Oracle Cloud Infrastructure Documentation

Preparing for Container Engine for Kubernetes

Before you can use Container Engine for Kubernetes to create a Kubernetes cluster:

  • You must have access to an Oracle Cloud Infrastructure tenancy.
  • Your tenancy must have sufficient quota on different types of resource (see Service Limits). More specifically:

    • Compute instance quota: To create a Kubernetes cluster, at least one compute instance (node) must be available in the tenancy. Note that to create a highly available cluster, three compute instances must be available (one in each availability domain in a region).
    • Block volume quota: If you intend to create Kubernetes persistent volumes, sufficient block volume quota must be available in each availability domain to meet the persistent volume claim. Persistent volume claims must request a minimum of 50 gigabytes. See Creating a Persistent Volume Claim.
    • Load balancer quota: If you intend to create a load balancer to distribute traffic between the nodes running a service in a Kubernetes cluster, sufficient load balancer quota must be available in the region. See Creating Load Balancers to Distribute Traffic Between Cluster Nodes.
  • Within your tenancy, there must already be a compartment to contain the necessary network resources (VCN, subnets, internet gateway, route table, security lists). If such a compartment does not exist already, you will have to create it. Note that the network resources can reside in the root compartment. However, if you expect multiple teams to create clusters, best practice is to create a separate compartment for each team.
  • Within the compartment, network resources (VCN, subnets, internet gateway, route table, security lists) must be appropriately configured in each region in which you want to create and deploy clusters. For example, to create a highly available cluster spanning three availability domains, the VCN must include three subnets in different availability domains for node pools, and two further subnets for load balancers. When creating a new cluster, you can have Container Engine for Kubernetes automatically create and configure new network resources for the new cluster, or you can specify existing network resources. If you specify existing network resources, you or somebody else must have already configured those resources appropriately. See Network Resource Configuration for Cluster Creation and Deployment.
  • Within the root compartment of your tenancy, a policy statement (Allow service OKE to manage all-resources in tenancy) must be defined to give Container Engine for Kubernetes access to resources in the tenancy. See Create Policy for Container Engine for Kubernetes (Required)
  • To create and/or manage clusters, you must belong to one of the following:

    • The tenancy's Administrators group
    • A group to which a policy grants the appropriate Container Engine for Kubernetes permissions. If you are creating or modifying clusters using the Console, policies must also grant the group the Networking permissions VCN_READ and SUBNET_READ. To have Container Engine for Kubernetes automatically create and configure new network resources for a new cluster, policies must also grant the group the necessary permissions to create those network resources. See Create One or More Policies for Groups (Optional).
  • To perform operations on a cluster: