2.2.10 Requirements to Use Oracle Linux Container Services for use with Kubernetes on Oracle Cloud Infrastructure

Oracle Linux Container Services for use with Kubernetes is engineered to work on Oracle Cloud Infrastructure. You can use all of the instructions that are provided in this document to install and configure Kubernetes across a group of compute instances. Additional information about configuration steps and usage of Oracle Cloud Infrastructure can be found at https://docs.us-phoenix-1.oraclecloud.com/Content/home.htm.

The most important requirement for Oracle Linux Container Services for use with Kubernetes on Oracle Cloud Infrastructure is that your Virtual Cloud Network (VCN) allows the compute nodes that are used in your Kubernetes deployment to communicate through the required ports. By default, compute nodes are unable to access each other across the VCN until you have configured the Security List with the appropriate ingress rules.

Ingress rules should match the rules that are required in any firewall configuration, as described in Section 2.2.7, “Firewall and iptables Requirements”. Typically, the configuration involves adding the following ingress rules to the default security list for your VCN:

  1. Allow 6443/TCP. 

    • STATELESS: Unchecked

    • SOURCE CIDR: 10.0.0.0/16

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 6443

  2. Allow 10250/TCP. 

    • STATELESS: Unchecked

    • SOURCE CIDR: 10.0.0.0/16

    • IP PROTOCOL: TCP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 10250

  3. Allow 8472/UDP. 

    • STATELESS: Unchecked

    • SOURCE CIDR: 10.0.0.0/16

    • IP PROTOCOL: UDP

    • SOURCE PORT RANGE: All

    • DESTINATION PORT RANGE: 8472

Substitute 10.0.0.0/16 with the range used for the subnet that you created within the VCN for the compute nodes that will participate in the Kubernetes cluster. You may wish to limit the specific IP address range to the range that is used specifically by the cluster components, or you may expand this range, depending on your particular security requirements.

Important

The ingress rules that are described here are the core rules that you need to set up to allow the cluster to function. For each service that you define or intend to use, you might need to define additional rules in the Security List.

When creating compute instances to host Oracle Linux Container Services for use with Kubernetes, all shape types are supported. The environment requires that you use Oracle Linux 7 Update 5 or later, with Unbreakable Enterprise Kernel Release 5 (UEK R5).

Note

A future version of Oracle Linux Container Services for use with Kubernetes will migrate existing single master clusters from KubeDNS to CoreDNS. CoreDNS requires an Oracle Linux 7 Update 5 image or later with the Unbreakable Enterprise Kernel Release 5 (UEK R5).

Existing Oracle Linux Container Services for use with Kubernetes 1.1.9 installations may already run on an Oracle Linux 7 Update 3 image, with Unbreakable Enterprise Kernel Release 4 (UEK R4), but you must upgrade your environment to permit future product upgrades.