Configure OCI policies for an Oracle Container Engine for Kubernetes cluster

These steps are applicable if you intend to run your management cluster using Oracle Container Engine for Kubernetes (OKE). They need to be created by a user with admin privileges and are required so you can provision your OKE cluster successfully. If you plan to run your management cluster in kind or a non-OKE cluster, you can skip this step.

Create a user in OCI e.g. iaas_oke_usr
Create a group in OCI e.g. iaas_oke_grp and add the user iaas_oke_usr to this group
Create a policy in OCI and add the following policies(Please read OKE Policy Configuration Doc for more fine grained policies):
- Allow group iaas_oke_grp to manage dynamic groups
- Allow group iaas_oke_grp to manage virtual-network-family in <compartment>
- Allow group iaas_oke_grp to manage cluster-family in <compartment>
- Allow group iaas_oke_grp to manage instance-family in <compartment>

where <compartment> is the name of the OCI compartment of the management cluster. Refer to the OCI documentation if you have not created a compartment yet.

Warning

You should not create your management cluster in the root compartment.

Kubernetes Cluster API Provider for Oracle Cloud Infrastructure

Configure OCI policies for an Oracle Container Engine for Kubernetes cluster