Install Oracle Cloud Infrastructure Cloud Controller Manager

Oracle Cloud Infrastructure (OCI) Cloud Controller Manager is OCI's implementation of the Kubernetes control plane component that links your Kubernetes cluster to OCI.

Configure authentication via Instance Principal (Recommended)

Oracle recommends using Instance principals to be used by CCM for authentication. Please ensure the following policies in the dynamic group for CCM to be able to talk to various OCI Services.

allow dynamic-group [your dynamic group name] to read instance-family in compartment [your compartment name]
allow dynamic-group [your dynamic group name] to use virtual-network-family in compartment [your compartment name]
allow dynamic-group [your dynamic group name] to manage load-balancers in compartment [your compartment name]

1. Download the example configuration file:

   curl -L https://raw.githubusercontent.com/oracle/oci-cloud-controller-manager/master/manifests/provider-config-instance-principals-example.yaml -o cloud-provider-example.yaml
   

2. Update values in the configuration file as necessary.

   As an example using the provided cluster-template.yaml you would modify the cloud-provider-example.yaml and make sure to set compartment and vcn with the correct OCIDs. Then set subnet1 to the OCID of your service-lb subnet and remove subnet2. You would then set securityListManagementMode to "None".

3. Create a secret:

   kubectl  create secret generic oci-cloud-controller-manager \
     -n kube-system                                           \
     --from-file=cloud-provider.yaml=cloud-provider-example.yaml
   

Install CCM

1. Navigate to the release page of CCM and export the version that you want to install. Typically, the latest version can be installed.

   export CCM_RELEASE_VERSION=<update-version-here>
   

2. Download the deployment manifests:

   curl -L "https://github.com/oracle/oci-cloud-controller-manager/releases/download/${CCM_RELEASE_VERSION}/oci-cloud-controller-manager.yaml" -o oci-cloud-controller-manager.yaml
   
   curl -L "https://github.com/oracle/oci-cloud-controller-manager/releases/download/${CCM_RELEASE_VERSION}/oci-cloud-controller-manager-rbac.yaml" -o oci-cloud-controller-manager-rbac.yaml
   

3. Deploy the CCM:

   kubectl apply -f oci-cloud-controller-manager.yaml
   

4. Deploy the RBAC rules:

   kubectl apply -f oci-cloud-controller-manager-rbac.yaml
   

5. Check the CCM logs to verify OCI CCM is running correctly:

   kubectl -n kube-system get po | grep oci
   oci-cloud-controller-manager-ds-k2txq   1/1       Running   0          19s
   
   kubectl -n kube-system logs oci-cloud-controller-manager-ds-k2txq