates, see Setting up Certificates for Kubernetes Nodes.

Creating an Environment using Certificates Managed by Vault

This section shows you how to create an environment using Vault to provide and manage the certificates.

On the operator node, use the olcnectl environment create command to create an environment. For example, to create an environment named myenvironment using certificates generated from a Vault instance at https://192.0.2.20:8200:

olcnectl environment create \
--api-server 127.0.0.1:8091 \
--environment-name myenvironment \
--secret-manager-type vault \
--vault-token s.3QKNuRoTqLbjXaGBOmO6Psjh \
--vault-address https://192.0.2.20:8200 \
--update-config

The --api-server option sets the location of the Platform API Server service. In this example, the Platform API Server is running on the operator node (the localhost) and listening on port 8091.

The --environment-name option sets the name of the environment, which in this example is myenvironment.

The --secret-manager-type option sets the certificate manager to Vault.

Replace --vault-token with the token to access Vault.

Replace --vault-address with the location of the Vault instance.

The --update-config option writes information about the environment to a local configuration file at $HOME/.olcne/olcne.conf, and this configuration is used for future calls to the Platform API Server. If you use this option, you don't need to specify the Platform API Server (using the --api-server option) in future olcnectl commands. For more information on setting the Platform API Server see Platform Command-Line Interface.

By default, the certificate generated by Vault is saved to $HOME/.olcne/certificates/environment_name/. To specify a different location to save the certificate, use the --olcne-node-cert-path, --olcne-ca-path, and --olcne-node-key-path options. For example, add the following options to the olcnectl environment create command:

--olcne-node-cert-path /path/node.cert \
--olcne-ca-path /path/ca.cert \
--olcne-node-key-path /path/node.key

Creating an Environment using Certificates

This section shows you how to create an environment using certificates, copied to each Kubernetes node. This example assumes the certificates are available on all nodes in the /etc/olcne/certificates/ directory.

On the operator node, create the environment using the olcnectl environment create command. For example:

olcnectl environment create \
--api-server 127.0.0.1:8091 \
--environment-name myenvironment \
--secret-manager-type file \
--olcne-node-cert-path /etc/olcne/certificates/node.cert \
--olcne-ca-path /etc/olcne/certificates/ca.cert \
--olcne-node-key-path /etc/olcne/certificates/node.key \
--update-config

If you created certificates for the Platform CLI to communicate the with Platform API Server as shown in Generate Certificates for the Platform CLI to the Platform API Server, you don't need to specify the location of the certificate information. The key information is stored in:

$HOME/.olcne/certificates/api_server_hostname:port

If you followed that procedure, you can create an environment without the key information, for example:

olcnectl environment create \
--api-server 127.0.0.1:8091 \
--environment-name myenvironment \
--secret-manager-type file \
--update-config

The --api-server option sets the location of the Platform API Server service. In this example, the Platform API Server is running on the operator node (the localhost) and listening on port 8091.

The --environment-name option sets the name of the environment, which in this example is myenvironment.

The --secret-manager-type option sets the certificate manager to use file-based certificates.

The --olcne-node-cert-path, --olcne-ca-path, and --olcne-node-key-path options set the location of the certificate files.

You can optionally set the location for the certificate files using environment variables as the Platform CLI uses these if they're set. The following environment variables map to the olcnectl environment create command options:

Table 4-1 Certificate Options

Command Option	Environment Variable	Purpose
`--olcne-node-cert-path`	`$OLCNE_SM_CERT_PATH`	The path to the node certificate.
`--olcne-ca-path`	`$OLCNE_SM_CA_PATH`	The path to the Certificate Authority certificate.
`--olcne-node-key-path`	`$OLCNE_SM_KEY_PATH`	The path to the key for the node's certificate.

For example, to set the certificate information using environment variables for the same environment, you could use:

export OLCNE_SM_CA_PATH=/etc/olcne/certificates//ca.cert
export OLCNE_SM_CERT_PATH=/etc/olcne/certificates/node.cert
export OLCNE_SM_KEY_PATH=/etc/olcne/certificates/node.key

olcnectl environment create \
--api-server 127.0.0.1:8091 \
--environment-name myenvironment \
--secret-manager-type file \
--update-config