Oracle Cloud Infrastructure Documentation

Preparing for Container Engine for Kubernetes

Before you can use Container Engine for Kubernetes to create a Kubernetes cluster:

  • You must have access to an Oracle Cloud Infrastructure tenancy. The tenancy must be subscribed to one or more of the regions in which Container Engine for Kubernetes is available (see Availability by Region Name and Region Code).
  • Your tenancy must have sufficient quota on different types of resource (see Service Limits). More specifically:

    • Compute instance quota: To create a Kubernetes cluster, at least one compute instance (node) must be available in the tenancy. For example, to create a highly available cluster spanning three availability domains, three compute instances must be available (one in each availability domain in a region).
    • Block volume quota: If you intend to create Kubernetes persistent volumes, sufficient block volume quota must be available in each availability domain to meet the persistent volume claim. Persistent volume claims must request a minimum of 50 gigabytes. See Creating a Persistent Volume Claim.
    • Load balancer quota: If you intend to create a load balancer to distribute traffic between the nodes running a service in a Kubernetes cluster, sufficient load balancer quota must be available in the region. See Creating Load Balancers to Distribute Traffic Between Cluster Nodes.
  • Within your tenancy, there must already be a compartment to contain the necessary network resources (VCN, subnets, internet gateway, route table, security lists). If such a compartment does not exist already, you will have to create it. Note that the network resources can reside in the root compartment. However, if you expect multiple teams to create clusters, best practice is to create a separate compartment for each team.
  • Within the compartment, network resources (VCN, subnets, internet gateway, route table, security lists) must be appropriately configured in each region in which you want to create and deploy clusters. For example, to create a highly available cluster spanning three availability domains, the VCN must include three subnets in different availability domains for node pools, and optionally (but usually) one or two further subnets for load balancers. When creating a new cluster, you can have Container Engine for Kubernetes automatically create and configure new network resources for the new cluster, or you can specify existing network resources. If you specify existing network resources, you or somebody else must have already configured those resources appropriately. See Network Resource Configuration for Cluster Creation and Deployment.
  • Within the root compartment of your tenancy, a policy statement (Allow service OKE to manage all-resources in tenancy) must be defined to give Container Engine for Kubernetes access to resources in the tenancy. See Create Policy for Container Engine for Kubernetes (Required)
  • To create and/or manage clusters, you must belong to one of the following:

    • The tenancy's Administrators group
    • A group to which a policy grants the appropriate Container Engine for Kubernetes permissions. If you are creating or modifying clusters using the Console, or want Container Engine for Kubernetes to automatically create and configure new network resources for a new cluster, policies must also grant the group the following permissions:

      • VCN_READ and VCN_CREATE
      • SUBNET_READ and SUBNET_CREATE
      • COMPARTMENT_INSPECT
      • INTERNET_GATEWAY_CREATE
      • ROUTE_TABLE_UPDATE
      • SECURITY_LIST_CREATE

      See Create One or More Policies for Groups (Optional).

  • To perform operations on a cluster:

Availability by Region Name and Region Code

Container Engine for Kubernetes is available in the following regions. Note that you have to use the region code in some commands. In some cases, you might have to use shortened versions of availability domain names.

Region Name Region Code Shortened Availability Domain Names
Ashburn iad
  • US-ASHBURN-AD-1
  • US-ASHBURN-AD-2
  • US-ASHBURN-AD-3
Frankfurt fra
  • EU-FRANKFURT-1-AD-1
  • EU-FRANKFURT-1-AD-2
  • EU-FRANKFURT-1-AD-3
London lhr
  • UK-LONDON-1-AD-1
  • UK-LONDON-1-AD-2
  • UK-LONDON-1-AD-3
Phoenix phx
  • PHX-AD-1
  • PHX-AD-2
  • PHX-AD-3
Toronto yyz
  • CA-TORONTO-1-AD-1