Preparing an OKE environment

Contents

Create Public SSH Key to access all the Bastion and Worker nodes

Create SSH key using ssh-keygen on linux terminal to access (ssh) the Compute instances (worker/bastion) in OCI.

ssh-keygen -t rsa -N "" -b 2048 -C demokey -f id_rsa

Create a compartment for OKE

Within your tenancy, there must be a compartment to contain the necessary network resources (VCN, subnets, internet gateway, route table, security lists).

  1. Go to OCI console, and use the top-left Menu to select the Identity > Compartments option.
  2. Click the Create Compartment button.
  3. Enter the compartment name(For example, WCCStorage) and description(OKE compartment), the click the Create Compartment button.

Create Container Clusters (OKE)

  1. In the Console, open the navigation menu. Go to Developer Services and click Kubernetes Clusters (OKE). OKE-CLUSTER
  2. Choose a Compartment you have permission to work in. Here we will use WCCStorage compartment.
  3. On the Cluster List page, select your Compartment and click Create Cluster.OKE-CLUSTER
  4. In the Create Cluster dialog, select Quick Create and click Launch Workflow. OKE-CLUSTER
  5. On the Create Cluster page specify the values as per your environment (like the sample values shown below)
    • NAME: WCCOKEPHASE1
    • COMPARTMENT: WCCStorage
    • KUBERNETES VERSION: v1.23.4
    • CHOOSE VISIBILITY TYPE: Private
    • SHAPE: VM.Standard.E3.Flex (Choose the available shape for worker node pool. The list shows only those shapes available in your tenancy that are supported by Container Engine for Kubernetes. See Supported Images and Shapes for Worker Nodes.)
    • NUMBER OF NODES: 3 (The number of worker nodes to create in the node pool, placed in the regional subnet created for the ‘quick cluster’).
    • Click Show Advanced Options and enter PUBLIC SSK KEY: ssh-rsa AA……bmVnWgX/ demokey (The public key id_rsa.pub created at Step1) OKE-CLUSTER
  6. Click Next to review the details you entered for the new cluster.
    OKE-CLUSTER
  7. Click Create Cluster to create the new network resources and the new cluster. OKE-CLUSTER
  8. Container Engine for Kubernetes starts creating resources (as shown in the Creating cluster and associated network resources dialog). Click Close to return to the Console. OKE-CLUSTER
  9. Initially, the new cluster appears in the Console with a status of Creating. When the cluster has been created, it has a status of Active. OKE-CLUSTER
  10. Click on the Node Pools on Resources and then View to view the Node Pool and worker node status OKE-CLUSTER
  11. You can view the status of Worker node and make sure all Node State in Active and Kubernetes Node Condition is Ready.The worker node gets listed in the kubectl command once the Kubernetes Node Condition is Ready. OKE-CLUSTER
  12. To access the Cluster, Click on Access Cluster on the Cluster WCCOKEPHASE1 page. OKE-CLUSTER
  13. We will be creating the bastion node and then access the Cluster.

Create Bastion Node to access Cluster

Setup a bastion node for accessing internal resources. We will create the bastion node in same VCN following below steps, so that we can ssh into worker nodes. Here we will choose CIDR Block: 10.0.22.0/24 . You can choose a different block, if you want.

  1. Click on the VCN Name from the Cluster Page as shown below Bastion-Node

  2. Next Click on Security List and then Create Security List Bastion-Node

  3. Create a bastion-private-sec-list security with below Ingress and Egress Rules.

    Ingress Rules:
    Bastion-Node Egress Rules: Bastion-Node

  4. Create a bastion-public-sec-list security with below Ingress and Egress Rules.

    Ingress Rules:
    Bastion-Node Egress Rules: Bastion-Node

  5. Create the bastion-route-table with Internet Gateway, so that we can add to bastion instance for internet access Bastion-Node

  6. Next create a Regional Public Subnet for bastion instance with name bastion-subnet with below details:

    • CIDR BLOCK: 10.0.22.0/24
    • ROUTE TABLE: oke-bastion-routetables
    • SUBNET ACCESS: PUBLIC SUBNET
    • Security List: bastion-public-sec-list
    • DHCP OPTIONS: Select the Default DHCP Options Bastion-Node Bastion-Node

  7. Next Click on the Private Subnet which has Worker Nodes Bastion-Node

  8. And then add the bastion-private-sec-list to Worker Private Subnet, so that bastion instance can access the Worker nodes Bastion-Node

  9. Next Create Compute Instance oke-bastion with below details

    • Name: BastionHost
    • Image: Oracle Linux 7.X
    • Availability Domain: Choose any AD which has limit for creating Instance
    • VIRTUAL CLOUD NETWORK COMPARTMENT: WCCStorage( i.e., OKE Compartment)
    • SELECT A VIRTUAL CLOUD NETWORK: Select VCN created by Quick Cluster
    • SUBNET COMPARTMENT: WCCStorage ( i.e., OKE Compartment)
    • SUBNET: bastion-subnet (create above)
    • SELECT ASSIGN A PUBLIC IP ADDRESS
    • SSH KEYS: Copy content of id_rsa.pub created in Step1 Bastion-Node Bastion-Node Bastion-Node

  10. Once bastion Instance BastionHost is created, get the Public IP to ssh into the bastion instance Bastion-Node

  11. Login to bastion host as below

    ssh -i <your_ssh_bastion.key> opc@123.456.xxx.xxx

Setup OCI CLI

  1. Install OCI CLI 
    bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"
  2. Respond to the Installation Script Prompts.
  3. To download the kubeconfig later after setup, we need to setup the oci config file. Follow the below command and enter the details when prompted 
    $ oci setup config
    Click here to see the Sample Output
  4. Now you need to upload the created public key in $HOME/.oci (oci_api_key_public.pem) to OCI console Login to OCI Console and navigate to User Settings, which is in the drop down under your OCI userprofile, located at the top-right corner of the page. Bastion-Node
  5. On User Details page, Click Api Keys link, located near bottom-left corner of the page and then Click the Add API Key button. Copy the content of oci_api_key_public.pem and Click Add. Bastion-Node
  6. Now you can use the oci cli to access the OCI resources.
  7. To access the Cluster, Click on Access Cluster on the Cluster WCCOKEPHASE1 page Bastion-Node
  8. To access the Cluster from Bastion node perform steps as per the Local Access. Bastion-Node 
    $ oci -v
$ mkdir -p $HOME/.kube
 
$ oci ce cluster create-kubeconfig --cluster-id ocid1.cluster.oc1.phx.aaaaaaaaae4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxrqgjtd 
--file $HOME/.kube/config --region us-phoenix-1 --token-version 2.0.0
 
$ export KUBECONFIG=$HOME/.kube/config
  9. Install kubectl Client to access the Cluster 
    $ curl -LO https://dl.k8s.io/release/v1.15.7/bin/linux/amd64/kubectl
$ sudo mv kubectl  /bin/
$ sudo chmod +x /bin/kubectl
  10. Access the Cluster from bastion node 
    $ kubectl get nodes
NAME          STATUS   ROLES   AGE   VERSION
10.0.10.197   Ready    node    14d   v1.23.4
10.0.10.206   Ready    node    14d   v1.23.4
10.0.10.50    Ready    node    14d   v1.23.4
  11. Install required add-ons for Oracle WebCenter Content Cluster setup
    • Install helm v3 
      $ wget https://get.helm.sh/helm-v3.5.4-linux-amd64.tar.gz
$ tar -zxvf  helm-v3.5.4-linux-amd64.tar.gz
$ sudo mv linux-amd64/helm  /bin/helm
$ helm version
version.BuildInfo{Version:"v3.5.4", GitCommit:"1b5edb69df3d3a08df77c9902dc17af864ff05d1", GitTreeState:"clean", GoVersion:"go1.15.11"}
    • Install git 
      sudo yum install git -y