Oracle Cloud Infrastructure
This page was last updated September 20, 2021.
This vendor-provided document has not been tested on the Istio 1.9 release and may contain bugs.
Follow these instructions to prepare an Oracle Container Engine for Kubernetes (OKE) cluster for Istio.
Create an OKE cluster
To create an OKE cluster, you must either belong to the tenancy’s Administrator’s group or a group to which a policy grants the CLUSTER_MANAGE
permission.
The simplest way to create an OKE cluster is to use the Quick Create Workflow available in the Oracle Cloud Infrastructure (OCI) console. Other methods include the Custom Create Workflow and the Oracle Cloud Infrastructure (OCI) API.
You can also create a cluster using the OCI CLI using the following example:
$ oci ce cluster create \
--name <oke-cluster-name> \
--kubernetes-version <kubernetes-version> \
--compartment-id <compartment-ocid> \
--vcn-id <vcn-ocid>
Parameter | Expected value |
---|---|
oke-cluster-name | A name to assign to your new OKE cluster |
kubernetes-version | A supported version of Kubernetes to deploy |
compartment-ocid | The OCID of an existing compartment |
vcn-ocid | The OCID of an existing virtual cloud network (VCN) |
Setting up local access to an OKE cluster
Install kubectl and the OCI CLI (oci
) to access an OKE cluster from your local machine.
Use the following OCI CLI command to create or update your kubeconfig
file to include an oci
command that dynamically generates and inserts a short-lived authentication token which allows kubectl
to access the cluster:
$ oci ce cluster create-kubeconfig \
--cluster-id <cluster-ocid> \
--file $HOME/.kube/config \
--token-version 2.0.0 \
--kube-endpoint [PRIVATE_ENDPOINT|PUBLIC_ENDPOINT]
While an OKE cluster may have multiple endpoints exposed, only one can be targeted in the kubeconfig
file.
The supported values for kube-endpoint
are either PUBLIC_ENDPOINT
or PRIVATE_ENDPOINT
. You may also need to configure an SSH tunnel via a bastion host to access clusters that only have a private endpoint.
Replace cluster-ocid
with the OCID of the target OKE cluster.
Verify access to the cluster
Use the kubectl get nodes
command to verify kubectl
is able to connect to the cluster:
$ kubectl get nodes
You can now install Istio using istioctl, Helm, or manually.