Create and manage OKE Clusters using Cluster API

Released in 2022, Cluster API Provider for Oracle Cloud Infrastructure (CAPOCI) allows users to deploy self-managed Kubernetes clusters in Oracle Cloud Infrastructure (OCI). Paul Jenkins authored the excellen blog as an introduction to Cluster API and CAPOCI. While self-managed Kubernetes clusters might suit some use cases, many customers prefer to use the OCI-managed Kubernetes solution, Oracle Container Engine for Kubernetes (OKE). OKE provides advantages such as completely managed Kubernetes control plane and OCI identity integration, but customer still want the benefits that Cluster API provides.

We’re pleased to announce that CAPOCI now supports OKE with the v0.7.0 release.

Benefits of using Cluster API to deploy OKE clusters

Cluster API clears the complexities of setting up, configuring, and managing Kubernetes clusters, enabling you to perform these tasks declaratively and programmatically across multiple cloud providers, on-premises, and edge infrastructure. It simplifies the configuration of both active and standby clusters by enabling you to automate the process. This setup reduces the risk of configuration drift, making it easier to monitor and manage the clusters consistently.

Cluster API is also integrated with a standardized set of toolkits, including fluxcd. This standardization ensures consistency and simplifies management using these tools to manage Kubernetes clusters.

Using CAPOCI to deploy an OKE cluster

Cluster API is typically installed on a management cluster that manages multiple Kubernetes clusters. In this blog, we use kind for the management cluster. When the management cluster is set up and CAPOCI is deployed on it, we can proceed to deploy an OKE cluster using CAPOCI.

Prerequisites

• A Linux-based terminal window on a laptop or an OCI virtual machine (VM)

• Docker

• kind

• kubectl

• clusterctl

Deploy the following commands in the terminal.

Deploy kind cluster

kind create cluster

Export OCI user principal credentials

export OCI_TENANCY_ID=
  
   
export OCI_USER_ID=
   
    
export OCI_CREDENTIALS_FINGERPRINT=
    
     
export OCI_REGION=
     
      
# if Passphrase is present
export OCI_CREDENTIALS_PASSPHRASE=
      
        export OCI_CREDENTIALS_KEY_B64=$(base64 < 
       
         | tr -d '\n') # the following lines of code can be copy pasted as it is export OCI_TENANCY_ID_B64="$(echo -n "$OCI_TENANCY_ID" | base64 | tr -d '\n')" export OCI_CREDENTIALS_FINGERPRINT_B64="$(echo -n "$OCI_CREDENTIALS_FINGERPRINT" | base64 | tr -d '\n')" export OCI_USER_ID_B64="$(echo -n "$OCI_USER_ID" | base64 | tr -d '\n')" export OCI_REGION_B64="$(echo -n "$OCI_REGION" | base64 | tr -d '\n')" export OCI_CREDENTIALS_PASSPHRASE_B64="$(echo -n "$OCI_CREDENTIALS_PASSPHRASE" | base64 | tr -d '\n')" 
       
      
     
    
   
  

Install CAPI and CAPOCI

EXP_MACHINE_POOL=true EXP_OKE=true clusterctl init  --infrastructure oci

Deploy the OKE cluster

NODE_MACHINE_COUNT=1 OCI_COMPARTMENT_ID=
  
    OCI_SSH_KEY="
   
    " clusterctl generate cluster oke-cluster-1 --kubernetes-version v1.25.4 --flavor managed| kubectl apply -f -
   
  

Monitor the created cluster

$ kubectl get clusters -A
NAMESPACE   NAME            PHASE         AGE   VERSION
default     oke-cluster-1   Provisioned   43m
$ kubectl get machinepool -A
NAMESPACE   NAME                 CLUSTER         REPLICAS   PHASE     AGE   VERSION
default     oke-cluster-1-mp-0   oke-cluster-1   1          Running   43m   v1.25.4

Deploy and monitor OKE clusters in multiple OCI regions

One of the advantages of using CAPOCI is the ability to deploy and monitor OKE clusters in multiple OCI regions. The following screenshot demonstrates this capability. We have deployed OKE clusters in the us-ashburn-1 and us-phoenix-1 public cloud regions of OCI and are managing and monitoring them from a single management cluster.

You can also extend this approach to monitor clusters running across multiple cloud providers.

$ kubectl get clusters -A
NAMESPACE   NAME          PHASE         AGE   VERSION
default     iad-cluster   Provisioned   14d
default     phx-cluster   Provisioned   14d

Conclusion

The CAPOCI team has been releasing updates to the product incrementally, and the addition of OKE support has made it accessible to a wider range of users. We encourage you to try out the new capabilities and share any feedback you have. The CAPOCI team is available on the Kubernetes slack channel #cluster-api-oci.

Finally, we want to express our gratitude to the Cluster API community. We worked closely with the community to validate our proposal, and their support was invaluable in helping us achieve our goals.

For more information, see the following resources:

• Cluster API documentation

• CAPOCI documentation