Preparing for Container Engine for Kubernetes

Before you can use Container Engine for Kubernetes to create a Kubernetes cluster:

  • You must have access to an Oracle Cloud Infrastructure tenancy.
  • Your tenancy must have sufficient quota on different types of resource (see Service Limits). More specifically:

    • Compute instance quota: To create a Kubernetes cluster, at least one compute instance (node) must be available in the tenancy. Note that to create a highly available cluster, three compute instances must be available (one in each availability domain in a region).
    • Block volume quota: If you intend to create Kubernetes persistent volumes, sufficient block volume quota must be available in each availability domain to meet the persistent volume claim. Persistent volume claims must request a minimum of 50 gigabytes. See Creating a Persistent Volume Claim.
    • Load balancer quota: If you intend to create a load balancer to distribute traffic between the nodes running a service in a Kubernetes cluster, sufficient load balancer quota must be available in the region. See Creating Load Balancers to Distribute Traffic Between Cluster Nodes.
  • Within your tenancy, a suitably pre-configured compartment must already exist. The compartment must contain the necessary network resources (VCN, subnets, internet gateway, route table, security lists) already configured in each region in which you want to create and deploy clusters. For example, to create a highly available cluster spanning three availability domains, the VCN must include three subnets in different availability domains for node pools, and two further subnets for load balancers. See Network Resource Configuration for Cluster Creation and Deployment.
  • Within the root compartment of your tenancy, a policy statement (allow service OKE to manage all-resources in tenancy) must be defined to give Container Engine for Kubernetes access to resources in the tenancy. See Create Policy for Container Engine for Kubernetes (Required)
  • To create and/or manage clusters, you must belong to one of the following:

    • The tenancy's Administrators group
    • A group to which a policy grants the appropriate Container Engine for Kubernetes permissions. If you are creating or modifying clusters using the Console, policies must also grant the group the Networking permissions VCN_READ and SUBNET_READ. See Create One or More Policies for Groups (Optional).
  • You (and the groups to which you belong) must have been defined solely in Oracle Cloud Infrastructure Identity and Access Management. Container Engine for Kubernetes does not currently support groups and users for tenancies federated with other identity providers (see Federated users are not supported by Container Engine for Kubernetes).
  • To perform operations on a cluster: