Chapter 4 Creating and Managing a Kubernetes Cluster

This chapter shows you how to use the Platform CLI (olcnectl) to create an environment, add the Kubernetes module (kubernetes) to the environment, add the master and worker nodes, and perform the deployment to create a Kubernetes cluster.

For more information on the syntax for the olcnectl command, see Chapter 5, Using the Platform CLI.

4.1 Creating an Environment

The first step to deploying Oracle Linux Cloud Native Environment is to create an environment. You can create multiple environments, with each environment potentially containing multiple modules. Naming each environment and module makes it easier to manage the deployed components of Oracle Linux Cloud Native Environment. Use the olcnectl environment create command to create an environment.

This section shows you how to create an environment using Vault, and using your own certificates copied to the file system on each node.

For information on setting up the certificates with Vault, see Section 3.5, “Setting up X.509 Certificates”.

For information on creating a private CA to sign certificates that can be used during testing, see Section 3.5.3, “Setting up Private CA Certificates”.

4.1.1 Creating an Environment using Certificates Managed by Vault

This section shows you how to create an environment using Vault to provide and manage the certificates.

On the operator node, use the olcnectl environment create command to create an environment. For example, to create an environment named myenvironment using certificates generated from a Vault instance:

$ olcnectl --api-server 127.0.0.1:8091 environment create --environment-name myenvironment \
    --update-config \
    --vault-token s.3QKNuRoTqLbjXaGBOmO6Psjh \
    --secret-manager-type vault \
    --vault-address https://192.0.2.20:8200

The --secret-manager-type vault file option sets the certificate manager to Vault. Replace --vault-token with the token to access Vault. Replace --vault-address with the location of your Vault instance.

The --update-config option saves the certificate generated by Vault on the local host. When you use this option, you do not need to enter the certificate information again when managing the environment.

By default, the certificate is saved to $HOME/.olcne/certificates/environment_name/. If you want to specify a different location to save the certificate, use the --olcne-node-cert-path, --olcne-ca-path, and --olcne-node-key-path options. For example, add the following options to the olcnectl environment create command:

    --olcne-node-cert-path /etc/olcne/configs/certificates/production/node.cert \
    --olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert \
    --olcne-node-key-path /etc/olcne/configs/certificates/production/node.key 

4.1.2 Creating an Environment using Certificates

This section shows you how to create an environment using your own certificates, copied to each node. This example assumes the certificates are available on all nodes in the /etc/olcne/configs/certificates/production/ directory.

On the operator node, create the environment using the olcnectl environment create command. For example:

$ olcnectl --api-server 127.0.0.1:8091 environment create --environment-name myenvironment \
    --update-config \
    --secret-manager-type file \
    --olcne-node-cert-path /etc/olcne/configs/certificates/production/node.cert \
    --olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert \
    --olcne-node-key-path /etc/olcne/configs/certificates/production/node.key

The --secret-manager-type file file option sets the certificate manager to use file-based certificates.

You can optionally set the location for the certificate files using environment variables; olcnectl uses these if they are set.

The environment variables map to the olcnectl environment create command options:

  • $OLCNE_SM_CERT_PATH sets the value used with the --olcne-node-cert-path option.

  • $OLCNE_SM_CA_PATH sets the value used with the --olcne-ca-path option.

  • $OLCNE_SM_KEY_PATH sets the value used with the --olcne-node-key-path option.

For example:

$ export OLCNE_SM_CA_PATH=/etc/olcne/configs/certificates/production/ca.cert
$ export OLCNE_SM_CERT_PATH=/etc/olcne/configs/certificates/production/node.cert
$ export OLCNE_SM_KEY_PATH=/etc/olcne/configs/certificates/production/node.key
$ olcnectl --api-server 127.0.0.1:8091 environment create --environment-name myenvironment \
    --update-config \
    --secret-manager-type file