Oracle Cloud Infrastructure Documentation

Creating an OKE Cluster

Learn how to create OKE Clusters on Compute Cloud@Customer.

If you create a public cluster, the Network Load Balancer and public IP address are created and assigned as part of cluster creation.

Important

Before you can create a cluster, the following conditions must be met:

  • The OraclePCA-OKE.cluster_id defined tag must exist in the tenancy. See Create OraclePCA Tags For OKE

    The OraclePCA-OKE/cluster_id defined tag is required to create or update an OKE cluster or node pool. This tag also is used to identify instances that need to be in a dynamic group.

  • All fault domains must be healthy.

  • Each fault domain must have at least one healthy compute instance.

  • Sufficient resources must be available to create a cluster. See Compute Cloud@Customer Metrics.

  • Ensure that no infrastructure upgrade is scheduled during the cluster create. See Managing Upgrade Schedules.

To create a node pool at the same time that you create the cluster, you must use the Console.

To specify tags to be applied to all load balancers created by Kubernetes services, you must use the CLI.

    1. In the Compute Cloud@Customer Console navigation menu, click Containers, then click Kubernetes Clusters.

    2. On the clusters list page, click Create Cluster.

    3. In the Create Cluster dialog box, provide the following information:

      • Name: Enter a name for the new cluster. Avoid entering confidential information.

      • Compartment: Select the compartment in which to create the new cluster.

      • Kubernetes Version: Select the version of Kubernetes to run on the control plane nodes. Accept the default version or select a different version.

        If the Kubernetes version that you want to use isn't listed, use the CLI or the API to create the cluster and specify the Kubernetes version.

      • Tagging: Add the following free-form tags for the cluster resource.

        Note

        Don't specify values for the OraclePCA-OKE.cluster_id defined tag or for the ClusterResourceIdentifier free-form tag. These tag values are system-generated and only applied to nodes (instances), not to the cluster resource.

        Use OraclePCA defined tags to provide the following information for control plane nodes. If these tags aren't listed in the Compute Cloud@Customer Console Tagging menus, you must create them. See Create OraclePCA Tags For OKE.

        Note

        None of these values - SSH key, number of nodes, node shape, or node shape configuration - can be set or changed after the cluster is created. If you set these tags when you update the cluster, the new values are ignored.

        • Your public SSH key.

          Specify sshkey for the tag key (OraclePCA.sshkey). Paste your public SSH key into the Value field.

          Important

          You can't add an SSH key after the cluster is created.

        • Number of nodes.

          By default, the number of nodes in the control plane is 3. You can specify 1, 3, or 5 nodes. To specify the number of control plane nodes, specify cp_node_count for the tag key (OraclePCA.cpNodeCount), and select 1, 3, or 5 in the Value field.

        • Node shape.

          Specify a shape such as VM.PCAStandard.E5.Flex.

        • Node shape configuration.

          You can change the default shape configuration.

          To provide shape configuration information, specify cp_node_shape_config for the tag key (OraclePCA.cpNodeShapeConfig). You must specify the number of OCPUs (ocpus) you want. You can optionally specify the total amount of memory you want (memoryInGBs). The default value for gigabytes of memory is 16 times the number you specify for OCPUs.

          Note

          If the cluster will have 1-10 worker nodes, specify at least 16 GB memory. If the cluster will have 11-128 worker nodes, specify at least 2 OCPUs and 32 GB memory. You can't change the number of OCPUs or amount of memory when you update the cluster.

          In the Value field for the tag, enter the node shape configuration value as shown in the following examples.

          In the following example, the default amount of memory is be configured:

          {"ocpus":1}

          In the following example, the amount of memory is specified:

          {"ocpus":2, "memoryInGBs":48}
          Note

          If you use Terraform to specify a complex value (a value that's a key/value pair), then you must escape the double quotation marks in the value as shown in the following example:

          "OraclePCA.cpNodeShapeConfig"="{\"ocpus\":2,\"memoryInGBs\":48}"

      • Add-ons: This section shows a tile for each add-on that's available for this cluster. In the Create Cluster dialog box, all add-ons are Disabled. See Installing the WebLogic Kubernetes Operator Add-on.

    4. Click Next.

    5. On the Network page in the Create Cluster dialog box, provide the following information:

      • Network Type. Specifies how pods running on nodes in the cluster communicate with each other, with the cluster's control plane nodes, with pods on other clusters, with other services (such as storage services), and with the internet.

        The Flannel Overlay network type encapsulates communication between pods in the Flannel Overlay network. The Flannel Overlay network is a simple private overlay virtual network that satisfies the requirements of the OKE networking model by attaching IP addresses to containers. The pods in the private overlay network are only accessible from other pods in the same cluster. For more description, see Creating Flannel Overlay Network Resources.

      • VCN-Native Pod Networking connects nodes in a Kubernetes cluster to pod subnets in the OKE VCN. As a result, pod IP addresses within the OKE VCN are directly routable from other VCNs that are connected (peered) to the OKE VCN, and from on-premises networks. For more description, see Creating VCN-Native Pod Network Resources.

        Note

        If you specify VCN-Native Pod Networking, then the VCN you specify must have a subnet named pod. See Creating VCN-Native Pod Network Resources.

      • VCN. Select the VCN that has the configuration of the "oke_vcn" VCN described in Creating a VCN (Flannel Overlay) or Creating a VCN (VCN-Native Pod).

      • Kubernetes Service LB Subnet. The subnet that's configured to host the load balancer in a Kubernetes cluster. To create a public cluster, create and specify here the public version of the "service-lb" subnet described in Creating a Worker Load Balancer Subnet (Flannel Overlay) or Creating a Worker Load Balancer Subnet (VCN-Native Pod). To create a private cluster, create and specify here the private version of the "service-lb" subnet.

      • Kubernetes API Endpoint Subnet. The regional subnet in which to place the cluster endpoint. To create a public cluster, create and specify here the public version of the "control-plane-endpoint" subnet described in Creating an OKE Control Plane Subnet (Flannel Overlay) or Creating a Control Plane Subnet (VCN-Native Pod). To create a private cluster, create and specify here the private version of the "control-plane-endpoint" subnet.

      • Kubernetes Service CIDR Block. (Optional) The default value is 10.96.0.0/16.

      • Pods CIDR Block. (Optional) The default value is 10.244.0.0/16.

      • Network Security Group. If you check the box to enable network security groups, click Add Network Security Group and select an NSG from the drop-down list. You might need to change the compartment to find the NSG you want.

    6. Click Next.

    7. On the Node Pool page, select the Add Node Pool button to optionally add a node pool as part of creating this cluster. See Creating an OKE Worker Node Pool to add node pools after the cluster is created.

      If you select the Add Node Pool button, enter the following information in the Add Node Pool section:

      • Name: The name of the new node pool. Avoid using confidential information.

      • Compartment: The compartment in which to create the new node pool.

      • Node Count: Enter the number of nodes you want in this node pool. The default is 0. The maximum number is 128 per cluster, which can be distributed across multiple node pools.

      • See Creating an OKE Worker Node Pool for information about Network Security Groups, Placement Configuration, Source Image, Shape, and Pod Communication.

    8. Review your entries.

      If you created a node pool, you have the opportunity to edit or delete the node pool in this review.

    9. Select Submit.

      The details page for the cluster is displayed. Scroll to the Resources section and select Work Requests to see the progress of the cluster creation. If you created a node pool, the NODEPOOL_CREATE work request might still be In Progress for a time after the cluster is Active and the CLUSTER_CREATE work request is Succeeded.

      Under Resources, click Work Requests to see the progress of the cluster creation.

      The cluster details page doesn't list OraclePCA tags on the Tags tab (and you can't filter a list of clusters by the values of OraclePCA tags). To review the settings of the OraclePCA tags, use the CLI.

      The cluster details page doesn't list the cluster control plane nodes. To view the control plane nodes, view the list of instances in the compartment where you created this cluster. Names of control plane nodes are in the following format:

      oke-ID1-control-plane-ID2

      • ID1 - The first 32 characters after the ccc_name is the cluster OCID.

      • ID2 - A unique identifier added when the cluster has more than one control plane node.

      Search for the instances in the list whose names contain the ID1 string from this cluster OCID.

    What's Next:

  • Use the oci ce cluster create command and required parameters to create a new cluster.

    oci ce cluster create --compartment-id <coompartment_OCID> --kubernetes-version <version-to-install> --name <cluster_name> --vcn-id <VCN_OCID> [OPTIONS]

    To install a cluster add-on, use the cluster install-addon command after you have created the cluster. See Installing the WebLogic Kubernetes Operator Add-on.

    Procedure

    1. Get the information you need to run the command:

      • The OCID of the compartment where you want to create the cluster: oci iam compartment list

      • The name of the cluster. Avoid entering confidential information.

      • The Kubernetes version that you want to use. Use the following command to show a list of available Kubernetes versions:

        oci ce cluster-options get --cluster-option-id all

        You might be able to list more Kubernetes versions by using the compute image list command and looking in the display name. In the following example, the Kubernetes version in the image is 1.29.9:

        "display-name": "uln-pca-Oracle-Linux8-OKE-1.29.9-20250325.oci"

        Another way to specify a version that's not listed is to use the OCID of an older cluster instead of the keyword all as the argument of the --cluster-option-id option to list the Kubernetes version used for that specified cluster:

        oci ce cluster-options get --cluster-option-id cluster_OCID

      • OCID of the virtual cloud network (VCN) in which you want to create the cluster. Specify the VCN that has the configuration of the "oke_vcn" VCN described in Creating a VCN (Flannel Overlay) or Creating a VCN (VCN-Native Pod).

      • OCID of the OKE service LB subnet. Specify the subnet that has a configuration such as the "service-lb" subnet described in Creating a Worker Load Balancer Subnet (Flannel Overlay) or Creating a Worker Load Balancer Subnet (VCN-Native Pod). Specify only one OKE service LB subnet.

      • OCID of the Kubernetes API endpoint subnet. Specify the subnet that has configuration such as the "control-plane-endpoint" subnet described in Creating an OKE Control Plane Load Balancer Subnet (Flannel Overlay) or Creating a Control Plane Subnet (VCN-Native Pod). For a public cluster, follow the instructions to create the public version of the "service-lb" subnet. For a private cluster, create the private version of the "service-lb" subnet. Specify only one OKE Service LB subnet.

      • OKE service CIDR block. (Optional) The default value is 10.96.0.0/16.

      • Pods CIDR block. (Optional) The default value is 10.244.0.0/16.

      • (Optional) The OCID of the Network Security Group to apply to the cluster endpoint. Don't specify more than one NSG. If you specify an NSG, use the following syntax:

        --endpoint-nsg-ids '["ocid1.networksecuritygroup.unique_ID"]'

      • (Optional) Your public SSH key in RSA format. You can't add or update an SSH key after the cluster is created.

      • The network type. (Optional) Specify either OCI_VCN_IP_NATIVE or FLANNEL_OVERLAY for the value of the cniType parameter in the argument for the --cluster-pod-network-options option. See the descriptions of Flannel Overlay and VCN-Native Pod Networking in the Console tab. If you don't specify the --cluster-pod-network-options option, FLANNEL_OVERLAY is used.

        --cluster-pod-network-options '[{"cniType": "OCI_VCN_IP_NATIVE"}]'
        Note

        If you specify OCI_VCN_IP_NATIVE, then the VCN you specify must have a subnet named pod.

    2. (Optional) Add free-form tags for the cluster resource by using the --defined-tags or --freeform-tags options.

      Note

      Don't specify values for the OraclePCA-OKE.cluster_id defined tag or for the ClusterResourceIdentifier free-form tag. These tag values are system-generated and only applied to nodes (instances), not to the cluster resource.

      Define an argument for the --defined-tags option to provide the following information for control plane nodes. Specify OraclePCA as the tag namespace.

      Note

      None of these values - SSH key, number of nodes, node shape, or node shape configuration - can be set or changed after the cluster is created. If you set these tags when you update the cluster, the new values are ignored.

      • Your public SSH key

        Specify sshkey for the tag key, and paste your public SSH key as the value.

        Important

        You can't add an SSH key after the cluster is created.

      • Number of nodes

        By default, the number of nodes in the control plane is 3. You can specify 1, 3, or 5 nodes. To specify the number of control plane nodes, specify cpNodeCount for the tag key, and enter 1, 3, or 5 for the value.

      • Node shape

        Specify a shape such as VM.PCAStandard.E5.Flex.

      • Node shape configuration

        Specify the shape configuration.

        The default configuration is 1 OCPU and 10 gigabytes of memory.

        To provide shape configuration information, specify cpNodeShapeConfig for the tag key. You must specify the number of OCPUs (ocpus) you want and you can specify the total amount of memory you want (memoryInGBs). The default value for gigabytes of memory is 16 times the number you specify for OCPUs.

        Note

        If the cluster will have 1-10 worker nodes, specify at least 16 GB memory. If the cluster will have 11-128 worker nodes, specify at least 2 OCPUs and 32 GB memory. You can't change the number of OCPUs or amount of memory when you update the cluster.

        Specify defined tags, either inline, or in a file in JSON format, such as the following example file:

        {
  "OraclePCA": {
    "sshkey": "ssh-rsa <remainder_of_key_text>",
    "cpNodeCount": 1,
    "cpNodeShape": "VM.PCAStandard1.Flex",
    "cpNodeShapeConfig": {
      "ocpus": 2,
      "memoryInGBs": 48
    }
  }
}

        Use the following syntax to specify a file of tags. Specify the full path to the .json file unless the file is in the same directory where you're running the command.

        --defined-tags file://cluster_tags.json

    3. (Optional) You can use the --service-lb-defined-tags or --service-lb-freeform-tags options to specify tags to be applied to all load balancers created by Kubernetes services. Ensure that the applicable dynamic group includes the use tag-namespaces policy. See Exposing Containerized Applications.

    4. Run the create cluster command.

      If the --endpoint-subnet-id that you specify is a public subnet, then a public endpoint is created, and the --endpoint-public-ip-enabled option must be set to true.

      If the --endpoint-subnet-id that you specify is a private subnet, then a private endpoint is created, and the --endpoint-public-ip-enabled option must be set to false.

      Example:

      $ oci ce cluster create \
--compartment-id ocid1.compartment.unique_ID --kubernetes-version version \
--name "Native Cluster" --vcn-id ocid1.vcn.unique_ID \
--cluster-pod-network-options '{"cniType":"OCI_VCN_IP_NATIVE"}' \
--endpoint-subnet-id control-plane-endpoint_subnet_OCID \
--endpoint-public-ip-enabled false \
--service-lb-subnet-ids '["service-lb_subnet_OCID"]' \
--defined-tags '{"OraclePCA":{"sshkey":"ssh-rsa remainder_of_key_text"}}'

      The output from this cluster create command is the same as the output from the cluster get command.

      Use the work-request get command to check the status of the create operation. The work request OCID is in created-by-work-request-id in the metadata section of the cluster create output.

      $ oci ce work-request get --work-request-id workrequest_OCID

      To identify the control plane nodes for this cluster, list instances in the compartment where you created the cluster. Names of control plane nodes are in the following format:

      oke-ID1-control-plane-ID2

      • ID1 - The first 32 characters after the pca_name in the cluster OCID.

      • ID2 - A unique identifier added when the cluster has more than one control plane node.

      Search for the instances in the list whose names contain the ID1 string from this cluster OCID.

    For a complete list of CLI commands, flags, and options, see the Command Line Reference.

    What's Next:

  • Use the CreateCluster operation to create a new cluster.

    For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

    What's Next: