Versions Compared

Old Version 11

changes.mady.by.user Kam Heng Choy

Saved on

compared with

New Version 12

changes.mady.by.user Kam Heng Choy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Grant permission to the OCI Native Ingress Controller to access resources created by other OCI services, such as the Load Balancer service and the Certificates service. Hence, these IAM policies must be installed.

Code Block
languagebash
Allow group <group-name> to manage load-balancers in compartment <compartment-name>
Allow group <group-name> to use virtual-network-family in compartment <compartment-name>
Allow group <group-name> to manage cabundles in compartment <compartment-name>
Allow group <group-name> to manage cabundle-associations in compartment <compartment-name>
Allow group <group-name> to manage leaf-certificates in compartment <compartment-name>
Allow group <group-name> to read leaf-certificate-bundles in compartment <compartment-name>
Allow group <group-name> to manage certificate-associations in compartment <compartment-name>
Allow group <group-name> to read certificate-authorities in compartment <compartment-name>
Allow group <group-name> to manage certificate-authority-associations in compartment <compartment-name>
Allow group <group-name> to read certificate-authority-bundles in compartment <compartment-name>
Allow group <group-name> to read cluster-family in compartment <compartment-name>

...

Code Block
Allow group <group-name> to inspect certificate-authority-family in compartment <compartment-name>
Allow group <group-name> to use certificate-authority-delegate in compartment <compartment-name>
Allow group <group-name> to manage leaf-certificate-family in compartment <compartment-name>
Allow group <group-name> to use leaf-certificate-family in compartment <compartment-name>
Allow group <group-name> to use certificate-authority-delegate in compartment <compartment-name>
Allow group <group-name> to manage certificate-associations in compartment <compartment-name>
Allow group <group-name> to inspect certificate-authority-associations in compartment <compartment-name>
Allow group <group-name> to manage cabundle-associations in compartment <compartment-name>

  1. Clone the OCI native ingress controller repository from GitHub

Code Block
git clone https://github.com/oracle/oci-native-ingress-controller

  1. In the local Git repository, navigate to the oci-native-ingress-controller directory and create a config file named oci-native-ingress-controller-values.yaml with this content:

Code Block
compartment_id: <ocid of compartment>
subnet_id: <ocid of load balancer's subnet>
cluster_id: <ocid of the cluster>
authType: user
deploymentNamespace: uepe

  1. Generate the manifest .yaml files for the required resources

Code Block
helm template --include-crds oci-native-ingress-controller helm/oci-native-ingress-controller -f oci-native-ingress-controller-values.yaml --output-dir deploy/manifests

  1. Deploy the required resources using the manifest .yaml files

Code Block
kubectl apply -f deploy/manifests/oci-native-ingress-controller/crds
Code Block
kubectl apply -f deploy/manifests/oci-native-ingress-controller/templates

  1. Confirm that OCI native ingress controller has been installed successfully

Code Block
kubectl get pods -n uepe

Kubernetes Add-ons

The following general Kubernetes resources should be added:

...

  1. Install the ExternalDNS helm chart:

    Code Block
    languagebash
    helm install external-dns bitnami/external-dns -n uepe \
--version <helm chart version> -f external-dns-values.yaml

    Where <helm chart version> is a compatible version listed in the Compatibility Matrix (4.1).

Info

Namespace set to metadata.namespace under iam.serviceAccounts portion in the uepe-eks.yaml file in Set Up Kubernetes Cluster - AWS section

...

  1. Add the ingress-nginx helm repository:

    Code Block
    languagebash
    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

  2. Update the helm repository to get the latest software:

    Code Block
    languagebash
    helm repo update

  3. Create a file called ingress-nginx-values.yaml and populate it with the following helm values:

    Code Block
    languageyaml
    controller:
  scope:
    enabled: true
  admissionWebhooks:
    enabled: false
  metrics:
    enabled: false
    serviceMonitor:
      enabled: false
  ingressClassResource:
    name: nginx
    enabled: true
    default: false
    controllerValue: "k8s.io/ingress-nginx"
  watchIngressWithoutClass: false
  service:
    targetPorts:
      http: 80
      https: 443
    type: NodePort
  extraArgs:
    v: 1
serviceAccount:
  create: false

  4. Install the ingress-nginx-controller helm chart:

    Code Block
    languagebash
    helm install ingress-nginx ingress-nginx/ingress-nginx --version <helm chart version> -f ingress-nginx-values.yaml -n uepe

    Where <helm chart version> is a compatible version listed in the Compatibility Matrix (4.1).

Executing helm list should show all add-ons added in this section. Example:

...