Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

This is an optional add-on, see Introduction - OCI (4.23) for additional information.

...

To avoid getting the "Permission Denied” message, follow these steps:

...

update CSIDriver object's spec.fsGroupPolicy attribute from ReadWriteOnceWithFSType to File using the following command:

Code Block
kubectl getpatch csiDrivercsidrivers fss.csi.oraclecloud.com --o yaml > fss_csi_driver.yaml
  1. Edit the fss_csi_driver.yaml file and change the CSIDriver object's spec.fsGroupPolicy attribute from ReadWriteOnceWithFSType to File, for example as below:

Code Block
kind: CSIDriver
metadata:
  creationTimestamp: "<timestamp>"
  name: fss.csi.oraclecloud.com
  resourceVersion: "<version>"
  uid: <identifier>
spec:
  attachRequired: false
  fsGroupPolicy: File
  podInfoOnMount: false
  requiresRepublish: false
  storageCapacity: false
  volumeLifecycleModes:
  - Persistent
  1. Delete the existing CSIDriver object by running the following command:

Code Block
kubectl delete csiDriver fss.csi.oraclecloud.com
  1. Create the new CSIDriver object from fss_csi_driver.yaml by running the following command:

Code Block
kubectl apply -f fss_csi_driver.yamltype='merge' -p '{"spec":{"fsGroupPolicy":"File"}}'

For more information, see Troubleshooting File Storage Service Provisioning of PVCs.

Provisioning of PVC

You can use the File Storage service to provision persistent volume claims (PVCs) in two ways:

...

...

Static Provisioning (preferred way)

Static Provisioning

Follow these steps to create a PVC by creating a PV backed by the new file system and then create the PVC and binds the PVC to the PV backed by the File Storage service:

...

Code Block
ALLOW any-user to manage network-security-groups in compartment <compartment-name> Team-Stratus where request.principal.type = 'cluster'
ALLOW any-user to manage vcns in compartment <compartment-name> where request.principal.type = 'cluster'
ALLOW any-user to manage virtual-network-family in compartment <compartment-name> where request.principal.type = 'cluster'

...

Use the IngressClass resource to associate an Ingress resource with the OCI native ingress controller and the IngressClassParameters resourcethe OCI native ingress controller and the IngressClassParameters resource.

Note!

Starting from version 1.4.0, OCI Native Ingress Controller will start configuring NSG associations and tags for LoadBalancers managed by it. For all LoadBalancers managed by NIC that have NSG associations, add the “oci-native-ingress.oraclecloud.com/network-security-group-ids” annotation in the corresponding IngressClass resource to ensure NIC will retain them on upgrade.

Define the resource in a .yaml file named ingress-class.yaml as in the example below:

Code Block
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: native-ic-ingress-class
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
    oci-ingress-class
  annotations:native-ingress.oraclecloud.com/id: <loadbalancer_ocid from terraform output>
    ingressclass.kubernetes.io/is-default-class: "true"oci-native-ingress.oraclecloud.com/network-security-group-ids: <native_ingress_controller_nsg_ocid from terraform output>
    oci-native-ingress.oraclecloud.com/iddelete-protection-enabled: <loadbalancer_ocid from terraform output>
"true"
spec:
  controller: oci.oraclecloud.com/native-ingress-controller
  parameters:
    scope: Namespace
    namespace: uepe
    apiGroup: ingress.oraclecloud.com
    kind: ingressclassparameters
    name: native-ic-params

...

Info

This is an optional add-on. Refer to the Introduction - OCI (4.23) chapter for additional information.

...

  1. Add the ingress-nginx helm repository:

    Code Block
    languagebash
    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
  2. Update the helm repository to get the latest software:

    Code Block
    languagebash
    helm repo update
  3. Create a file called ingress-nginx-values.yaml and populate it with the following helm values:

    Code Block
    languageyaml
    controller:
      scope:
        enabled: true
      admissionWebhooks:
        enabled: false
      metrics:
        enabled: false
        serviceMonitor:
          enabled: false
      ingressClassResource:
        name: nginx
        enabled: true
        default: false
        controllerValue: "k8s.io/ingress-nginx"
      watchIngressWithoutClass: false
      service:
        externalTrafficPolicy: "Local"
        targetPorts:
          http: 80
          https: 443
        type: NodePort
      extraArgs:
        v: 1
    serviceAccount:
      create: false
  4. Install the ingress-nginx-controller helm chart:

    Code Block
    languagebash
    helm install ingress-nginx ingress-nginx/ingress-nginx --version <helm chart version> -f ingress-nginx-values.yaml -n uepe

    Where <helm chart version> is a compatible version listed in the Compatibility Matrix (4.23).

If you run the helm list -A command you will see all add-ons added in this section, for example like below:

...

This section is now complete and you can proceed to the Usage Engine Private Edition Preparations - OCI (4.23) section.