{OCI OKE} Oracle Container Engine for Kubernetes(OKE)をプロビジョニングしよう

https://oracle-japan.github.io/ocitutorials/cloud-native/oke-for-commons/
https://www.oracle.com/jp/cloud/cloud-native/container-engine-kubernetes/pricing/
https://qiita.com/sugimount/items/ba6813aca89bec0c81f7

①クイック作成

新規リソース:
仮想クラウド・ネットワーク(VCN)
インターネット・ゲートウェイ(IG)
NATゲートウェイ(NAT)
サービス・ゲートウェイ(SGW)
Kubernetes クラスタ
 Kubernetesワーカー・ノードおよびノード・プール

②カスタム作成

新規リソース:
Kubernetes クラスタ
 Kubernetesワーカー・ノードおよびノード・プール

-- 1. ネットワーク設定

cat <<-'EOF' > variables.tf

locals {
tenancy_ocid = "ocid1.tenancy.oc1..000000000000000000000000000000000000000000000000000000000000"

}

variable "compartment_name" {
description = "compartment_name"
type = string
default = "cmp01"
}

EOF

cat <<-'EOF' > main.tf

terraform {
required_version = ">= 1.0.0, < 2.0.0"
required_providers {
oci = {
source = "hashicorp/oci"
version = "= 5.23.0"
}
}
}

provider "oci" {
tenancy_ocid = local.tenancy_ocid
user_ocid = "ocid1.user.oc1..000000000000000000000000000000000000000000000000000000000000"
private_key_path = "~/.oci/oci_api_key.pem"
fingerprint = "45:ed:22:e6:cc:fd:63:97:12:9d:62:7a:90:12:65:7a"
region = "us-ashburn-1"
}

resource "oci_identity_compartment" "cmp01" {
# Required
compartment_id = local.tenancy_ocid
description = var.compartment_name
name = var.compartment_name

enable_delete = true
}

resource "oci_core_vcn" "vcn01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id

#Optional
cidr_block = "10.0.0.0/16"
display_name = "vcn01"
dns_label = "vcn01"

}

resource "oci_core_internet_gateway" "igw01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional
enabled = true
display_name = "igw01"
}

resource "oci_core_route_table" "rt01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional
display_name = "rt01"
route_rules {
#Required
network_entity_id = oci_core_internet_gateway.igw01.id
#Optional
cidr_block = "0.0.0.0/0"
}

}

resource "oci_core_route_table" "rt02" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional
display_name = "rt02"
route_rules {
#Required
network_entity_id = oci_core_internet_gateway.igw01.id
#Optional
cidr_block = "0.0.0.0/0"
}

}

resource "oci_core_security_list" "sl01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional
display_name = "sl01"

egress_security_rules {
destination = "0.0.0.0/0"
protocol = "all"
stateless = false
}


ingress_security_rules {
protocol = "6"
source = "0.0.0.0/0"
stateless = false
tcp_options {
max = 22
min = 22
}
}
ingress_security_rules {
protocol = "6"
source = "0.0.0.0/0"
stateless = false
tcp_options {
max = 6443
min = 6443
}
}
ingress_security_rules {
source = "10.0.2.0/24"
protocol = "all"
stateless = false
}
}

resource "oci_core_security_list" "sl02" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional
display_name = "sl02"

egress_security_rules {
destination = "0.0.0.0/0"
protocol = "all"
stateless = false
}

ingress_security_rules {
protocol = "6"
source = "0.0.0.0/0"
stateless = false
tcp_options {
max = 22
min = 22
}
}
ingress_security_rules {
source = "10.0.1.0/24"
protocol = "all"
stateless = false
}
}

resource "oci_core_subnet" "subnet01" {
#Required
cidr_block = "10.0.1.0/24"
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional

display_name = "subnet01"
dns_label = "subnet01"
route_table_id = oci_core_route_table.rt01.id
security_list_ids = [oci_core_security_list.sl01.id]
}

resource "oci_core_subnet" "subnet02" {
#Required
cidr_block = "10.0.2.0/24"
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional

display_name = "subnet02"
dns_label = "subnet02"
route_table_id = oci_core_route_table.rt02.id
security_list_ids = [oci_core_security_list.sl02.id]
}

EOF

cat <<-'EOF' > outputs.tf

output "cmp01_id" {
value = oci_identity_compartment.cmp01.id
description = "cmp01.id"
}

output "vcn01_id" {
value = oci_core_vcn.vcn01.id
description = "vcn01.id"
}

output "igw01_id" {
value = oci_core_internet_gateway.igw01.id
description = "igw01.id"
}
output "rt01_id" {
value = oci_core_route_table.rt01.id
description = "rt01.id"
}
output "rt02_id" {
value = oci_core_route_table.rt02.id
description = "rt02.id"
}

output "sl01_id" {
value = oci_core_security_list.sl01.id
description = "sl01.id"
}
output "sl02_id" {
value = oci_core_security_list.sl02.id
description = "sl02.id"
}

output "subnet01_id" {
value = oci_core_subnet.subnet01.id
description = "subnet01.id"
}
output "subnet02_id" {
value = oci_core_subnet.subnet02.id
description = "subnet02.id"
}

EOF

terraform init
terraform fmt
terraform -version

terraform plan

export TF_VAR_compartment_name=cmp01

terraform apply -auto-approve

terraform destroy -auto-approve

-- 2. クラスタの作成

subnet01 -> Service LoadBalaner用(クラスタ用)
subnet02 -> Worker Node 用(ノードプール用)

基本的なクラスタ
ノード数=1

VM.Standard.E3.Flex
Oarcle Linux 8 2023.09.26-0

v1.28.2

oci ce cluster list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci ce cluster create --generate-full-command-json-input

oci ce cluster create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--kubernetes-version "v1.28.2" \
--name cluster01 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--cluster-pod-network-options '[
{
"cni-type": "OCI_VCN_IP_NATIVE"
}
]' \
--dashboard-enabled false \
--endpoint-public-ip-enabled true \
--endpoint-subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--service-lb-subnet-ids '[
"ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000"
]' \
--type BASIC_CLUSTER

oci ce cluster list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"name":"name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table

oci ce cluster delete \
--cluster-id ocid1.cluster.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 3. ノードプールの作成

oci ce node-pool list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci ce node-pool create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--cluster-id ocid1.cluster.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--name pool01 \
--node-shape "VM.Standard.E3.Flex" \
--kubernetes-version "v1.28.2" \
--max-pods-per-node 16 \
--node-image-id "ocid1.image.oc1.iad.000000000000000000000000000000000000000000000000000000000000" \
--node-shape-config '{
"memory-in-gbs": 16.0,
"ocpus": 1.0
}' \
--placement-configs '[
{
"availability-domain": "OEIw:US-ASHBURN-AD-1",
"capacity-reservation-id": null,
"fault-domains": null,
"preemptible-node-config": null,
"subnet-id": "ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000"
}
]' \
--pod-subnet-ids '[
"ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000"
]' \
--size 1

oci ce node-pool list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"name":"name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table

oci ce node-pool delete \
--node-pool-id ocid1.nodepool.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 4. 動作確認

クラウドシェルから下記を実施

oci ce cluster create-kubeconfig \
--cluster-id ocid1.cluster.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--file $HOME/.kube/config \
--region us-ashburn-1 \
--token-version 2.0.0 \
--kube-endpoint PUBLIC_ENDPOINT

kubectl version

kubectl create -f https://k8s.io/examples/application/deployment.yaml

kubectl get all

kubectl delete -f https://k8s.io/examples/application/deployment.yaml