3.2.10 Requirements to Use Oracle Linux Container Services for use with Kubernetes on Oracle Cloud Infrastructure

Oracle Linux Container Services for use with Kubernetes is engineered to work on Oracle Cloud Infrastructure. All of the instructions provided in this document can be used to install and configure Kubernetes across a group of compute instances. If you require additional information on configuration steps and usage of Oracle Cloud Infrastructure, please see:

https://docs.us-phoenix-1.oraclecloud.com/Content/home.htm

The most important requirement for Oracle Linux Container Services for use with Kubernetes on Oracle Cloud Infrastructure is that your Virtual Cloud Network (VCN) allows the compute nodes used in your Kubernetes deployment to communicate on the required ports. By default, compute nodes are unable to access each other across the Virtual Cloud Network until you have configured the Security List with the appropriate ingress rules.

Ingress rules should match the rules required in any firewall configuration, as described in Section 3.2.7, “Firewall and iptables Requirements”. Typically this involves adding the following ingress rules to the default security list for your VCN:

  1. Allow 2379-2380/TCP. 

    • STATELESS: Unchecked

    • SOURCE CIDR: 10.0.0.0/16

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 2379-2380

  2. Allow 6443/TCP. 

    • STATELESS: Unchecked

    • SOURCE CIDR: 10.0.0.0/16

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 6443

  3. Allow 10250-10252/TCP. 

    • STATELESS: Unchecked

    • SOURCE CIDR: 10.0.0.0/16

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 10250-10252

  4. Allow 10255/TCP. 

    • STATELESS: Unchecked

    • SOURCE CIDR: 10.0.0.0/16

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 10255

  5. Allow 8472/UDP. 

    • STATELESS: Unchecked

    • SOURCE CIDR: 10.0.0.0/16

    • IP PROTOCOL: UDP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 8472

Substitute 10.0.0.0/16 with the range used for the subnet that you created within the VCN for the compute nodes that will participate in the Kubernetes cluster. You may wish to limit this to the specific IP address range used specifically by the cluster components, or you may set this wider depending on your own security requirements.

Important

The ingress rules described here are the core rules that you need to set up to allow the cluster to function. For each service that you define or that you intend to use, you may need to define additional rules in the security list.

When creating compute instances to host Oracle Linux Container Services for use with Kubernetes, all shape types are supported. The environment requires that for high availability clusters you use an Oracle Linux 7 Update 5 image or later with the Unbreakable Enterprise Kernel Release 5 (UEK R5).

If you intend to configure load balancers for your master cluster, while using Oracle Cloud Infrastructure, as described in Configure Load Balancing, see:

https://docs.cloud.oracle.com/iaas/Content/Balance/Concepts/balanceoverview.htm