Oracle Cloud Infrastructure

This page was last updated September 20, 2021.

This vendor-provided document has not been tested on the Istio 1.9 release and may contain bugs.

Follow these instructions to prepare an Oracle Container Engine for Kubernetes (OKE) cluster for Istio.

Create an OKE cluster

To create an OKE cluster, you must either belong to the tenancy’s Administrator’s group or a group to which a policy grants the CLUSTER_MANAGE permission.

The simplest way to create an OKE cluster is to use the Quick Create Workflow available in the Oracle Cloud Infrastructure (OCI) console. Other methods include the Custom Create Workflow and the Oracle Cloud Infrastructure (OCI) API.

You can also create a cluster using the OCI CLI using the following example:

  1. $ oci ce cluster create \
  2. --name <oke-cluster-name> \
  3. --kubernetes-version <kubernetes-version> \
  4. --compartment-id <compartment-ocid> \
  5. --vcn-id <vcn-ocid>
ParameterExpected value
oke-cluster-nameA name to assign to your new OKE cluster
kubernetes-versionA supported version of Kubernetes to deploy
compartment-ocidThe OCID of an existing compartment
vcn-ocidThe OCID of an existing virtual cloud network (VCN)

Setting up local access to an OKE cluster

Install kubectl and the OCI CLI (oci) to access an OKE cluster from your local machine.

Use the following OCI CLI command to create or update your kubeconfig file to include an oci command that dynamically generates and inserts a short-lived authentication token which allows kubectl to access the cluster:

  1. $ oci ce cluster create-kubeconfig \
  2. --cluster-id <cluster-ocid> \
  3. --file $HOME/.kube/config \
  4. --token-version 2.0.0 \
  5. --kube-endpoint [PRIVATE_ENDPOINT|PUBLIC_ENDPOINT]

While an OKE cluster may have multiple endpoints exposed, only one can be targeted in the kubeconfig file.

The supported values for kube-endpoint are either PUBLIC_ENDPOINT or PRIVATE_ENDPOINT. You may also need to configure an SSH tunnel via a bastion host to access clusters that only have a private endpoint.

Replace cluster-ocid with the OCID of the target OKE cluster.

Verify access to the cluster

Use the kubectl get nodes command to verify kubectl is able to connect to the cluster:

  1. $ kubectl get nodes

You can now install Istio using istioctl, Helm, or manually.