OCI Add-ons
The following OCI specific resources should be added:
oci-file-service-storage
This is an optional add-on. Refer to the Introduction - OCI chapter for additional information.
The OCI File Storage service provides a durable, scalable, distributed, enterprise-grade network file system.
A persistent volume claim (PVC) is a request for persistent file storage. The OCI File Storage service file systems are mounted inside containers running on clusters created by Container Engine for Kubernetes using a CSI (Container Storage Interface) volume plugin deployed on the clusters.
To enable the CSI volume plugin to create and manage File Storage resources, appropriate IAM policies must be installed:
Add the Amazon EFS CSI Driver helm repository:
helm repo add aws-efs-csi-driver https://kubernetes-sigs.github.io/aws-efs-csi-driver/
Update helm repository to get the latest software:
helm repo update
Helm install:
helm install aws-efs-csi-driver --namespace uepe aws-efs-csi-driver/aws-efs-csi-driver --version <helm chart version> \ --set controller.serviceAccount.create=false \ --set controller.serviceAccount.name=efs-csi-controller-sa
Where <helm chart version> is a compatible version listed in the Compatibility Matrix.
Helm install command assumes service account for Amazon EFS CSI Driver already exists.
Service Account name set to metadata.name under iam.serviceAccounts portion in the uepe-eks.yaml file in Set Up Kubernetes Cluster - AWS section
Namespace set to metadata.namespace under iam.serviceAccounts portion in the uepe-eks.yaml file in Set Up Kubernetes Cluster - AWS section
Dynamic Provisioning
These steps describe how to create a dynamically provisioned volume created through Amazon EFS access points and a corresponding persistent volume claim (PVC).
Prepare a
storageclass.yamlfile with StorageClass manifest for Amazon EFS:
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: aws-efs provisioner: efs.csi.aws.com parameters: provisioningMode: efs-ap fileSystemId: <efs_id from terraform output> directoryPerms: "700"
Deploy the storage class
kubectl apply -f storageclass.yaml
For more information, please refer to the dynamic provisioning documentation.
oci-native-ingress-controller
The OCI native ingress controller implements the rules and configuration options defined in a Kubernetes ingress resource to load balance and route incoming traffic to service pods running on worker nodes in a cluster. The OCI native ingress controller creates an OCI flexible load balancer to handle requests, and configures the OCI load balancer to route requests according to the rules defined in the ingress resource.
The OCI Native Ingress controller creates the following OCI load balancer resources:
A load balancer for each
IngressClassresource where you have specified the OCI native ingress controller as the controller.A load balancer backend set for each unique Kubernetes service name and port number combination that you include in routing rules in
Ingressresources in the cluster.A routing policy that reflect the rules defined in the ingress resource, that is used to route traffic to backend set.
A load balancer listener for each unique port that you include in routing rules in
Ingressresources in the cluster
To install OCI Native Ingress Controller, follow these steps:
Add eks repository to the helm repository:
helm repo add eks https://aws.github.io/eks-charts
Update helm repository to get the latest software:
helm repo update
Install the AWS Load Balancer Controller helm chart:
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n uepe --version <helm chart version> \ --set clusterName=<cluster_name configured in terraform.tfvars> \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller
Where <helm chart version> is a compatible version listed in the Compatibility Matrix.
Helm install command assumes service account for AWS Load Balancer Controller already exists.
Service Account name set to metadata.name under iam.serviceAccounts portion in the uepe-eks.yaml file in Set Up Kubernetes Cluster - AWS section
Namespace set to metadata.namespace under iam.serviceAccounts portion in the uepe-eks.yaml file in Set Up Kubernetes Cluster - AWS section
Kubernetes Add-ons
The following general Kubernetes resources should be added:
external-dns
ExternalDNS is a Kubernetes add-on that configures public DNS servers with information about exposed Kubernetes services to make them discoverable.
To install ExternalDNS, follow these steps:
Add the bitnami helm repository:
helm repo add bitnami https://charts.bitnami.com/bitnami
Update the helm repository to get the latest software:
helm repo update
Create a file called
external-dns-values.yamland populate it with the following helm values:aws: zoneType: public domainFilters: - <eks_domain_zone_name from terraform output> policy: sync provider: aws txtOwnerId: <eks_domain_zone_id from terraform output> serviceAccount: create: false name: external-dns
Helm install command assumes service account for ExternalDNS already exists.
Service Account name set to metadata.name under iam.serviceAccounts portion in the uepe-eks.yaml file in Set Up Kubernetes Cluster - AWS section
Install the ExternalDNS helm chart:
helm install external-dns bitnami/external-dns -n uepe \ --version <helm chart version> -f external-dns-values.yaml
Where
<helm chart version>is a compatible version listed in the Compatibility Matrix.
Namespace set to metadata.namespace under iam.serviceAccounts portion in the uepe-eks.yaml file in Set Up Kubernetes Cluster - AWS section
ingress-nginx-controller
This is an optional add-on. Refer to the Introduction - OCI chapter for additional information.
The Ingress NGINX Controller is an ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.
To install the Ingress NGINX Controller, follow these steps:
Add the ingress-nginx helm repository:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
Update the helm repository to get the latest software:
helm repo update
Create a file called
ingress-nginx-values.yamland populate it with the following helm values:controller: scope: enabled: true admissionWebhooks: enabled: false metrics: enabled: false serviceMonitor: enabled: false ingressClassResource: name: nginx enabled: true default: false controllerValue: "k8s.io/ingress-nginx" watchIngressWithoutClass: false service: targetPorts: http: 80 https: 443 type: NodePort extraArgs: v: 1 serviceAccount: create: falseInstall the
ingress-nginx-controllerhelm chart:helm install ingress-nginx ingress-nginx/ingress-nginx --version <helm chart version> -f ingress-nginx-values.yaml -n uepe
Where
<helm chart version>is a compatible version listed in the Compatibility Matrix.
Executing helm list should show all add-ons added in this section. Example:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION aws-efs-csi-driver uepe 1 2024-02-06 14:00:36.817518 +0800 +08 deployed aws-efs-csi-driver-2.5.4 1.7.4 aws-load-balancer-controller uepe 1 2024-02-06 14:09:22.86071 +0800 +08 deployed aws-load-balancer-controller-1.7.0 v2.7.0 external-dns uepe 1 2024-02-06 14:06:28.705309 +0800 +08 deployed external-dns-6.31.5 0.14.0 ingress-nginx-controller uepe 1 2024-02-22 11:44:54.18561 +0800 +08 deployed ingress-nginx-4.9.1 1.9.6
This section is now complete. Now proceed to the Usage Engine Private Edition Preparations - OCI section.