These steps are applicable if you intend to run your management cluster using Oracle Container Engine for Kubernetes (OKE). They need to be created by a user with admin privileges and are required so you can provision your OKE cluster successfully. If you plan to run your management cluster in kind or a non-OKE cluster, you can skip this step.
- Create a user in OCI e.g.
- Create a group in OCI e.g.
iaas_oke_grpand add the user
iaas_oke_usrto this group
- Create a policy in OCI and add the following policies(Please read OKE Policy Configuration Doc for more fine grained policies):
Allow group iaas_oke_grp to manage dynamic groups
Allow group iaas_oke_grp to manage virtual-network-family in <compartment>
Allow group iaas_oke_grp to manage cluster-family in <compartment>
Allow group iaas_oke_grp to manage instance-family in <compartment>
<compartment> is the name of the OCI compartment of the management cluster. Refer to the OCI documentation if you have not created a compartment yet.