...
| Code Block | ||
|---|---|---|
| ||
ALLOW any-user to use virtual-network-family in compartment <compartment-name> where request.principal.type = 'cluster' |
Policy to enable the CSI volume plugin to access that master encryption key:
| Code Block | ||
|---|---|---|
| ||
Allow service FssOc1Prod to use keys in compartment <compartment-name> where target.key.id = '<key_OCID>' |
| Code Block | ||
|---|---|---|
| ||
Allow any-user to use key-delegates in compartment <compartment-name> where ALL {request.principal.type = 'cluster', target.key.id = '<key_OCID>'} |
Where <compartment-name> and <key_OCID> can be retrieved from the console
...
Dynamic Provisioning
These steps describe how to create a dynamically provisioned volume created through OCI File Storage access points and a corresponding persistent volume claim (PVC).
...
| Note |
|---|
cert-manager needs to be install prior to oci-native-ingress-controller installation as it refers to cert-manager internally. The simplest way to install cert-manager is via the cluster add-ons. From the console, browse to Containers > Clusters > Cluster details, scroll down to vertical menu, select Resources > Add-ons, select Manage add-ons to install and enable cert-manager. |
The OCI native ingress controller implements the rules and configuration options defined in a Kubernetes ingress resource to load balance and route incoming traffic to service pods running on worker nodes in a cluster. The OCI native ingress controller creates an OCI flexible load balancer to handle requests, and configures the OCI load balancer to route requests according to the rules defined in the ingress resource.
...