Customizing worker nodes

Configure user managed boot volume encryption

Use the following configuration in OCIMachineTemplate to use a customer managed boot volume encryption key.

kind: OCIMachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
spec:
  template:
    spec:
      instanceSourceViaImageConfig:
        kmsKeyId: <kms-key-id>

Configure shielded instances

Use the following configuration in OCIMachineTemplate to create shielded instances. Below example is for an AMD based VM. Please read the CAPOCI github page PlatformConfig struct for an enumeration of all the possible configurations.

kind: OCIMachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
spec:
  template:
    spec:
      platformConfig:
        platformConfigType: "AMD_VM"
        amdVmPlatformConfig:
          isSecureBootEnabled: true
          isTrustedPlatformModuleEnabled: true
          isMeasuredBootEnabled: true

Configure confidential instances

Use the following configuration in OCIMachineTemplate to create confidential instances. Below example is for an AMD based VM. Please read the CAPOCI github page PlatformConfig struct for an enumeration of all the possible configurations.

kind: OCIMachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
spec:
  template:
    spec:
      platformConfig:
        platformConfigType: "AMD_VM"
        amdVmPlatformConfig:
          isMemoryEncryptionEnabled: true

Configure preemptible instances

Use the following configuration in OCIMachineTemplate to create preemtible instances.

kind: OCIMachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
spec:
  template:
    spec:
      preemptibleInstanceConfig:
        terminatePreemptionAction:
          preserveBootVolume: false

Configure capacity reservation

Use the following configuration in OCIMachineTemplate to use capacity reservations.

kind: OCIMachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
spec:
  template:
    spec:
      capacityReservationId: <capacity-reservation-id>

Configure Oracle Cloud Agent plugins

Use the following configuration in OCIMachineTemplate to configure Oracle Cloud Agent plugins. The example below enables Bastion plugin.

kind: OCIMachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
spec:
  template:
    spec:
      agentConfig:
        pluginsConfigs:
          - name: "Bastion"
            desiredState: "ENABLED"

Configure Burstable Instances

Use the following configuration in OCIMachineTemplate to configure Burstable Instance. The following values are supported for baselineOcpuUtilization.

BASELINE_1_8 - baseline usage is 1/8 of an OCPU.
BASELINE_1_2 - baseline usage is 1/2 of an OCPU.
BASELINE_1_1 - baseline usage is an entire OCPU. This represents a non-burstable instance.

kind: OCIMachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
spec:
  template:
    spec:
      shapeConfig:
        baselineOcpuUtilization: "BASELINE_1_8"
        ocpus: "1"

Kubernetes Cluster API Provider for Oracle Cloud Infrastructure