Configure OCI policies for an Oracle Container Engine for Kubernetes cluster
These steps are applicable if you intend to run your management cluster using Oracle Container Engine for Kubernetes (OKE). They need to be created by a user with admin privileges and are required so you can provision your OKE cluster successfully. If you plan to run your management cluster in kind or a non-OKE cluster, you can skip this step.
- Create a user in OCI e.g.
iaas_oke_usr
- Create a group in OCI e.g.
iaas_oke_grp
and add the useriaas_oke_usr
to this group - Create a policy in OCI and add the following policies(Please read OKE Policy Configuration Doc for more fine grained policies):
Allow group iaas_oke_grp to manage dynamic groups
Allow group iaas_oke_grp to manage virtual-network-family in <compartment>
Allow group iaas_oke_grp to manage cluster-family in <compartment>
Allow group iaas_oke_grp to manage instance-family in <compartment>
where <compartment>
is the name of the OCI compartment of the management cluster. Refer to the OCI documentation if you have not created a compartment yet.