...
Info |
---|
This is an optional add-on, see Introduction - OCI (4.23) for additional information. |
...
To avoid getting the "Permission Denied” message, follow these steps:
...
update CSIDriver object's spec.fsGroupPolicy
attribute from ReadWriteOnceWithFSType
to File
using the following command:
Code Block |
---|
kubectl getpatch csiDrivercsidrivers fss.csi.oraclecloud.com --o yaml > fss_csi_driver.yaml |
Edit the
fss_csi_driver.yaml
file and change the CSIDriver object'sspec.fsGroupPolicy
attribute fromReadWriteOnceWithFSType
toFile
, for example as below:
Code Block |
---|
kind: CSIDriver
metadata:
creationTimestamp: "<timestamp>"
name: fss.csi.oraclecloud.com
resourceVersion: "<version>"
uid: <identifier>
spec:
attachRequired: false
fsGroupPolicy: File
podInfoOnMount: false
requiresRepublish: false
storageCapacity: false
volumeLifecycleModes:
- Persistent |
Delete the existing CSIDriver object by running the following command:
Code Block |
---|
kubectl delete csiDriver fss.csi.oraclecloud.com |
Create the new CSIDriver object from
fss_csi_driver.yaml
by running the following command:
Code Block |
---|
kubectl apply -f fss_csi_driver.yamltype='merge' -p '{"spec":{"fsGroupPolicy":"File"}}' |
For more information, see Troubleshooting File Storage Service Provisioning of PVCs.
Provisioning of PVC
You can use the File Storage service to provision persistent volume claims (PVCs) in two ways:
...
...
Static Provisioning (preferred way)
Static Provisioning
Follow these steps to create a PVC by creating a PV backed by the new file system and then create the PVC and binds the PVC to the PV backed by the File Storage service:
...
Code Block |
---|
ALLOW any-user to manage network-security-groups in compartment <compartment-name> Team-Stratus where request.principal.type = 'cluster' ALLOW any-user to manage vcns in compartment <compartment-name> where request.principal.type = 'cluster' ALLOW any-user to manage virtual-network-family in compartment <compartment-name> where request.principal.type = 'cluster' |
...
Use the IngressClass
resource to associate an Ingress
resource with the OCI native ingress controller and the IngressClassParameters
resourcethe OCI native ingress controller and the IngressClassParameters
resource.
Note!
Starting from version 1.4.0, OCI Native Ingress Controller will start configuring NSG associations and tags for LoadBalancers managed by it. For all LoadBalancers managed by NIC that have NSG associations, add the “oci-native-ingress.oraclecloud.com/network-security-group-ids” annotation in the corresponding IngressClass resource to ensure NIC will retain them on upgrade.
Define the resource in a .yaml file named ingress-class.yaml
as in the example below:
Code Block |
---|
apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: native-ic-ingress-class annotations: ingressclass.kubernetes.io/is-default-class: "true" oci-ingress-class annotations:native-ingress.oraclecloud.com/id: <loadbalancer_ocid from terraform output> ingressclass.kubernetes.io/is-default-class: "true"oci-native-ingress.oraclecloud.com/network-security-group-ids: <native_ingress_controller_nsg_ocid from terraform output> oci-native-ingress.oraclecloud.com/iddelete-protection-enabled: <loadbalancer_ocid from terraform output> "true" spec: controller: oci.oraclecloud.com/native-ingress-controller parameters: scope: Namespace namespace: uepe apiGroup: ingress.oraclecloud.com kind: ingressclassparameters name: native-ic-params |
...
Info |
---|
This is an optional add-on. Refer to the Introduction - OCI (4.23) chapter for additional information. |
...
Add the ingress-nginx helm repository:
Code Block language bash helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
Update the helm repository to get the latest software:
Code Block language bash helm repo update
Create a file called
ingress-nginx-values.yaml
and populate it with the following helm values:Code Block language yaml controller: scope: enabled: true admissionWebhooks: enabled: false metrics: enabled: false serviceMonitor: enabled: false ingressClassResource: name: nginx enabled: true default: false controllerValue: "k8s.io/ingress-nginx" watchIngressWithoutClass: false service: externalTrafficPolicy: "Local" targetPorts: http: 80 https: 443 type: NodePort extraArgs: v: 1 serviceAccount: create: false
Install the
ingress-nginx-controller
helm chart:Code Block language bash helm install ingress-nginx ingress-nginx/ingress-nginx --version <helm chart version> -f ingress-nginx-values.yaml -n uepe
Where
<helm chart version>
is a compatible version listed in the Compatibility Matrix (4.23).
If you run the helm list -A
command you will see all add-ons added in this section, for example like below:
...
This section is now complete and you can proceed to the Usage Engine Private Edition Preparations - OCI (4.23) section.